aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-10-28 09:27:14 -04:00
Code Activity

patch 9.1.1003: [security]: heap-buffer-overflow with visual mode

Browse Source 
Problem:  [security]: heap-buffer-overflow with visual mode when
          using :all, causing Vim trying to access beyond end-of-line
          (gandalf)
Solution: Reset visual mode on :all, validate position in gchar_pos()
          and charwise_block_prep()

This fixes CVE-2025-22134

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8

Co-authored-by: zeertzjq <zeertzjq@outlook.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Christian Brabandt
2025-01-11 15:25:00 +01:00
parent 9598a6369b
commit c9a1e257f1
5 changed files with 34 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/arglist.c
View File

@@ -1258,6 +1258,10 @@ do_arg_all(
tabpage_T *new_lu_tp = curtab;
// Stop Visual mode, the cursor and "VIsual" may very well be invalid after
// switching to another buffer.
reset_VIsual_and_resel();
// Try closing all windows that are not in the argument list.
// Also close windows that are not full width;
// When 'hidden' or "forceit" set the buffer becomes hidden.