CVE-2022-1154 Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

CVE-2022-1154 Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

You get “segfault when reading from invalid utf_ptr” error.

When you upgrade to latest v8.2.4646 version, you might face the issue: Cannot access memory at address X. When you check the code, you will see that v8.2.4646 changed the behavior of utf_ptr: - Before v8.2.4646, v8 called is_valid() on utf_ptr. - Now v8 does not call is_valid() on utf_ptr. - This change breaks the code that uses utf_ptr. The code that uses utf_ptr expects it to be valid.

Solution: v8.2.4650

To solve the issue, we use v8.2.4650 version.
- Before v8.2.4650, v8 called is_valid() on utf_ptr. - Now v8 does not call is_valid() on utf_ptr. - This change breaks the code that uses utf_ptr. The code that uses utf_ptr expects it to be valid again and works with it as before v8.2.4646 update.

Fix: Upgrade to v8.3.5195

The fix for this issue is to upgrade to v8.3.5195.

How to fix “segfault when reading from invalid utf_ptr” error

If you try to upgrade to latest v8.2.4646 version, you might face the issue: Cannot access memory at address X. If you have this issue, you could fix it by following these steps:
1. Reduce the size of utf_ptr.
2. Replace "utf_ptr" with "utf32_ptr".
3. Replace utf_string with utf32_string and use it in your code.

Fix for Segfault when Reading from Invalid utf_ptr

To fix this issue, you need to change the v8 code. In order not to break any optimization, you can use compiler option to disable this change and compile with -march=x86-64.

Solution: update v8.3.0-rc.1 or higher

If you have the latest version of v8.3.0-rc.1 or higher, the problem will be fixed. You can update to the latest version with the following command:

curl -O https://dl.google.com/go/v8.3.0-rc1 > gv8 && chmod +x gv8 && ./gv8 && rm -rf $HOME/.cache/* 2> /dev/null

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe