diff options
author | Christian Brabandt <cb@256bit.org> | 2023-10-05 22:08:30 +0200 |
---|---|---|
committer | Christian Brabandt <cb@256bit.org> | 2023-10-05 22:10:10 +0200 |
commit | 20d161ace307e28690229b68584f2d84556f8960 (patch) | |
tree | a32cb8c7f5a18d862253b3b6832d2d38f97f1210 | |
parent | 290b887e8cc2c0d3dfc7f315b2052472c7c589cc (diff) |
patch 9.0.1992: [security] segfault in exmodev9.0.1992
Problem: segfault in exmode when redrawing
Solution: skip gui_scroll when exmode_active
Signed-off-by: Christian Brabandt <cb@256bit.org>
-rw-r--r-- | src/gui.c | 4 | ||||
-rw-r--r-- | src/testdir/crash/crash_scrollbar | 2 | ||||
-rw-r--r-- | src/testdir/test_crash.vim | 7 | ||||
-rw-r--r-- | src/version.c | 2 |
4 files changed, 15 insertions, 0 deletions
@@ -4397,6 +4397,7 @@ gui_do_scrollbar( * Scroll a window according to the values set in the globals * "current_scrollbar" and "scrollbar_value". * Return TRUE if the cursor in the current window moved or FALSE otherwise. + * may eventually cause a redraw using updateWindow */ int gui_do_scroll(void) @@ -4416,6 +4417,9 @@ gui_do_scroll(void) if (wp == NULL) // Couldn't find window return FALSE; + // don't redraw, LineOffset and similar are not valid! + if (exmode_active) + return FALSE; /* * Compute number of lines to scroll. If zero, nothing to do. diff --git a/src/testdir/crash/crash_scrollbar b/src/testdir/crash/crash_scrollbar new file mode 100644 index 0000000000..1de5905228 --- /dev/null +++ b/src/testdir/crash/crash_scrollbar @@ -0,0 +1,2 @@ +" this goes to insert mode and presses key k_VerScrollbar which may cause a redraw in exmode, which used ot crash Vim +norm o€ùX diff --git a/src/testdir/test_crash.vim b/src/testdir/test_crash.vim index 5c83e3a2f5..9a80340c28 100644 --- a/src/testdir/test_crash.vim +++ b/src/testdir/test_crash.vim @@ -72,6 +72,12 @@ func Test_crash1() \ ' || echo "crash 8: [OK]" >> X_crash1_result.txt' .. "\<cr>") call TermWait(buf, 3000) + let file = 'crash/crash_scrollbar' + let args = printf(cmn_args, vim, file) + call term_sendkeys(buf, args .. + \ ' && echo "crash 9: [OK]" >> X_crash1_result.txt' .. "\<cr>") + call TermWait(buf, 1000) + " clean up exe buf .. "bw!" @@ -86,6 +92,7 @@ func Test_crash1() \ 'crash 6: [OK]', \ 'crash 7: [OK]', \ 'crash 8: [OK]', + \ 'crash 9: [OK]', \ ] call assert_equal(expected, getline(1, '$')) diff --git a/src/version.c b/src/version.c index 9b1c0b4e92..2bb134a3b9 100644 --- a/src/version.c +++ b/src/version.c @@ -705,6 +705,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1992, +/**/ 1991, /**/ 1990, |