aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-09-26 04:04:07 -04:00
Code Activity

patch 9.0.2117: [security] use-after-free in qf_free_items

Browse Source 
Problem:  [security] use-after-free in qf_free_items
Solution: only access qfpnext, if it hasn't been freed

Coverity discovered a possible use-after-free in qf_free_items. When
freeing the qfline items, we may access freed memory, when qfp ==
qfpnext.

So only access qfpnext, when it hasn't been freed.

Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Christian Brabandt
2023-11-19 16:19:27 +01:00
parent cb0c113ddc
commit 567cae2630
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/quickfix.c
View File

@@ -4000,8 +4000,9 @@ qf_free_items(qf_list_T *qfl)
// to avoid crashing when it's wrong. // to avoid crashing when it's wrong.
// TODO: Avoid qf_count being incorrect. // TODO: Avoid qf_count being incorrect.
qfl->qf_count = 1; qfl->qf_count = 1;
else
qfl->qf_start = qfpnext;
} }
qfl->qf_start = qfpnext;
--qfl->qf_count; --qfl->qf_count;
} }

2
src/version.c
View File

@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
2117,
/**/ /**/
2116, 2116,
/**/ /**/