[vim/vim] fix: prevent infinite loop in barline_parse continuation parsing (PR #20484)

1 view

Skip to first unread message

Devon Kirk

unread,

2:55 PM (5 hours ago) 2:55 PM

to vim/vim, Subscribed

Fixes CWE-835 infinite loop vulnerability in viminfo parsing.

When a viminfo continuation line is exactly '|<\n' with no content, n becomes 0 after stripping. The loop 'for (todo = len; todo > 0; todo -= n)' never decrements todo, causing infinite loop until EOF.

Add guard after newline stripping: if n <= 2 (only prefix, no content), abort parsing by freeing buffer and returning TRUE.

You can view, comment on, or merge this pull request online at:

https://github.com/vim/vim/pull/20484

Commit Summary

898a067 fix: prevent infinite loop in barline_parse continuation parsing

File Changes

(1 file)

M src/viminfo.c (9)

Patch Links:

—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.

Reply all

Reply to author

Forward

0 new messages