diff options
| author | zeertzjq <zeertzjq@outlook.com> | 2023-10-27 06:37:52 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-27 06:37:52 +0800 |
| commit | 9dc440400cdb470b317c4169ba916e1cd9a316e1 (patch) | |
| tree | 2f262ee163ae432bb692cb941c69eddf17c2d836 /runtime/lua/vim/iter.lua | |
| parent | ba6761eafe615a7f904c585dba3b7d6e98f665e1 (diff) | |
| download | rneovim-9dc440400cdb470b317c4169ba916e1cd9a316e1.tar.gz rneovim-9dc440400cdb470b317c4169ba916e1cd9a316e1.tar.bz2 rneovim-9dc440400cdb470b317c4169ba916e1cd9a316e1.zip | |
vim-patch:9.0.2068: [security] overflow in :history (#25794)
Problem: [security] overflow in :history
Solution: Check that value fits into int
The get_list_range() function, used to parse numbers for the :history
and :clist command internally uses long variables to store the numbers.
However function arguments are integer pointers, which can then
overflow.
Check that the return value from the vim_str2nr() function is not larger
than INT_MAX and if yes, bail out with an error. I guess nobody uses a
cmdline/clist history that needs so many entries... (famous last words).
It is only a moderate vulnerability, so impact should be low.
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
N/A patch:
vim-patch:9.0.2073: typo in quickfix.c comments
Co-authored-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'runtime/lua/vim/iter.lua')
0 files changed, 0 insertions, 0 deletions