mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-28 22:18:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:9.1.0678: [security]: use-after-free in alist_add()

Browse Source 
Problem:  [security]: use-after-free in alist_add()
          (SuyueGuo)
Solution: Lock the current window, so that the reference to
          the argument list remains valid.

This fixes CVE-2024-43374

0a6e57b09b

Co-authored-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
zeertzjq
2024-08-16 09:00:50 +08:00
parent 8b8096500d
commit b3d291c565
6 changed files with 50 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/nvim/buffer.c
View File

@@ -1379,7 +1379,7 @@ static int do_buffer_ext(int action, int start, int dir, int count, int flags)
// When the autocommand window is involved win_close() may need to print an error message.
// Repeat this so long as we end up in a window with this buffer.
while (buf == curbuf
&& !(curwin->w_closing || curwin->w_buffer->b_locked > 0)
&& !(win_locked(curwin) || curwin->w_buffer->b_locked > 0)
&& (is_aucmd_win(lastwin) || !last_window(curwin))) {
if (win_close(curwin, false, false) == FAIL) {
break;
@@ -3644,7 +3644,7 @@ void ex_buffer_all(exarg_T *eap)
: wp->w_width != Columns)
|| (had_tab > 0 && wp != firstwin))
&& !ONE_WINDOW
&& !(wp->w_closing || wp->w_buffer->b_locked > 0)
&& !(win_locked(curwin) || wp->w_buffer->b_locked > 0)
&& !is_aucmd_win(wp)) {
if (win_close(wp, false, false) == FAIL) {
break;