blob: e7eaae6a80a025ddce8ef9ec9f70250e7257ba0a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
From: Markus Koschany <apo@debian.org>
Date: Mon, 7 Nov 2022 00:33:16 +0100
Subject: CVE-2022-3134
Origin: https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e
---
src/tag.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/src/tag.c
+++ b/src/tag.c
@@ -539,6 +539,15 @@ do_tag(
max_num_matches = MAXCOL; /* If less than max_num_matches
found: all matches found. */
+ // A tag function may do anything, which may cause various
+ // information to become invalid. At least check for the tagstack
+ // to still be the same.
+ if (tagstack != curwin->w_tagstack)
+ {
+ FreeWild(new_num_matches, new_matches);
+ break;
+ }
+
/* If there already were some matches for the same name, move them
* to the start. Avoids that the order changes when using
* ":tnext" and jumping to another file. */
|
