]> git.ipfire.org Git - thirdparty/vim.git/commit
projects / thirdparty / vim.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8a0bbe7) | patch
patch 9.1.0648: [security] double-free in dialog_changed() v9.1.0648
authorChristian Brabandt <cb@256bit.org>
Thu, 1 Aug 2024 20:10:28 +0000 (22:10 +0200)
committerChristian Brabandt <cb@256bit.org>
Thu, 1 Aug 2024 20:35:18 +0000 (22:35 +0200)
commitb29f4abcd4b3382fa746edd1d0562b7b48c9de60
tree75aabcb648df422e96e18cd7c8c0fa9b4a50ded3tree
parent8a0bbe7b8aad6f8da28dee218c01bc8a0185a2d5commit | diff
patch 9.1.0648: [security] double-free in dialog_changed()

Problem:  [security] double-free in dialog_changed()
          (SuyueGuo)
Solution: Only clear pointer b_sfname pointer, if it is different
          than the b_ffname pointer.  Don't try to free b_fname,
          set it to NULL instead.

fixes: #15403

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f

Signed-off-by: Christian Brabandt <cb@256bit.org>
src/ex_cmds2.c diff | blob | blame | history
src/testdir/crash/dialog_changed_uaf [new file with mode: 0644] blob
src/testdir/test_crash.vim diff | blob | blame | history
src/version.c diff | blob | blame | history
Mirror of https://github.com/vim/vim.git