Projects
openEuler:Mainline
vim
_service:tar_scm:backport-CVE-2022-2982.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-CVE-2022-2982.patch of Package vim
From d6c67629ed05aae436164eec474832daf8ba7420 Mon Sep 17 00:00:00 2001 From: Bram Moolenaar <Bram@vim.org> Date: Wed, 24 Aug 2022 20:07:22 +0100 Subject: [PATCH] patch 9.0.0260: using freed memory when usinger 'quickfixtextfunc' recursivelyxe Problem: Using freed memory when using 'quickfixtextfunc' recursively. Solution: Do not allow for recursion. --- src/quickfix.c | 9 +++++++++ src/testdir/test_quickfix.vim | 13 +++++++++++++ 2 files changed, 22 insertions(+) diff --git a/src/quickfix.c b/src/quickfix.c index c37caa5..5547233 100644 --- a/src/quickfix.c +++ b/src/quickfix.c @@ -4656,6 +4656,11 @@ call_qftf_func(qf_list_T *qfl, int qf_winid, long start_idx, long end_idx) { callback_T *cb = &qftf_cb; list_T *qftf_list = NULL; + static int recursive = FALSE; + + if (recursive) + return NULL; // this doesn't work properly recursively + recursive = TRUE; // If 'quickfixtextfunc' is set, then use the user-supplied function to get // the text to display. Use the local value of 'quickfixtextfunc' if it is @@ -4670,7 +4675,10 @@ call_qftf_func(qf_list_T *qfl, int qf_winid, long start_idx, long end_idx) // create the dict argument if ((d = dict_alloc_lock(VAR_FIXED)) == NULL) + { + recursive = FALSE; return NULL; + } dict_add_number(d, "quickfix", (long)IS_QF_LIST(qfl)); dict_add_number(d, "winid", (long)qf_winid); dict_add_number(d, "id", (long)qfl->qf_id); @@ -4693,6 +4701,7 @@ call_qftf_func(qf_list_T *qfl, int qf_winid, long start_idx, long end_idx) dict_unref(d); } + recursive = FALSE; return qftf_list; } diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim index 182d570..46b2cb6 100644 --- a/src/testdir/test_quickfix.vim +++ b/src/testdir/test_quickfix.vim @@ -6334,4 +6334,17 @@ func Test_qflist_statusmsg() %bw! endfunc +func Test_quickfixtextfunc_recursive() + func s:QFTfunc(o) + cgete '0' + endfunc + copen + let &quickfixtextfunc = 's:QFTfunc' + cex "" + + let &quickfixtextfunc = '' + cclose +endfunc + + " vim: shiftwidth=2 sts=2 expandtab -- 2.36.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2