mirror of
https://github.com/neovim/neovim.git
synced 2024-12-20 03:05:11 -07:00
9f2d793068
Problem: [security]: use-after-free in exec_instructions()
Solution: get tv pointer again
[security]: use-after-free in exec_instructions()
exec_instructions may access freed memory, if the GA_GROWS_FAILS()
re-allocates memory. When this happens, the typval tv may still point to
now already freed memory. So let's get that pointer again and compare it
with tv. If those two pointers differ, tv is now invalid and we have to
refresh the tv pointer.
closes: vim/vim#13621
5dd41d4b63
Co-authored-by: Christian Brabandt <cb@256bit.org>
69 B
69 B