Allocation of Resources Without Limits or Throttling in vim/vim


Reported on

Jan 10th 2022


Memory Allocation with Excessive Size Value

Proof of Concept

base64 poc
vim  -u NONE -X -Z -e -s -S ./poc -c :qa!
==1206187==ERROR: AddressSanitizer: requested allocation size 0xfffffffffffffff8 (0x7f8 after adjustments for alignment, red zones etc.) exceeds maximum supported size of 0x10000000000 (thread T0)
    #0 0x49626d in malloc (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x49626d)
    #1 0x4c5d75  (/home/aidai/fuzzing/vim/fuzz/bin/vim+0x4c5d75)
We are processing your report and will contact the vim team within 24 hours. 18 days ago
We have contacted a member of the vim team and are waiting to hear back 17 days ago
Bram Moolenaar validated this vulnerability 17 days ago
aidaip has been awarded the disclosure bounty
The fix bounty is now up for grabs
Bram Moolenaar
17 days ago


I can reproduce the problem. It would cause the allocation to fail, I don't see any other side effect. I can solve it anyway.

Bram Moolenaar
17 days ago


Fixed by patch 8.2.4065, which adds a simple test based on the POC.

Bram Moolenaar confirmed that a fix has been merged on 3cf21b 17 days ago
Bram Moolenaar has been awarded the fix bounty