packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!490 backport upstream patch to fix memory leak

Browse Source 
From: @wangjiang37 
Reviewed-by: @znzjugod, @lvying6, @zhoupengcheng11 
Signed-off-by: @lvying6
This commit is contained in:
openeuler-ci-bot 2023-03-06 08:00:48 +00:00 committed by Gitee
commit 0d113eb41c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 92 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
backport-patch-9.0.0024-may-access-part-of-typeahead-buf-that-is-not-filled.patch Normal file
View File

@ -0,0 +1,26 @@
From af043e12d9e5869c597de40b9a2517ae97ac72e7 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sat, 2 Jul 2022 12:08:16 +0100
Subject: [PATCH] patch 9.0.0024: may access part of typeahead buf that isn't
filled
Problem: May access part of typeahead buf that isn't filled.
Solution: Check length of typeahead.
---
src/getchar.c | 3 ++-
files changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/getchar.c b/src/getchar.c
index 210a67acad59..12fd1c9146b3 100644
--- a/src/getchar.c
+++ b/src/getchar.c
@@ -2437,7 +2437,8 @@ handle_mapping(
int is_plug_map = FALSE;
// If typehead starts with <Plug> then remap, even for a "noremap" mapping.
- if (typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL
+ if (typebuf.tb_len >= 3
+ && typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL
&& typebuf.tb_buf[typebuf.tb_off + 1] == KS_EXTRA
&& typebuf.tb_buf[typebuf.tb_off + 2] == KE_PLUG)
is_plug_map = TRUE;

57
backport-patch-9.0.1331-illegal-memory-access-when-using-ball-in-Visual-mode.patch Normal file
View File

@ -0,0 +1,57 @@
From e1121b139480f53d1b06f84f3e4574048108fa0b Mon Sep 17 00:00:00 2001
From: Pavel Mayorov <pmayorov@cloudlinux.com>
Date: Mon, 20 Feb 2023 14:35:20 +0000
Subject: [PATCH] patch 9.0.1331: illegal memory access when using :ball in
Visual mode
Problem: Illegal memory access when using :ball in Visual mode.
Solution: Stop Visual mode when using :ball. (Pavel Mayorov, closes #11923)
---
src/buffer.c | 4 ++++
src/testdir/test_visual.vim | 19 +++++++++++++++++++++
2 files changed, 23 insertions(+)
diff --git a/src/buffer.c b/src/buffer.c
index cb7bdf445dee..ff35729fb929 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -5319,6 +5319,10 @@ ex_buffer_all(exarg_T *eap)
else
all = TRUE;
+ // Stop Visual mode, the cursor and "VIsual" may very well be invalid after
+ // switching to another buffer.
+ reset_VIsual_and_resel();
+
setpcmark();
#ifdef FEAT_GUI
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
index 295e16f93d9d..f152e7b79ba8 100644
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -1493,5 +1493,24 @@ func Test_visual_area_adjusted_when_hiding()
bwipe!
endfunc
+" Check fix for the heap-based buffer overflow bug found in the function
+" utfc_ptr2len and reported at
+" https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e
+func Test_heap_buffer_overflow()
+ enew
+ set updatecount=0
+
+ norm R0
+ split other
+ norm R000
+ exe "norm \<C-V>l"
+ ball
+ call assert_equal(getpos("."), getpos("v"))
+ call assert_equal('n', mode())
+ norm zW
+
+ %bwipe!
+ set updatecount&
+endfunc
" vim: shiftwidth=2 sts=2 expandtab

10
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim Name: vim
Epoch: 2 Epoch: 2
Version: 9.0 Version: 9.0
Release: 9 Release: 10
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT License: Vim and MIT
URL: http://www.vim.org URL: http://www.vim.org
@ -87,6 +87,8 @@ Patch6057: backport-CVE-2023-0054.patch
Patch6058: backport-CVE-2022-47024.patch Patch6058: backport-CVE-2022-47024.patch
Patch6059: backport-CVE-2023-0288.patch Patch6059: backport-CVE-2023-0288.patch
Patch6060: backport-CVE-2023-0433.patch Patch6060: backport-CVE-2023-0433.patch
Patch6061: backport-patch-9.0.0024-may-access-part-of-typeahead-buf-that-is-not-filled.patch
Patch6062: backport-patch-9.0.1331-illegal-memory-access-when-using-ball-in-Visual-mode.patch
Patch9000: bugfix-rm-modify-info-version.patch Patch9000: bugfix-rm-modify-info-version.patch
Patch9001: vim-Add-sw64-architecture.patch Patch9001: vim-Add-sw64-architecture.patch
@ -495,6 +497,12 @@ LC_ALL=en_US.UTF-8 make -j1 test
%{_mandir}/man1/evim.* %{_mandir}/man1/evim.*
%changelog %changelog
* Wed Feb 22 2023 wangjiang <wangjiang37@h-partners.com> - 2:9.0-10
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:backport upstream patch to fix memory leak
* Mon Feb 06 2023 wangjiang <wangjiang37@h-partners.com> - 2:9.0-9 * Mon Feb 06 2023 wangjiang <wangjiang37@h-partners.com> - 2:9.0-9
- Type:CVE - Type:CVE
- ID:CVE-2023-0433 - ID:CVE-2023-0433