adam/vim
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

patch 9.1.1400: [security]: use-after-free when evaluating tuple fails

Browse Source 
Problem:  [security]: use-after-free when evaluating tuple fails
Solution: return early in case of an error (Yegappan Lakshmanan)

closes: #17351

Signed-off-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Yegappan Lakshmanan
2025-05-21 20:52:44 +02:00
committed by Christian Brabandt
parent 681f1c914f
commit 1307743697
3 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/eval.c
View File

@ -5000,6 +5000,8 @@ eval9_nested_expr(
else else
{ {
ret = eval1(arg, rettv, evalarg); // recursive! ret = eval1(arg, rettv, evalarg); // recursive!
if (ret != OK)
return ret;
*arg = skipwhite_and_linebreak(*arg, evalarg); *arg = skipwhite_and_linebreak(*arg, evalarg);

11
src/testdir/test_tuple.vim
View File

@ -1575,6 +1575,17 @@ func Test_try_finally_with_tuple_return()
call v9.CheckSourceSuccess(lines) call v9.CheckSourceSuccess(lines)
endfunc endfunc
" Test for evaluating a recursive tuple that results in an error
func Test_recursive_tuple_eval_fails()
let lines =<< trim END
call assert_fails(((((((((((((((('tag xyz', func2(pat, flags, infn)
END
call v9.CheckSourceLegacyAndVim9Failure(lines, [
\ 'E121: Undefined variable: pat',
\ 'E1001: Variable not found: pat',
\ 'E121: Undefined variable: pat'])
endfunc
" Test for add() with a tuple " Test for add() with a tuple
func Test_tuple_add() func Test_tuple_add()
let lines =<< trim END let lines =<< trim END

2
src/version.c
View File

@ -709,6 +709,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
1400,
/**/ /**/
1399, 1399,
/**/ /**/