From: Christian Brabandt Date: Sun, 19 Nov 2023 15:25:45 +0000 (+0100) Subject: patch 9.0.2118: [security]: avoid double-free in get_style_font_variants X-Git-Tag: v9.0.2118^0 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a5218a7330cb14ddd9afa323ab03f4334e6a77a0;p=thirdparty%2Fvim.git patch 9.0.2118: [security]: avoid double-free in get_style_font_variants Problem: [security]: avoid double-free Solution: Only fee plain_font, when it is not the same as bold_font When plain_font == bold_font and bold_font is not NULL, we may end up trying to free bold_font again, which already has been freed a few lines above. So only free bold_font, when the condition gui.font_can_bold is true, which means that bold_font is not pointing to plain_font (so it needs to be freed separately). Signed-off-by: Christian Brabandt --- diff --git a/src/gui_gtk_x11.c b/src/gui_gtk_x11.c index 4b3f53ef91..87838b9488 100644 --- a/src/gui_gtk_x11.c +++ b/src/gui_gtk_x11.c @@ -5048,7 +5048,8 @@ get_styled_font_variants(void) } pango_font_description_free(bold_font_desc); - g_object_unref(plain_font); + if (bold_font != NULL && gui.font_can_bold) + g_object_unref(plain_font); } static PangoEngineShape *default_shape_engine = NULL; diff --git a/src/version.c b/src/version.c index 6994b3402c..78446d57c4 100644 --- a/src/version.c +++ b/src/version.c @@ -704,6 +704,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 2118, /**/ 2117, /**/