46 lines
1.2 KiB
Diff
46 lines
1.2 KiB
Diff
From f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 Mon Sep 17 00:00:00 2001
|
|
From: Christian Brabandt <cb@256bit.org>
|
|
Date: Tue, 5 Sep 2023 20:18:06 +0200
|
|
Subject: [PATCH 53/58] patch 9.0.1873: [security] heap-buffer-overflow in
|
|
vim_regsub_both
|
|
|
|
Problem: heap-buffer-overflow in vim_regsub_both
|
|
Solution: Disallow exchanging windows when textlock is active
|
|
|
|
Signed-off-by: Christian Brabandt <cb@256bit.org>
|
|
---
|
|
src/ex_cmds.c | 3 +++
|
|
src/window.c | 5 +++++
|
|
2 files changed, 8 insertions(+)
|
|
|
|
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
|
|
index 4f1d93244..566ed7dad 100644
|
|
--- a/src/ex_cmds.c
|
|
+++ b/src/ex_cmds.c
|
|
@@ -4461,6 +4461,9 @@ ex_substitute(exarg_T *eap)
|
|
{
|
|
nmatch = curbuf->b_ml.ml_line_count - sub_firstlnum + 1;
|
|
skip_match = TRUE;
|
|
+ // safety check
|
|
+ if (nmatch < 0)
|
|
+ goto skip;
|
|
}
|
|
|
|
// Need room for:
|
|
diff --git a/src/window.c b/src/window.c
|
|
index 1af2395df..f77ede330 100644
|
|
--- a/src/window.c
|
|
+++ b/src/window.c
|
|
@@ -1646,6 +1646,11 @@ win_exchange(long Prenum)
|
|
beep_flush();
|
|
return;
|
|
}
|
|
+ if (text_or_buf_locked())
|
|
+ {
|
|
+ beep_flush();
|
|
+ return;
|
|
+ }
|
|
|
|
#ifdef FEAT_GUI
|
|
need_mouse_correct = TRUE;
|