patch 9.1.0697: [security]: heap-buffer-overflow in ins_typebuf Problem: heap-buffer-overflow in ins_typebuf (SuyueGuo) Solution: When flushing the typeahead buffer, validate that there is enough space left Github Advisory: https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh Signed-off-by: Christian Brabandt <cb@256bit.org>

commit: 322ba9108612bead5eb7731ccb66763dec69ef1b [log] [tgz]
author: Christian Brabandt <cb@256bit.org> Sun Aug 25 21:33:03 2024 +0200
committer: Christian Brabandt <cb@256bit.org> Sun Aug 25 21:33:03 2024 +0200
tree: 719540ebb6d96126934dedb746009c1cb98bde0f
parent: 663950d700f496c1db09307253e6b1b2a56140d5 [diff] [blame]
diff --git a/src/testdir/test_crash.vim b/src/testdir/test_crash.vim
index f1843c4..5ec103f 100644
--- a/src/testdir/test_crash.vim
+++ b/src/testdir/test_crash.vim

@@ -216,6 +216,13 @@
   call term_sendkeys(buf, args)
   call TermWait(buf, 50)
 
+  let file = 'crash/heap_overflow3'
+  let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
+  let args = printf(cmn_args, vim, file)
+  call term_sendkeys(buf, args)
+  call TermWait(buf, 150)
+
+
   " clean up
   exe buf .. "bw!"
   bw!
commit	322ba9108612bead5eb7731ccb66763dec69ef1b	[log] [tgz]
author	Christian Brabandt <cb@256bit.org>	Sun Aug 25 21:33:03 2024 +0200
committer	Christian Brabandt <cb@256bit.org>	Sun Aug 25 21:33:03 2024 +0200
tree	719540ebb6d96126934dedb746009c1cb98bde0f
parent	663950d700f496c1db09307253e6b1b2a56140d5 [diff] [blame]