]> git.ipfire.org Git - thirdparty/vim.git/commit
projects / thirdparty / vim.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9598a63) | patch
patch 9.1.1003: [security]: heap-buffer-overflow with visual mode v9.1.1003
authorChristian Brabandt <cb@256bit.org>
Sat, 11 Jan 2025 14:25:00 +0000 (15:25 +0100)
committerChristian Brabandt <cb@256bit.org>
Sat, 11 Jan 2025 14:25:00 +0000 (15:25 +0100)
commitc9a1e257f1630a0866447e53a564f7ff96a80ead
tree4be912a8bfd7f06bc0b245982e98b44c62199494tree
parent9598a6369bce32d3da831e8968caf4625985ac3ccommit | diff
patch 9.1.1003: [security]: heap-buffer-overflow with visual mode

Problem:  [security]: heap-buffer-overflow with visual mode when
          using :all, causing Vim trying to access beyond end-of-line
          (gandalf)
Solution: Reset visual mode on :all, validate position in gchar_pos()
          and charwise_block_prep()

This fixes CVE-2025-22134

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8

Co-authored-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
src/arglist.c diff | blob | blame | history
src/misc1.c diff | blob | blame | history
src/ops.c diff | blob | blame | history
src/testdir/test_visual.vim diff | blob | blame | history
src/version.c diff | blob | blame | history
Mirror of https://github.com/vim/vim.git