aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-10-02 05:04:20 -04:00
Code Activity

patch 9.0.1847: [security] potential oob write in do_addsub()

Browse Source 
Problem:  potential oob write in do_addsub()
Solution: don't overflow buf2, check size in for loop()

Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Christian Brabandt
2023-09-02 19:43:33 +02:00
parent 4c6fe2e2ea
commit 889f6af371
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/ops.c
View File

@@ -2919,7 +2919,7 @@ do_addsub(
for (bit = bits; bit > 0; bit--) for (bit = bits; bit > 0; bit--)
if ((n >> (bit - 1)) & 0x1) break; if ((n >> (bit - 1)) & 0x1) break;
for (i = 0; bit > 0; bit--) for (i = 0; bit > 0 && i < (NUMBUFLEN - 1); bit--)
buf2[i++] = ((n >> (bit - 1)) & 0x1) ? '1' : '0'; buf2[i++] = ((n >> (bit - 1)) & 0x1) ? '1' : '0';
buf2[i] = '\0'; buf2[i] = '\0';

2
src/version.c
View File

@@ -699,6 +699,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
1847,
/**/ /**/
1846, 1846,
/**/ /**/