代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/vim 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From b29f4abcd4b3382fa746edd1d0562b7b48c9de60 Mon Sep 17 00:00:00 2001
From: Christian Brabandt <cb@256bit.org>
Date: Thu, 1 Aug 2024 22:10:28 +0200
Subject: [PATCH] patch 9.1.0648: [security] double-free in dialog_changed()
Problem: [security] double-free in dialog_changed()
(SuyueGuo)
Solution: Only clear pointer b_sfname pointer, if it is different
than the b_ffname pointer. Don't try to free b_fname,
set it to NULL instead.
fixes: #15403
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f
Signed-off-by: Christian Brabandt <cb@256bit.org>
---
src/ex_cmds2.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/ex_cmds2.c b/src/ex_cmds2.c
index ce30b8d39..0d76b3b27 100644
--- a/src/ex_cmds2.c
+++ b/src/ex_cmds2.c
@@ -197,9 +197,11 @@ dialog_changed(
// restore to empty when write failed
if (empty_bufname)
{
- VIM_CLEAR(buf->b_fname);
+ // prevent double free
+ if (buf->b_sfname != buf->b_ffname)
+ VIM_CLEAR(buf->b_sfname);
+ buf->b_fname = NULL;
VIM_CLEAR(buf->b_ffname);
- VIM_CLEAR(buf->b_sfname);
unchanged(buf, TRUE, FALSE);
}
}
--
2.33.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手