[vim/vim] Fix integer overflow in popup image size validation (PR #20463)

2 views

Skip to first unread message

mattn

unread,

12:37 AM (9 hours ago) 12:37 AM

to vim/vim, Subscribed

The image size validation computed iw * ih * 4 in a 32-bit long, which overflows on MS-Windows and can wrap to match a short blob, leading to an out-of-bounds read when the pixels are encoded. Compute the size in 64-bit.

You can view, comment on, or merge this pull request online at:

https://github.com/vim/vim/pull/20463

Commit Summary

d1e42ee Fix integer overflow in popup image size validation

File Changes

(1 file)

M src/popupwin.c (6)

Patch Links:

https://github.com/vim/vim/pull/20463.patch
https://github.com/vim/vim/pull/20463.diff

—
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.

Reply all

Reply to author

Forward

0 new messages