aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-09-25 03:54:15 -04:00
Code Activity

patch 9.0.2117: [security] use-after-free in qf_free_items

Browse Source 
Problem:  [security] use-after-free in qf_free_items
Solution: only access qfpnext, if it hasn't been freed

Coverity discovered a possible use-after-free in qf_free_items. When
freeing the qfline items, we may access freed memory, when qfp ==
qfpnext.

So only access qfpnext, when it hasn't been freed.

Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Christian Brabandt
2023-11-19 16:19:27 +01:00
parent cb0c113ddc
commit 567cae2630
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/quickfix.c
View File

@@ -4000,8 +4000,9 @@ qf_free_items(qf_list_T *qfl)
// to avoid crashing when it's wrong.
// TODO: Avoid qf_count being incorrect.
qfl->qf_count = 1;
}
else
qfl->qf_start = qfpnext;
}
--qfl->qf_count;
}

2
src/version.c
View File

@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
2117,
/**/
2116,
/**/