neovim/src
zeertzjq 9d7544ac4c vim-patch:9.0.2143: [security]: buffer-overflow in ex_substitute
Problem:  [security]: buffer-overflow in ex_substitute
Solution: clear memory after allocating

When allocating the new_start pointer in ex_substitute() the memory
pointer points to some garbage that the following for loop in
ex_cmds.c:4743 confuses and causes it to accessing the new_start pointer
beyond it's size, leading to a buffer-overlow.

So fix this by using alloc_clear() instead of alloc(), which will
clear the memory by NUL and therefore cause the loop to terminate
correctly.

Reported by @henices, thanks!

closes: vim/vim#13596

abfa13ebe9

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-12-02 10:41:31 +08:00
..
cjson fix(vim.json)!: remove global options, "null", "array_mt" #24070 2023-06-21 01:10:32 -07:00
klib refactor: remove kbtree.h 2023-12-01 20:46:07 +01:00
man docs: list NVIM_APPNAME as env on manpage (#25935) 2023-11-09 07:04:44 +08:00
mpack refactor: fix headers with IWYU 2023-11-28 22:23:56 +01:00
nvim vim-patch:9.0.2143: [security]: buffer-overflow in ex_substitute 2023-12-02 10:41:31 +08:00
termkey fix(termkey): include IO header on Windows 2023-11-30 12:22:53 -06:00
unicode
xdiff refactor: the long goodbye 2023-11-05 20:19:06 +01:00
.valgrind.supp
bit.c feat(lua): make sure require'bit' always works, even with PUC lua 5.1 2023-02-22 22:15:19 +01:00
bit.h feat(lua): make sure require'bit' always works, even with PUC lua 5.1 2023-02-22 22:15:19 +01:00
clint.py refactor(IWYU): fix includes for highlight_group.h (#26340) 2023-12-01 09:38:04 +08:00
coverity-model.c
nlua0.c refactor(build): include lpeg as a library 2023-04-27 11:40:00 +02:00
uncrustify.cfg refactor: enable formatting for ternaries 2023-11-20 19:57:09 +01:00