Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_vim / 8f4fb007e4d472b09ff6bed9ffa485e0c3093699
commit8f4fb007e4d472b09ff6bed9ffa485e0c3093699[log] [tgz]
authorYee Cheng Chin <ychin.git@gmail.com>Tue Oct 17 10:06:56 2023 +0200
committerChristian Brabandt <cb@256bit.org>Tue Oct 17 10:06:56 2023 +0200
treeb222fa2db7c50bc1d469caa39fef28bf5b3d36b8
parent5a679b2263f597950f99c60a99d4d1a192e9f639 [diff]
patch 9.0.2035: [security] use-after-free with wildmenu

Problem:  [security] use-after-free with wildmenu
Solution: properly clean up the wildmenu when exiting

Fix wildchar/wildmenu/pum memory corruption with special wildchar's

Currently, using `wildchar=<Esc>` or `wildchar=<C-\>` can lead to a
memory corruption if using wildmenu+pum, or wrong states if only using
wildmenu. This is due to the code only using one single place inside the
cmdline process loop to perform wild menu clean up (by checking
`end_wildmenu`) but there are other odd situations where the loop could
have exited and we need a post-loop clean up just to be sure. If the
clean up was not done you would have a stale popup menu referring to
invalid memory, or if not using popup menu, incorrect status line (if
`laststatus=0`).

For example, if you hit `<Esc>` two times when it's wildchar, there's a
hard-coded behavior to exit command-line as a failsafe for user, and if
you hit `<C-\><C-\><C-N>` it will also exit command-line, but the clean
up code would not have hit because of specialized `<C-\>` handling.

Fix Ctrl-E / Ctrl-Y to not cancel/accept wildmenu if they are also
used for 'wildchar'/'wildcharm'. Currently they don't behave properly,
and also have potentially memory unsafe behavior as the logic is
currently not accounting for this situation and try to do both.
(Previous patch that addressed this: #11677)

Also, correctly document Escape key behavior (double-hit it to escape)
in wildchar docs as it's previously undocumented.

In addition, block known invalid chars to be set in `wildchar` option,
such as Ctrl-C and `<CR>`. This is just to make it clear to the user
they shouldn't be set, and is not required for this bug fix.

closes: #13361

Signed-off-by: Christian Brabandt <cb@256bit.org>
Co-authored-by: Yee Cheng Chin <ychin.git@gmail.com>
13 files changed
tree: b222fa2db7c50bc1d469caa39fef28bf5b3d36b8
  1. .github/
  2. ci/
  3. nsis/
  4. pixmaps/
  5. READMEdir/
  6. runtime/
  7. src/
  8. tools/
  9. .appveyor.yml
  10. .cirrus.yml
  11. .codecov.yml
  12. .gitattributes
  13. .gitignore
  14. .hgignore
  15. configure
  16. CONTRIBUTING.md
  17. Filelist
  18. LICENSE
  19. Makefile
  20. README.md
  21. README.txt
  22. README_VIM9.md
  23. SECURITY.md
  24. uninstall.txt
  25. vimtutor.bat
  26. vimtutor.com
README.md

Vim The editor

Github Build status Appveyor Build status Cirrus Build Status Coverage Status Coverity Scan Debian CI Packages Fossies codespell report

If you find a bug or want to discuss the best way to add a new feature, please open an issue. If you have a question or want to discuss the best way to do something with Vim, you can use StackExchange or one of the Maillists.

What is Vim?

Vim is a greatly improved version of the good old UNIX editor Vi. Many new features have been added: multi-level undo, syntax highlighting, command line history, on-line help, spell checking, filename completion, block operations, script language, etc. There is also a Graphical User Interface (GUI) available. Still, Vi compatibility is maintained, those who have Vi "in the fingers" will feel at home. See runtime/doc/vi_diff.txt for differences with Vi.

This editor is very useful for editing programs and other plain text files. All commands are given with normal keyboard characters, so those who can type with ten fingers can work very fast. Additionally, function keys can be mapped to commands by the user, and the mouse can be used.

Vim runs under MS-Windows (7, 8, 10, 11), macOS, Haiku, VMS and almost all flavours of UNIX. Porting to other systems should not be very difficult. Older versions of Vim run on MS-DOS, MS-Windows 95/98/Me/NT/2000/XP/Vista, Amiga DOS, Atari MiNT, BeOS, RISC OS and OS/2. These are no longer maintained.

For Vim9 script see README_VIM9.

Distribution

You can often use your favorite package manager to install Vim. On Mac and Linux a small version of Vim is pre-installed, you still need to install Vim if you want more features.

There are separate distributions for Unix, PC, Amiga and some other systems. This README.md file comes with the runtime archive. It includes the documentation, syntax files and other files that are used at runtime. To run Vim you must get either one of the binary archives or a source archive. Which one you need depends on the system you want to run it on and whether you want or must compile it yourself. Check https://www.vim.org/download.php for an overview of currently available distributions.

Some popular places to get the latest Vim:

Compiling

If you obtained a binary distribution you don't need to compile Vim. If you obtained a source distribution, all the stuff for compiling Vim is in the src directory. See src/INSTALL for instructions.

Installation

See one of these files for system-specific instructions. Either in the READMEdir directory (in the repository) or the top directory (if you unpack an archive):

README_ami.txt		Amiga
README_unix.txt		Unix
README_dos.txt		MS-DOS and MS-Windows
README_mac.txt		Macintosh
README_haiku.txt	Haiku
README_vms.txt		VMS

There are other README_*.txt files, depending on the distribution you used.

Documentation

The Vim tutor is a one hour training course for beginners. Often it can be started as vimtutor. See :help tutor for more information.

The best is to use :help in Vim. If you don't have an executable yet, read runtime/doc/help.txt. It contains pointers to the other documentation files. The User Manual reads like a book and is recommended to learn to use Vim. See :help user-manual.

Copying

Vim is Charityware. You can use and copy it as much as you like, but you are encouraged to make a donation to help orphans in Uganda. Please read the file runtime/doc/uganda.txt for details (do :help uganda inside Vim).

Summary of the license: There are no restrictions on using or distributing an unmodified copy of Vim. Parts of Vim may also be distributed, but the license text must always be included. For modified versions, a few restrictions apply. The license is GPL compatible, you may compile Vim with GPL libraries and distribute it.

Sponsoring

Fixing bugs and adding new features takes a lot of time and effort. To show your appreciation for the work and motivate Bram and others to continue working on Vim please send a donation.

Since Bram is back to a paid job the money will now be used to help children in Uganda. See runtime/doc/uganda.txt. But at the same time donations increase Bram's motivation to keep working on Vim!

For the most recent information about sponsoring look on the Vim web site: https://www.vim.org/sponsor/

Contributing

If you would like to help make Vim better, see the CONTRIBUTING.md file.

Information

If you are on macOS, you can use Macvim.

The latest news about Vim can be found on the Vim home page: https://www.vim.org/

If you have problems, have a look at the Vim documentation or tips: https://www.vim.org/docs.php https://vim.fandom.com/wiki/Vim_Tips_Wiki

If you still have problems or any other questions, use one of the mailing lists to discuss them with Vim users and developers: https://www.vim.org/maillist.php

If nothing else works, report bugs directly to the vim-dev mailing list: <vim-dev@vim.org>

Main author

Most of Vim was created by Bram Moolenaar <Bram@vim.org> Bram-Moolenaar

Send any other comments, patches, flowers and suggestions to the vim-dev mailing list: <vim-dev@vim.org>

This is README.md for version 9.0 of Vim: Vi IMproved.