mirror of
https://github.com/neovim/neovim.git
synced 2024-12-23 20:55:18 -07:00
9d7544ac4c
Problem: [security]: buffer-overflow in ex_substitute
Solution: clear memory after allocating
When allocating the new_start pointer in ex_substitute() the memory
pointer points to some garbage that the following for loop in
ex_cmds.c:4743 confuses and causes it to accessing the new_start pointer
beyond it's size, leading to a buffer-overlow.
So fix this by using alloc_clear() instead of alloc(), which will
clear the memory by NUL and therefore cause the loop to terminate
correctly.
Reported by @henices, thanks!
closes: vim/vim#13596
|
||
---|---|---|
.. | ||
cjson | ||
klib | ||
man | ||
mpack | ||
nvim | ||
termkey | ||
unicode | ||
xdiff | ||
.valgrind.supp | ||
bit.c | ||
bit.h | ||
clint.py | ||
coverity-model.c | ||
nlua0.c | ||
uncrustify.cfg |