Null value check is needed in channel.c file.
The vulnerable code is at
https://github.com/vim/vim/blob/master/src/channel.c#L3311 .
Function channel_first_nl() might return NULL.
Therefore, we should check whether nl is NULL or not before using it at line
3322.
--
--
You received this
On Monday, February 27, 2017 at 1:30:41 AM UTC+8, Bram Moolenaar wrote:
> shqking wrote:
>
> > One null pointer dereference vulnerability is found in src/undo.c
> > (https://github.com/vim/vim/blob/master/src/undo.c)
> >
> > The code snippet is as follows.
> >
> > 1383 static u_entry_T *
> >
Hi Bram,
2017-2-26(Sun) 23:09:12 UTC+9 Bram Moolenaar:
> Patch 8.0.0375
> Problem:The "+ register is not tested.
> Solution: Add a test using another Vim instance to change the "+ register.
> (Kazuki Kuriyama)
> Files: src/testdir/test_gui.vim
[...]
You are mistaking the
Patch 8.0.0381
Problem:Diff mode is not sufficiently tested.
Solution: Add more diff mode tests. (Dominique Pelle, closes #1515)
Files: src/testdir/test_diffmode.vim
*** ../vim-8.0.0380/src/testdir/test_diffmode.vim 2017-02-03
23:16:24.349040487 +0100
---
On Sun, Feb 26, 2017 at 7:41 PM, Bram Moolenaar wrote:
>
> Patch 8.0.0380
> Problem:With 'linebreak' set and 'breakat' includes ">" a double-wide
> character results in "<<" displayed.
> Solution: Check for the character not to be replaced. (Ozaki Kiichi,
>
Patch 8.0.0380
Problem:With 'linebreak' set and 'breakat' includes ">" a double-wide
character results in "<<" displayed.
Solution: Check for the character not to be replaced. (Ozaki Kiichi,
closes #1456)
Files: src/screen.c, src/testdir/test_listlbr_utf8.vim
Patch 8.0.0379
Problem:CTRL-Z and mouse click use CTRL-O unnecessary.
Solution: Remove stuffing CTRL-O. (James McCoy, closes #1453)
Files: src/edit.c, src/normal.c
*** ../vim-8.0.0378/src/edit.c 2017-02-25 14:59:29.902090452 +0100
--- src/edit.c 2017-02-26 18:57:40.030814080 +0100
shqking wrote:
> One null pointer dereference vulnerability is found in src/undo.c
> (https://github.com/vim/vim/blob/master/src/undo.c)
>
> The code snippet is as follows.
>
> 1383 static u_entry_T *
> 1384 unserialize_uep(bufinfo_T *bi, int *error, char_u *file_name)
> 1385 {
> ...
Patch 8.0.0378
Problem:Another possible overflow when reading corrupted undo file.
Solution: Check if allocated size is not too big. (King)
Files: src/undo.c
*** ../vim-8.0.0377/src/undo.c 2017-02-26 18:11:32.741651768 +0100
--- src/undo.c 2017-02-26 18:15:58.615822683 +0100
Patch 8.0.0377
Problem:Possible overflow when reading corrupted undo file.
Solution: Check if allocated size is not too big. (King)
Files: src/undo.c
*** ../vim-8.0.0376/src/undo.c 2017-01-17 22:09:41.310252893 +0100
--- src/undo.c 2017-02-26 18:10:43.165993259 +0100
I noticed that when running test97 under valgrind a memory leak is
reported:
==6523== 11 bytes in 1 blocks are possibly lost in loss record 114 of 720
==6523==at 0x4C2CB3F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6523==by 0x255A29: lalloc (misc2.c:942)
==6523==
Patch 8.0.0376
Problem:Size computations in spell file reading are not exactly right.
Solution: Make "len" a "long" and check with LONG_MAX.
Files: src/spellfile.c
*** ../vim-8.0.0375/src/spellfile.c 2017-02-09 21:07:07.040797650 +0100
--- src/spellfile.c 2017-02-26
Kazunobu Kuriyama wrote:
> Attached is a patch to add a test on the quoteplus register to test_gui.
>
> The test launches another gvim instance to see if each of the two quoteplus
> registers work properly with the other via the X11 clipboard.
Thanks. We need to get $VIMRUNTIME and the
Patch 8.0.0375
Problem:The "+ register is not tested.
Solution: Add a test using another Vim instance to change the "+ register.
(Kazuki Kuriyama)
Files: src/testdir/test_gui.vim
*** ../vim-8.0.0374/src/testdir/test_gui.vim2017-02-23 19:32:18.068709554
+0100
---
Dominique Pellé wrote:
> afl-fuzz found another invalid memory access in
> vim-8.0.373 and older:
>
> $ valgrind vim -u NONE -e -s -c's/^/x' -csc 2>log
>
> And log contains:
>
> ==5629== Memcheck, a memory error detector
> ==5629== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et
Patch 8.0.0374
Problem:Invalid memory access when using :sc in Ex mode. (Dominique Pelle)
Solution: Avoid the column being negative. Also fix a hang in Ex mode.
Files: src/ex_getln.c, src/ex_cmds.c, src/testdir/test_substitute.vim
*** ../vim-8.0.0373/src/ex_getln.c 2017-02-23
Hi,
Attached is a patch to add a test on the quoteplus register to test_gui.
The test launches another gvim instance to see if each of the two quoteplus
registers work properly with the other via the X11 clipboard.
Best regards,
Kazunobu Kuriyama
--
--
You received this message from the
17 matches
Mail list logo