packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-0629

Browse Source
This commit is contained in:
wangjiang 2022-04-01 16:20:58 +08:00
parent 0956f57e7b
commit 10a398edda
2 changed files with 56 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
backport-CVE-2022-0629.patch Normal file
View File

@ -0,0 +1,48 @@
From 34f8117dec685ace52cd9e578e2729db278163fc Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 16 Feb 2022 12:16:19 +0000
Subject: [PATCH] patch 8.2.4397: crash when using many composing characters in
error message
Problem: Crash when using many composing characters in error message.
Solution: Use mb_cptr2char_adv() instead of mb_ptr2char_adv().
---
src/testdir/test_assert.vim | 8 ++++++++
src/testing.c | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/testdir/test_assert.vim b/src/testdir/test_assert.vim
index 1b1f9e5..1e7d66f 100644
--- a/src/testdir/test_assert.vim
+++ b/src/testdir/test_assert.vim
@@ -45,6 +45,14 @@ func Test_assert_equal()
call assert_equal('XxxxxxxxxxxxxxxxxxxxxxX', 'XyyyyyyyyyyyyyyyyyyyyyyyyyX')
call assert_match("Expected 'X\\\\\\[x occurs 21 times]X' but got 'X\\\\\\[y occurs 25 times]X'", v:errors[0])
call remove(v:errors, 0)
+
+ " many composing characters are handled properly
+ call setline(1, ' ')
+ norm 100gr݀
+ call assert_equal(1, getline(1))
+ call assert_match("Expected 1 but got '.* occurs 100 times]'", v:errors[0])
+ call remove(v:errors, 0)
+ bwipe!
endfunc
func Test_assert_equalfile()
diff --git a/src/testing.c b/src/testing.c
index f879f1e..f19481f 100644
--- a/src/testing.c
+++ b/src/testing.c
@@ -99,7 +99,7 @@ ga_concat_shorten_esc(garray_T *gap, char_u *str)
{
same_len = 1;
s = p;
- c = mb_ptr2char_adv(&s);
+ c = mb_cptr2char_adv(&s);
clen = s - p;
while (*s != NUL && c == mb_ptr2char(s))
{
--
2.27.0

9
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim
Epoch: 2
Version: 8.2
Release: 30
Release: 31
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT
URL: http://www.vim.org
@ -92,6 +92,7 @@ Patch6055: backport-CVE-2022-0319.patch
Patch6056: backport-CVE-2022-0554.patch
Patch6057: backport-CVE-2022-0943.patch
Patch6058: backport-CVE-2021-4069.patch
Patch6059: backport-CVE-2022-0629.patch
Patch9000: bugfix-rm-modify-info-version.patch
@ -480,6 +481,12 @@ popd
%{_mandir}/man1/evim.*
%changelog
* Fri Apr 1 2022 wangjiang <wangjiang37@h-partners.com> - 2:8.2-31
- Type:CVE
- ID:CVE-2022-0629
- SUG:NA
- DESC:fix CVE-2022-0629
* Wed Mar 30 2022 wangjiang <wangjiang37#h-partners.com> - 2:8.2-30
- Type:CVE
- ID:CVE-2021-4069