packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vim/backport-CVE-2022-2982.patch
wangjiang 037eeee382 upgrade version to 9.0
2022-11-03 15:22:25 +08:00

74 lines
2.1 KiB
Diff
Raw Permalink Blame History

From d6c67629ed05aae436164eec474832daf8ba7420 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 24 Aug 2022 20:07:22 +0100
Subject: [PATCH] patch 9.0.0260: using freed memory when usinger
'quickfixtextfunc' recursivelyxe
Problem: Using freed memory when using 'quickfixtextfunc' recursively.
Solution: Do not allow for recursion.
---
src/quickfix.c | 9 +++++++++
src/testdir/test_quickfix.vim | 13 +++++++++++++
2 files changed, 22 insertions(+)
diff --git a/src/quickfix.c b/src/quickfix.c
index c37caa5..5547233 100644
--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -4656,6 +4656,11 @@ call_qftf_func(qf_list_T *qfl, int qf_winid, long start_idx, long end_idx)
{
callback_T *cb = &qftf_cb;
list_T *qftf_list = NULL;
+ static int recursive = FALSE;
+
+ if (recursive)
+ return NULL; // this doesn't work properly recursively
+ recursive = TRUE;
// If 'quickfixtextfunc' is set, then use the user-supplied function to get
// the text to display. Use the local value of 'quickfixtextfunc' if it is
@@ -4670,7 +4675,10 @@ call_qftf_func(qf_list_T *qfl, int qf_winid, long start_idx, long end_idx)
// create the dict argument
if ((d = dict_alloc_lock(VAR_FIXED)) == NULL)
+ {
+ recursive = FALSE;
return NULL;
+ }
dict_add_number(d, "quickfix", (long)IS_QF_LIST(qfl));
dict_add_number(d, "winid", (long)qf_winid);
dict_add_number(d, "id", (long)qfl->qf_id);
@@ -4693,6 +4701,7 @@ call_qftf_func(qf_list_T *qfl, int qf_winid, long start_idx, long end_idx)
dict_unref(d);
}
+ recursive = FALSE;
return qftf_list;
}
diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
index 182d570..46b2cb6 100644
--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
@@ -6334,4 +6334,17 @@ func Test_qflist_statusmsg()
%bw!
endfunc
+func Test_quickfixtextfunc_recursive()
+ func s:QFTfunc(o)
+ cgete '0'
+ endfunc
+ copen
+ let &quickfixtextfunc = 's:QFTfunc'
+ cex ""
+
+ let &quickfixtextfunc = ''
+ cclose
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab
--
2.36.1
Reference in New Issue View Git Blame Copy Permalink