patch 9.1.0707: [security]: invalid cursor position may cause a crash
Commit:
https://github.com/vim/vim/commit/396fd1ec2956307755392a1c61f55d5c1847f308
Author: Christian Brabandt <c...@256bit.org>
Date: Sat Aug 31 17:58:16 2024 +0200
patch 9.1.0707: [security]: invalid cursor position may cause a crash
Problem: [security]: invalid cursor position may cause a crash
(after v9.1.0038)
Solution: Set cursor to the last character in a line, if it would
otherwise point to beyond the line; no tests added, as it
is unclear how to reproduce this.
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh
Co-authored-by: zeertzjq <zeert...@outlook.com>
Signed-off-by: zeertzjq <zeert...@outlook.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/charset.c b/src/charset.c
index 19b089526..399f25825 100644
--- a/src/charset.c
+++ b/src/charset.c
@@ -1678,6 +1678,9 @@ getvcol(
}
clear_chartabsize_arg(&cts);
+ if (*ptr == NUL && pos->col < MAXCOL && pos->col > ptr - line)
+ pos->col = ptr - line;
+
if (start != NULL)
*start = vcol + head;
if (end != NULL)
diff --git a/src/version.c b/src/version.c
index b88ec9de3..935b533ef 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 707,
/**/
706,
/**/
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/E1skQkg-002hgj-S2%40256bit.org.
