IntenseFinance/neovim
3
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-02-25 18:55:25 -06:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:9.1.0739: [security]: use-after-free in ex_getln.c (#30448)

Browse Source 
Problem:  [security]: use-after-free in ex_getln.c
Solution: free pointer p a bit later (John Marriott)

closes: vim/vim#15712

a6de28755e

Co-authored-by: John Marriott <basilisk@internode.on.net>
This commit is contained in:
zeertzjq 2024-09-21 18:26:44 +08:00 committed by GitHub
parent 059a9e6254
commit d8cd15e8d6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/nvim/ex_getln.c
View File

@ -3028,7 +3028,6 @@ void realloc_cmdbuff(int len)
// there, thus copy up to the NUL and add a NUL. // there, thus copy up to the NUL and add a NUL.
memmove(ccline.cmdbuff, p, (size_t)ccline.cmdlen); memmove(ccline.cmdbuff, p, (size_t)ccline.cmdlen);
ccline.cmdbuff[ccline.cmdlen] = NUL; ccline.cmdbuff[ccline.cmdlen] = NUL;
xfree(p);
if (ccline.xpc != NULL if (ccline.xpc != NULL
&& ccline.xpc->xp_pattern != NULL && ccline.xpc->xp_pattern != NULL
@ -3042,6 +3041,8 @@ void realloc_cmdbuff(int len)
ccline.xpc->xp_pattern = ccline.cmdbuff + i; ccline.xpc->xp_pattern = ccline.cmdbuff + i;
} }
} }
xfree(p);
} }
enum { MAX_CB_ERRORS = 1, }; enum { MAX_CB_ERRORS = 1, };