rneovim.git - Neovim fork with Rahm's personal hacks.

diff options

author	zeertzjq <zeertzjq@outlook.com>	2023-09-03 13:47:55 +0800
committer	GitHub <noreply@github.com>	2023-09-03 13:47:55 +0800
commit	bebdf1dab345471222f6755c574d04596fea92fd (patch)
tree	844dd19dd408a76643dcdf6fa7cb569b63c3f148 /runtime/lua/vim/_meta/vimfn.lua
parent	0e11bf0e1af5b3422db49222ab739a64d233b353 (diff)
download	rneovim-bebdf1dab345471222f6755c574d04596fea92fd.tar.gz rneovim-bebdf1dab345471222f6755c574d04596fea92fd.tar.bz2 rneovim-bebdf1dab345471222f6755c574d04596fea92fd.zip

vim-patch:9.0.1848: [security] buffer-overflow in vim_regsub_both() (#25001)

Problem: buffer-overflow in vim_regsub_both() Solution: Check remaining space https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1 The change to do_sub() looks confusing. Maybe it's an overflow check? Then the crash may not be applicable to Nvim because of different casts. The test also looks confusing. It seems to source itself recursively. Also don't call strlen() twice on evaluation result. N/A patches for version.c: vim-patch:9.0.1849: CI error on different signedness in ex_cmds.c vim-patch:9.0.1853: CI error on different signedness in regexp.c Co-authored-by: Christian Brabandt <cb@256bit.org>

Diffstat (limited to 'runtime/lua/vim/_meta/vimfn.lua')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: