patch 9.0.2010: [security] use-after-free from buf_contents_changed()
Problem: [security] use-after-free from buf_contents_changed()
Solution: block autocommands
Signed-off-by: Christian Brabandt <cb@256bit.org>
diff --git a/src/buffer.c b/src/buffer.c
index 93f9245..9ee74f5 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -6013,6 +6013,9 @@
return TRUE;
}
+ // We don't want to trigger autocommands now, they may have nasty
+ // side-effects like wiping buffers
+ block_autocmds();
if (ml_open(curbuf) == OK
&& readfile(buf->b_ffname, buf->b_fname,
(linenr_T)0, (linenr_T)0, (linenr_T)MAXLNUM,
@@ -6038,6 +6041,8 @@
if (curbuf != newbuf) // safety check
wipe_buffer(newbuf, FALSE);
+ unblock_autocmds();
+
return differ;
}