patch 9.0.1847: [security] potential oob write in do_addsub()
Commit:
https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57
Author: Christian Brabandt <[email protected]>
Date: Sat Sep 2 19:43:33 2023 +0200
patch 9.0.1847: [security] potential oob write in do_addsub()
Problem: potential oob write in do_addsub()
Solution: don't overflow buf2, check size in for loop()
Signed-off-by: Christian Brabandt <[email protected]>
diff --git a/src/ops.c b/src/ops.c
index d46a049fe..f4524d3d7 100644
--- a/src/ops.c
+++ b/src/ops.c
@@ -2919,7 +2919,7 @@ do_addsub(
for (bit = bits; bit > 0; bit--)
if ((n >> (bit - 1)) & 0x1) break;
- for (i = 0; bit > 0; bit--)
+ for (i = 0; bit > 0 && i < (NUMBUFLEN - 1); bit--)
buf2[i++] = ((n >> (bit - 1)) & 0x1) ? '1' : '0';
buf2[i] = '
diff --git a/src/version.c b/src/version.c
index 5cde7c185..c638a107e 100644
--- a/src/version.c
+++ b/src/version.c
@@ -699,6 +699,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 1847,
/**/
1846,
/**/
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/E1qcUug-00CMOu-NN%40256bit.org.
