> Our research team recently have found four potential double free > vulnerabilities,please check them and tell us the result as soon as > possible. Hope your project will get better and better.
Thanks for reporting the potential problems. They are mostly corner cases, very unlikely to actually happen. The first one uses a number passed in by a netbeans command, thus it's worth checking that. I made patch 8.2.1843. The vim_realloc() for buf->signmap and globalsignmap does not use user input, it just doubles the size when needed. I don't think it will ever reach a size where it becomes a problem. the vim_realloc() in normal.c is also very unlikely to end up with zero size, since it uses strlen() of two strings. It's very annoying that realloc() returns NULL both when the buffer was freed (zero size) and when the call failed. It'a very error prone. The manual page even mentions that it might return NULL or not. -- hundred-and-one symptoms of being an internet addict: 86. E-mail Deficiency Depression (EDD) forces you to e-mail yourself. /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/vim_dev/202010132016.09DKGRbS429470%40masaka.moolenaar.net.
