patch 9.2.0603: possible heap-buffer-overflow when resizing the GUI

Problem:  possible heap-buffer-overflow when resizing the GUI
Solution: Check that the cursor position falls inside the GUI display
          area (Foxe Chen).

closes: #20449

Supported by AI

Signed-off-by: Foxe Chen <chen.foxe@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/src/screen.c b/src/screen.c
index 9042d90ded3b4c354749216e2683a59bf20d4cba..97d2f189cbddc25dd8c0eeef63e299d859e7ae5f 100644 (file)
--- a/src/screen.c
+++ b/src/screen.c
@@ -3378,6 +3378,13 @@ give_up:
     screen_Rows = Rows;
     screen_Columns = Columns;
 
+#ifdef FEAT_GUI
+    // Cursor position may now be out of bounds after resize
+    if (gui.in_use && (gui.cursor_row >= screen_Rows
+               || gui.cursor_col >= screen_Columns))
+       gui.cursor_is_valid = false;
+#endif
+
     set_must_redraw(UPD_CLEAR);        // need to clear the screen later
     if (doclear)
        screenclear2(TRUE);

diff --git a/src/version.c b/src/version.c
index c9032621c1d5e25516e507a0086bf1f0cea907e1..aae300c55bf956ea4acedda7567e647777ddf2e8 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    603,
 /**/
     602,
 /**/