From a9b5235402af6dc8e1290a29089456a3ced415bd Mon Sep 17 00:00:00 2001 From: Don Ho Date: Tue, 3 Sep 2024 00:24:48 +0200 Subject: [PATCH] Fix CVE-2014-9456 (but it's not a "Security Vulnerability") Fix Notepad++ Debug binary crash issue while opening some special files (crash after some "Assertion fail" message boxes). Only the Debug binary is impacted. There's no issue for the release binary, so it's not a "security vulnerability". Also there's no buffer overflow as the description in CVE-2014-9456. Fix #12669 --- PowerEditor/src/Notepad_plus.cpp | 4 ++-- PowerEditor/src/ScintillaComponent/FunctionCallTip.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/PowerEditor/src/Notepad_plus.cpp b/PowerEditor/src/Notepad_plus.cpp index 4ef057bb7526..77a8ee21a3cb 100644 --- a/PowerEditor/src/Notepad_plus.cpp +++ b/PowerEditor/src/Notepad_plus.cpp @@ -3497,12 +3497,12 @@ void Notepad_plus::addHotSpot(ScintillaEditView* view) pView->execute(SCI_INDICATORCLEARRANGE, startEncoded + startPos, lenEncoded); startWide += lenWide; startEncoded += lenEncoded; + if ((startWide >= wideTextLen) || ((startEncoded + startPos) >= endPos)) break; } - assert ((startEncoded + startPos) == endPos); - assert (startWide == wideTextLen); } + delete[] wideText; } diff --git a/PowerEditor/src/ScintillaComponent/FunctionCallTip.h b/PowerEditor/src/ScintillaComponent/FunctionCallTip.h index 98b7d56842dd..8cdb1c0011e7 100644 --- a/PowerEditor/src/ScintillaComponent/FunctionCallTip.h +++ b/PowerEditor/src/ScintillaComponent/FunctionCallTip.h @@ -27,8 +27,8 @@ class FunctionCallTip { ~FunctionCallTip() {/* cleanup(); */}; void setLanguageXML(TiXmlElement * pXmlKeyword); //set calltip keyword node bool updateCalltip(int ch, bool needShown = false); //Ch is character typed, or 0 if another event occured. NeedShown is true if calltip should be attempted to displayed. Return true if calltip was made visible - void showNextOverload(); //show next overlaoded parameters - void showPrevOverload(); //show prev overlaoded parameters + void showNextOverload(); //show next overloaded parameters + void showPrevOverload(); //show prev overloaded parameters bool isVisible() { return _pEditView?_pEditView->execute(SCI_CALLTIPACTIVE) == TRUE:false; }; //true if calltip visible void close(); //Close calltip if visible