Commit: patch 9.2.0603: possible heap-buffer-overflow when resizing the GUI
1 view
Skip to first unread message
Christian Brabandt
Jun 8, 2026, 3:30:12 PM (9 hours ago) Jun 8
to vim...@googlegroups.com
patch 9.2.0603: possible heap-buffer-overflow when resizing the GUI
Commit: https://github.com/vim/vim/commit/bca154920757b23972bf9024c54c5fd0a8870bcd
Author: Foxe Chen <chen...@gmail.com>
Date: Mon Jun 8 19:04:11 2026 +0000
patch 9.2.0603: possible heap-buffer-overflow when resizing the GUI
Problem: possible heap-buffer-overflow when resizing the GUI
Solution: Check that the cursor position falls inside the GUI display
area (Foxe Chen).
closes: #20449
Supported by AI
Signed-off-by: Foxe Chen <chen...@gmail.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/screen.c b/src/screen.c
index 9042d90de..97d2f189c 100644
--- a/src/screen.c
+++ b/src/screen.c
@@ -3378,6 +3378,13 @@ give_up:
screen_Rows = Rows;
screen_Columns = Columns;
+#ifdef FEAT_GUI
+ // Cursor position may now be out of bounds after resize
+ if (gui.in_use && (gui.cursor_row >= screen_Rows
+ || gui.cursor_col >= screen_Columns))
+ gui.cursor_is_valid = false;
+#endif
+
set_must_redraw(UPD_CLEAR); // need to clear the screen later
if (doclear)
screenclear2(TRUE);
diff --git a/src/version.c b/src/version.c
index c9032621c..aae300c55 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 603,
/**/
602,
/**/
Commit: https://github.com/vim/vim/commit/bca154920757b23972bf9024c54c5fd0a8870bcd
Author: Foxe Chen <chen...@gmail.com>
Date: Mon Jun 8 19:04:11 2026 +0000
patch 9.2.0603: possible heap-buffer-overflow when resizing the GUI
Problem: possible heap-buffer-overflow when resizing the GUI
Solution: Check that the cursor position falls inside the GUI display
area (Foxe Chen).
closes: #20449
Supported by AI
Signed-off-by: Foxe Chen <chen...@gmail.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/screen.c b/src/screen.c
index 9042d90de..97d2f189c 100644
--- a/src/screen.c
+++ b/src/screen.c
@@ -3378,6 +3378,13 @@ give_up:
screen_Rows = Rows;
screen_Columns = Columns;
+#ifdef FEAT_GUI
+ // Cursor position may now be out of bounds after resize
+ if (gui.in_use && (gui.cursor_row >= screen_Rows
+ || gui.cursor_col >= screen_Columns))
+ gui.cursor_is_valid = false;
+#endif
+
set_must_redraw(UPD_CLEAR); // need to clear the screen later
if (doclear)
screenclear2(TRUE);
diff --git a/src/version.c b/src/version.c
index c9032621c..aae300c55 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 603,
/**/
602,
/**/
Reply all
Reply to author
Forward
0 new messages