patch 9.0.1873: [security] heap-buffer-overflow in vim_regsub_both
Problem: heap-buffer-overflow in vim_regsub_both
Solution: Disallow exchanging windows when textlock is active
Signed-off-by: Christian Brabandt <cb@256bit.org>
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
index 4f1d932..566ed7d 100644
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -4519,6 +4519,9 @@
{
nmatch = curbuf->b_ml.ml_line_count - sub_firstlnum + 1;
skip_match = TRUE;
+ // safety check
+ if (nmatch < 0)
+ goto skip;
}
// Need room for: