From e1dc9a627536304bc4f738c21e909ad9fcf3974c Mon Sep 17 00:00:00 2001
From: Christian Brabandt <cb@256bit.org>
Date: Sat, 2 Sep 2023 14:40:13 +0200
Subject: patch 9.0.1840: [security] use-after-free in do_ecmd

Problem:  use-after-free in do_ecmd
Solution: Verify oldwin pointer after reset_VIsual()

Signed-off-by: Christian Brabandt <cb@256bit.org>
---
 src/testdir/crash/poc_huaf1 | Bin 0 -> 1541 bytes
 src/testdir/crash/poc_huaf2 | Bin 0 -> 3238 bytes
 src/testdir/crash/poc_huaf3 | Bin 0 -> 4053 bytes
 3 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 src/testdir/crash/poc_huaf1
 create mode 100644 src/testdir/crash/poc_huaf2
 create mode 100644 src/testdir/crash/poc_huaf3

(limited to 'src/testdir/crash')

diff --git a/src/testdir/crash/poc_huaf1 b/src/testdir/crash/poc_huaf1
new file mode 100644
index 0000000000..0d0ea475c1
Binary files /dev/null and b/src/testdir/crash/poc_huaf1 differ
diff --git a/src/testdir/crash/poc_huaf2 b/src/testdir/crash/poc_huaf2
new file mode 100644
index 0000000000..4867e0f956
Binary files /dev/null and b/src/testdir/crash/poc_huaf2 differ
diff --git a/src/testdir/crash/poc_huaf3 b/src/testdir/crash/poc_huaf3
new file mode 100644
index 0000000000..7e38a9a17c
Binary files /dev/null and b/src/testdir/crash/poc_huaf3 differ
-- 
cgit v1.2.3