neovim

mirror of https://github.com/neovim/neovim.git synced 2024-12-20 03:05:11 -07:00

History

zeertzjq 9d7544ac4c vim-patch:9.0.2143: [security]: buffer-overflow in ex_substitute Problem: [security]: buffer-overflow in ex_substitute Solution: clear memory after allocating When allocating the new_start pointer in ex_substitute() the memory pointer points to some garbage that the following for loop in ex_cmds.c:4743 confuses and causes it to accessing the new_start pointer beyond it's size, leading to a buffer-overlow. So fix this by using alloc_clear() instead of alloc(), which will clear the memory by NUL and therefore cause the loop to terminate correctly. Reported by @henices, thanks! closes: vim/vim#13596 `abfa13ebe9` Co-authored-by: Christian Brabandt <cb@256bit.org>	2023-12-02 10:41:31 +08:00
..
testdir	vim-patch:9.0.2143: [security]: buffer-overflow in ex_substitute	2023-12-02 10:41:31 +08:00
memfile_test.c	build: remove PVS	2023-11-12 21:26:39 +01:00

zeertzjq 9d7544ac4c vim-patch:9.0.2143: [security]: buffer-overflow in ex_substitute

Problem:  [security]: buffer-overflow in ex_substitute
Solution: clear memory after allocating

When allocating the new_start pointer in ex_substitute() the memory
pointer points to some garbage that the following for loop in
ex_cmds.c:4743 confuses and causes it to accessing the new_start pointer
beyond it's size, leading to a buffer-overlow.

So fix this by using alloc_clear() instead of alloc(), which will
clear the memory by NUL and therefore cause the loop to terminate
correctly.

Reported by @henices, thanks!

closes: vim/vim#13596

abfa13ebe9

Co-authored-by: Christian Brabandt <cb@256bit.org>

2023-12-02 10:41:31 +08:00

testdir vim-patch:9.0.2143: [security]: buffer-overflow in ex_substitute 2023-12-02 10:41:31 +08:00

memfile_test.c build: remove PVS 2023-11-12 21:26:39 +01:00