[vim/vim] Fix memory safety issues in popup image handling (PR #20462)

2 views
Skip to first unread message

mattn

unread,
12:23 AM (9 hours ago) 12:23 AM
to vim/vim, Subscribed

Two issues in the FEAT_IMAGE popup code from 9.2.0612: a use-after-free/double-free in popup_getoptions() when dict_add() fails, and a 32-bit overflow in the image size validation (iw * ih * 4) that wraps on MS-Windows and can cause an out-of-bounds read. Clear the freed blob pointer, and compute the size in 64-bit.

You can view, comment on, or merge this pull request online at:

  https://github.com/vim/vim/pull/20462

Commit Summary

  • 0d7ab46 Fix memory safety issues in popup image handling

File Changes

(1 file)

Patch Links:


Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS and Android. Download it today!
You are receiving this because you are subscribed to this thread.Message ID: <vim/vim/pull/20462@github.com>

Reply all
Reply to author
Forward
0 new messages