patch 9.1.1043: [security]: segfault in win_line()
Problem: [security]: segfault in win_line()
(fizz-is-on-the-way)
Solution: Check that ScreenLines is not NULL
Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955
Signed-off-by: Christian Brabandt <cb@256bit.org>
diff --git a/src/gui.c b/src/gui.c
index 8e7b079..86c40de 100644
--- a/src/gui.c
+++ b/src/gui.c
@@ -4478,13 +4478,15 @@
/*
* Don't call updateWindow() when nothing has changed (it will overwrite
* the status line!).
+ *
+ * Check for ScreenLines, because in ex-mode, we don't have a valid display.
*/
- if (old_topline != wp->w_topline
+ if (ScreenLines != NULL && (old_topline != wp->w_topline
|| wp->w_redr_type != 0
#ifdef FEAT_DIFF
|| old_topfill != wp->w_topfill
#endif
- )
+ ))
{
int type = UPD_VALID;
diff --git a/src/testdir/crash/ex_redraw_crash b/src/testdir/crash/ex_redraw_crash
new file mode 100644
index 0000000..eda294c
--- /dev/null
+++ b/src/testdir/crash/ex_redraw_crash
Binary files differ
diff --git a/src/testdir/test_crash.vim b/src/testdir/test_crash.vim
index bfd04ff..c83ddf2 100644
--- a/src/testdir/test_crash.vim
+++ b/src/testdir/test_crash.vim
@@ -234,6 +234,12 @@
call term_sendkeys(buf, args)
call TermWait(buf, 50)
+ let file = 'crash/ex_redraw_crash'
+ let cmn_args = "%s -u NONE -i NONE -n -m -X -Z -e -s -S %s -c ':qa!'"
+ let args = printf(cmn_args, vim, file)
+ call term_sendkeys(buf, args)
+ call TermWait(buf, 150)
+
" clean up
exe buf .. "bw!"
bw!
diff --git a/src/version.c b/src/version.c
index 286cbec..7a2e5a8 100644
--- a/src/version.c
+++ b/src/version.c
@@ -705,6 +705,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1043,
+/**/
1042,
/**/
1041,