mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-10-07 02:16:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:9.1.1003: [security]: heap-buffer-overflow with visual mode (#31971)

Browse Source 
Problem:  [security]: heap-buffer-overflow with visual mode when
          using :all, causing Vim trying to access beyond end-of-line
          (gandalf)
Solution: Reset visual mode on :all, validate position in gchar_pos()
          and charwise_block_prep()

This fixes CVE-2025-22134

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8

c9a1e257f1

Co-authored-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
zeertzjq
2025-01-12 08:25:57 +08:00
committed by GitHub
parent 37316fbac6
commit 1a8a48d7e5
4 changed files with 30 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/nvim/memline.c
View File

@@ -1860,7 +1860,7 @@ int gchar_pos(pos_T *pos)
FUNC_ATTR_NONNULL_ARG(1)
{
// When searching columns is sometimes put at the end of a line.
if (pos->col == MAXCOL) {
if (pos->col == MAXCOL || pos->col > ml_get_len(pos->lnum)) {
return NUL;
}
return utf_ptr2char(ml_get_pos(pos));