neovim

Neovim text editor
git clone https://git.dasho.dev/neovim.git
Log | Files | Refs | README
commit 15298e79269e95899b9812c78af19f954b3bcba6
parent b55010a539c37efcce10b08ee38df9dd4b4d9fb7
Author: zeertzjq <zeertzjq@outlook.com>
Date:   Sun,  3 Sep 2023 09:14:45 +0800

vim-patch:9.0.1847: [security] potential oob write in do_addsub()

Problem:  potential oob write in do_addsub()
Solution: don't overflow buf2, check size in for loop()

https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57

Co-authored-by: Christian Brabandt <cb@256bit.org>

Diffstat:

Msrc/nvim/ops.c | 2+-


1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/nvim/ops.c b/src/nvim/ops.c
@@ -4770,7 +4770,7 @@ int do_addsub(int op_type, pos_T *pos, int length, linenr_T Prenum1)
         }
       }
 
-      while (bits > 0) {
+      while (bits > 0 && i < NUMBUFLEN - 1) {
         buf2[i++] = ((n >> --bits) & 0x1) ? '1' : '0';
       }