diff options
author | Christian Brabandt <cb@256bit.org> | 2023-10-26 21:29:32 +0200 |
---|---|---|
committer | Christian Brabandt <cb@256bit.org> | 2023-10-26 21:29:32 +0200 |
commit | 9198c1f2b1ddecde22af918541e0de2a32f0f45a (patch) | |
tree | 2af602f979b00fea18542cd679191c320009f9b2 /src/errors.h | |
parent | 5f5131d775bf9966976e39aa38b070036cbfe969 (diff) |
patch 9.0.2068: [security] overflow in :historyv9.0.2068
Problem: [security] overflow in :history
Solution: Check that value fits into int
The get_list_range() function, used to parse numbers for the :history
and :clist command internally uses long variables to store the numbers.
However function arguments are integer pointers, which can then
overflow.
Check that the return value from the vim_str2nr() function is not larger
than INT_MAX and if yes, bail out with an error. I guess nobody uses a
cmdline/clist history that needs so many entries... (famous last words).
It is only a moderate vulnerability, so impact should be low.
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
Signed-off-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'src/errors.h')
-rw-r--r-- | src/errors.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/errors.h b/src/errors.h index 79a785e1e2..72957d8b93 100644 --- a/src/errors.h +++ b/src/errors.h @@ -3560,3 +3560,5 @@ EXTERN char e_xattr_e2big[] INIT(= N_("E1508: Size of the extended attribute value is larger than the maximum size allowed")); EXTERN char e_xattr_other[] INIT(= N_("E1509: Error occurred when reading or writing extended attribute")); +EXTERN char e_val_too_large[] + INIT(= N_("E1510: Value too large: %s")); |