packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vim/backport-CVE-2023-4735.patch
wangjiang 49a60b4e33 fix CVE-2023-4736 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 
(cherry picked from commit 1f97a3d5951002935a4abf4dbefb1b843d6b099f)
2023-09-11 22:41:53 +08:00

31 lines
857 B
Diff
Raw Permalink Blame History

From 889f6af37164775192e33b233a90e86fd3df0f57 Mon Sep 17 00:00:00 2001
From: Christian Brabandt <cb@256bit.org>
Date: Sat, 2 Sep 2023 19:43:33 +0200
Subject: [PATCH 22/52] patch 9.0.1847: [security] potential oob write in
do_addsub()
Problem: potential oob write in do_addsub()
Solution: don't overflow buf2, check size in for loop()
Signed-off-by: Christian Brabandt <cb@256bit.org>
---
src/ops.c | 2 +-
1 files changed, 1 insertions(+), 1 deletion(-)
diff --git a/src/ops.c b/src/ops.c
index d46a049fe..f4524d3d7 100644
--- a/src/ops.c
+++ b/src/ops.c
@@ -2848,7 +2848,7 @@ do_addsub(
for (bit = bits; bit > 0; bit--)
if ((n >> (bit - 1)) & 0x1) break;
- for (i = 0; bit > 0; bit--)
+ for (i = 0; bit > 0 && i < (NUMBUFLEN - 1); bit--)
buf2[i++] = ((n >> (bit - 1)) & 0x1) ? '1' : '0';
buf2[i] = '\0';
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink