adam/vim
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

patch 9.1.0678: [security]: use-after-free in alist_add()

Browse Source 
Problem:  [security]: use-after-free in alist_add()
          (SuyueGuo)
Solution: Lock the current window, so that the reference to
          the argument list remains valid.

This fixes CVE-2024-43374

Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Christian Brabandt
2024-08-15 22:15:28 +02:00
parent 3b59be4ed8
commit 0a6e57b09b
9 changed files with 58 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/ex_cmds.c
View File

@ -2840,7 +2840,7 @@ do_ecmd(
// Set the w_closing flag to avoid that autocommands close the
// window. And set b_locked for the same reason.
the_curwin->w_closing = TRUE;
the_curwin->w_locked = TRUE;
++buf->b_locked;
if (curbuf == old_curbuf.br_buf)
@ -2854,7 +2854,7 @@ do_ecmd(
// Autocommands may have closed the window.
if (win_valid(the_curwin))
the_curwin->w_closing = FALSE;
the_curwin->w_locked = FALSE;
--buf->b_locked;
#ifdef FEAT_EVAL