patch 9.0.1847: [security] potential oob write in do_addsub() Commit: https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57 Author: Christian Brabandt <c...@256bit.org> Date: Sat Sep 2 19:43:33 2023 +0200
patch 9.0.1847: [security] potential oob write in do_addsub() Problem: potential oob write in do_addsub() Solution: don't overflow buf2, check size in for loop() Signed-off-by: Christian Brabandt <c...@256bit.org> diff --git a/src/ops.c b/src/ops.c index d46a049fe..f4524d3d7 100644 --- a/src/ops.c +++ b/src/ops.c @@ -2919,7 +2919,7 @@ do_addsub( for (bit = bits; bit > 0; bit--) if ((n >> (bit - 1)) & 0x1) break; - for (i = 0; bit > 0; bit--) + for (i = 0; bit > 0 && i < (NUMBUFLEN - 1); bit--) buf2[i++] = ((n >> (bit - 1)) & 0x1) ? '1' : '0'; buf2[i] = ' diff --git a/src/version.c b/src/version.c index 5cde7c185..c638a107e 100644 --- a/src/version.c +++ b/src/version.c @@ -699,6 +699,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 1847, /**/ 1846, /**/ -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/vim_dev/E1qcUug-00CMOu-NN%40256bit.org.