]> git.ipfire.org Git - thirdparty/vim.git/commit
projects / thirdparty / vim.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5b07213) | patch
patch 9.1.0647: [security] use-after-free in tagstack_clear_entry v9.1.0647
authorChristian Brabandt <cb@256bit.org>
Thu, 1 Aug 2024 18:16:51 +0000 (20:16 +0200)
committerChristian Brabandt <cb@256bit.org>
Thu, 1 Aug 2024 20:35:18 +0000 (22:35 +0200)
commit8a0bbe7b8aad6f8da28dee218c01bc8a0185a2d5
treef127f5240f1a3070619e1635dd376e00411306f4tree
parent5b07213c0b365f2a7fcdd10c7e7cd00aae3560a5commit | diff
patch 9.1.0647: [security] use-after-free in tagstack_clear_entry

Problem:  [security] use-after-free in tagstack_clear_entry
          (Suyue Guo )
Solution: Instead of manually calling vim_free() on each of the tagstack
          entries, let's use tagstack_clear_entry(), which will
          also free the stack, but using the VIM_CLEAR macro,
          which prevents a use-after-free by setting those pointers
          to NULL

This addresses CVE-2024-41957

Github advisory:
https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4

Signed-off-by: Christian Brabandt <cb@256bit.org>
src/testdir/crash/double_free [new file with mode: 0644] blob
src/testdir/test_crash.vim diff | blob | blame | history
src/version.c diff | blob | blame | history
src/window.c diff | blob | blame | history
Mirror of https://github.com/vim/vim.git