Jiqiang Feng | Innora AI SecurityVim's Partial Patch Problem: 14+ Heap Overflows Left Behind After CVE-2026-28421
One (int) cast was fixed. At least 14 identical truncations remain across ex_getln.c, memline.c, terminal.c, session.c and others.
size_t → (int) cast silently truncates values > INT_MAX → undersized alloc → heap buffer overflow (CWE-190 → CWE-122).
Trigger vectors: swap files, undo files, session files, terminal output — all accessible via shared filesystems and repos.
Vim's lead maintainer closed the GitHub Security Advisory and threatened to ban the reporter.
The fix is trivial: remove the redundant (int) casts. alloc() already accepts size_t.
