vim/backport-CVE-2023-5535.patch

From 41e6f7d6ba67b61d911f9b1d76325cd79224753d Mon Sep 17 00:00:00 2001
From: Christian Brabandt <cb@256bit.org>
Date: Wed, 11 Oct 2023 21:08:13 +0200
Subject: [PATCH] patch 9.0.2010: [security] use-after-free from
 buf_contents_changed()

Problem:  [security] use-after-free from buf_contents_changed()
Solution: block autocommands

Signed-off-by: Christian Brabandt <cb@256bit.org>
---
 src/buffer.c                            |   5 +++++
 1 files changed, 5 insertions(+)

diff --git a/src/buffer.c b/src/buffer.c
index 93f9245f27f9d..9ee74f54dd6fd 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -5902,6 +5902,9 @@ buf_contents_changed(buf_T *buf)
     // set curwin/curbuf to buf and save a few things
     aucmd_prepbuf(&aco, newbuf);
 
+    // We don't want to trigger autocommands now, they may have nasty
+    // side-effects like wiping buffers
+    block_autocmds();
     if (ml_open(curbuf) == OK
 	    && readfile(buf->b_ffname, buf->b_fname,
 				  (linenr_T)0, (linenr_T)0, (linenr_T)MAXLNUM,
@@ -5927,6 +5930,8 @@ buf_contents_changed(buf_T *buf)
     if (curbuf != newbuf)	// safety check
 	wipe_buffer(newbuf, FALSE);
 
+    unblock_autocmds();
+
     return differ;
 }