vim-patch:9.1.0678: [security]: use-after-free in alist_add()

Problem: [security]: use-after-free in alist_add() (SuyueGuo) Solution: Lock the current window, so that the reference to the argument list remains valid. This fixes CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 Co-authored-by: Christian Brabandt <cb@256bit.org>
author: zeertzjq <zeertzjq@outlook.com> 2024-08-16 09:00:50 +0800
committer: zeertzjq <zeertzjq@outlook.com> 2024-08-17 06:04:52 +0800
commit: b3d291c5656085189e1ba65357119f16e2f5e9b0 (patch)
tree: b49afe5c2b1ac440ec6ba5b0fdcb82bb32e4740c /src/nvim/buffer_defs.h
parent: 8b8096500d08d771a936d8ceca25ef5716c3874f (diff)
download: rneovim-b3d291c5656085189e1ba65357119f16e2f5e9b0.tar.gz
rneovim-b3d291c5656085189e1ba65357119f16e2f5e9b0.tar.bz2
rneovim-b3d291c5656085189e1ba65357119f16e2f5e9b0.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/nvim/buffer_defs.h b/src/nvim/buffer_defs.h
index 78b7e22b0f..e885e3d93b 100644
--- a/src/nvim/buffer_defs.h
+++ b/src/nvim/buffer_defs.h
@@ -1045,7 +1045,7 @@ struct window_S {
 
   win_T *w_prev;              ///< link to previous window
   win_T *w_next;              ///< link to next window
-  bool w_closing;                   ///< window is being closed, don't let
+  bool w_locked;                    ///< window is being closed, don't let
                                     ///< autocommands close it too.
 
   frame_T *w_frame;             ///< frame containing this window
author	zeertzjq <zeertzjq@outlook.com>	2024-08-16 09:00:50 +0800
committer	zeertzjq <zeertzjq@outlook.com>	2024-08-17 06:04:52 +0800
commit	b3d291c5656085189e1ba65357119f16e2f5e9b0 (patch)
tree	b49afe5c2b1ac440ec6ba5b0fdcb82bb32e4740c /src/nvim/buffer_defs.h
parent	8b8096500d08d771a936d8ceca25ef5716c3874f (diff)
download	rneovim-b3d291c5656085189e1ba65357119f16e2f5e9b0.tar.gz rneovim-b3d291c5656085189e1ba65357119f16e2f5e9b0.tar.bz2 rneovim-b3d291c5656085189e1ba65357119f16e2f5e9b0.zip