patch 9.0.1873: [security] heap-buffer-overflow in vim_regsub_bothv9.0.1873

Problem: heap-buffer-overflow in vim_regsub_both Solution: Disallow exchanging windows when textlock is active Signed-off-by: Christian Brabandt <cb@256bit.org>
author: Christian Brabandt <cb@256bit.org> 2023-09-05 20:18:06 +0200
committer: Christian Brabandt <cb@256bit.org> 2023-09-05 20:18:06 +0200
commit: f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 (patch)
tree: a0acea7e99632dae8fd280bdadf932fc59435b2b /src/ex_cmds.c
parent: d2a08ba0fa4a25f31cee9d9f33b0aa8237227387 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
index 4f1d93244f..566ed7dad3 100644
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -4519,6 +4519,9 @@ ex_substitute(exarg_T *eap)
 		{
 		    nmatch = curbuf->b_ml.ml_line_count - sub_firstlnum + 1;
 		    skip_match = TRUE;
+		    // safety check
+		    if (nmatch < 0)
+			goto skip;
 		}
 
 		// Need room for:
author	Christian Brabandt <cb@256bit.org>	2023-09-05 20:18:06 +0200
committer	Christian Brabandt <cb@256bit.org>	2023-09-05 20:18:06 +0200
commit	f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 (patch)
tree	a0acea7e99632dae8fd280bdadf932fc59435b2b /src/ex_cmds.c
parent	d2a08ba0fa4a25f31cee9d9f33b0aa8237227387 (diff)