Headline
CVE-2023-2609: patch 9.0.1531: crash when register contents ends up being invalid · vim/vim@d1ae836
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.
Expand Up
@@ -835,6 +835,23 @@ func Test_end_reg_executing()
bwipe!
endfunc
" This was causing a crash because y_append was ending up being NULL
func Test_zero_y_append()
" Run in a separate Vim instance because changing ‘encoding’ may cause
" trouble for later tests.
let lines =<< trim END
d
silent ?n
next <sfile>
so
sil! norm 0VPSP
set enc=latin1
END
call writefile(lines, 'XTest_zero_y_append’, ‘D’)
call RunVim([], [], '-u NONE -i NONE -e -s -S XTest_zero_y_append -c qa\!’)
endfunc
" Make sure that y_append is correctly reset
" and the previous register is working as expected
func Test_register_y_append_reset()
Expand Down
Related news
Ubuntu Security Notice 6154-1 - It was discovered that Vim was using uninitialized memory when fuzzy matching, which could lead to invalid memory access. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04. It was discovered that Vim was not properly performing bounds checks when processing register contents, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.