diff options
author | Christian Brabandt <cb@256bit.org> | 2023-09-05 20:18:06 +0200 |
---|---|---|
committer | Christian Brabandt <cb@256bit.org> | 2023-09-05 20:18:06 +0200 |
commit | f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 (patch) | |
tree | a0acea7e99632dae8fd280bdadf932fc59435b2b /src/ex_cmds.c | |
parent | d2a08ba0fa4a25f31cee9d9f33b0aa8237227387 (diff) |
patch 9.0.1873: [security] heap-buffer-overflow in vim_regsub_bothv9.0.1873
Problem: heap-buffer-overflow in vim_regsub_both
Solution: Disallow exchanging windows when textlock is active
Signed-off-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'src/ex_cmds.c')
-rw-r--r-- | src/ex_cmds.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/ex_cmds.c b/src/ex_cmds.c index 4f1d93244f..566ed7dad3 100644 --- a/src/ex_cmds.c +++ b/src/ex_cmds.c @@ -4519,6 +4519,9 @@ ex_substitute(exarg_T *eap) { nmatch = curbuf->b_ml.ml_line_count - sub_firstlnum + 1; skip_match = TRUE; + // safety check + if (nmatch < 0) + goto skip; } // Need room for: |