!65 [sync] PR-49: fix CVE-2021-3927 CVE-2021-3928

From: @openeuler-sync-bot
Reviewed-by: @xiezhipeng1
Signed-off-by: @xiezhipeng1

backport-CVE-2021-3927.patch

@@ -0,0 +1,44 @@
+From 0b5b06cb4777d1401fdf83e7d48d287662236e7e Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Thu, 4 Nov 2021 15:10:11 +0000
+Subject: [PATCH] patch 8.2.3581: reading character past end of line
+
+Problem:    Reading character past end of line.
+Solution:   Correct the cursor column.
+---
+ src/ex_docmd.c           | 1 +
+ src/testdir/test_put.vim | 9 +++++++++
+ 2 files changed, 10 insertions(+)
+
+diff --git a/src/ex_docmd.c b/src/ex_docmd.c
+index 12554fa..203174a 100644
+--- a/src/ex_docmd.c
++++ b/src/ex_docmd.c
+@@ -6906,6 +6906,7 @@ ex_put(exarg_T *eap)
+ 	eap->forceit = TRUE;
+     }
+     curwin->w_cursor.lnum = eap->line2;
++    check_cursor_col();
+     do_put(eap->regname, eap->forceit ? BACKWARD : FORWARD, 1L,
+ 						       PUT_LINE|PUT_CURSLINE);
+ }
+diff --git a/src/testdir/test_put.vim b/src/testdir/test_put.vim
+index 225ebd1..f5037dc 100644
+--- a/src/testdir/test_put.vim
++++ b/src/testdir/test_put.vim
+@@ -113,3 +113,12 @@ func Test_put_p_indent_visual()
+   call assert_equal('select that text', getline(2))
+   bwipe!
+ endfunc
++
++func Test_put_above_first_line()
++  new
++  let @" = 'text'
++  silent! normal 0o00
++  0put
++  call assert_equal('text', getline(1))
++  bwipe!
++endfunc
+-- 
+1.8.3.1
+

backport-CVE-2021-3928.patch

@@ -0,0 +1,48 @@
+From 15d9890eee53afc61eb0a03b878a19cb5672f732 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Thu, 4 Nov 2021 15:46:05 +0000
+Subject: [PATCH] patch 8.2.3582: reading uninitialized memory when giving
+ spell suggestions
+
+Problem:    Reading uninitialized memory when giving spell suggestions.
+Solution:   Check that preword is not empty.
+---
+ src/spellsuggest.c         | 2 +-
+ src/testdir/test_spell.vim | 8 ++++++++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/spellsuggest.c b/src/spellsuggest.c
+index 9d6df79..8615d52 100644
+--- a/src/spellsuggest.c
++++ b/src/spellsuggest.c
+@@ -1600,7 +1600,7 @@ suggest_trie_walk(
+ 		    // char, e.g., "thes," -> "these".
+ 		    p = fword + sp->ts_fidx;
+ 		    MB_PTR_BACK(fword, p);
+-		    if (!spell_iswordp(p, curwin))
++		    if (!spell_iswordp(p, curwin) && *preword != NUL)
+ 		    {
+ 			p = preword + STRLEN(preword);
+ 			MB_PTR_BACK(preword, p);
+diff --git a/src/testdir/test_spell.vim b/src/testdir/test_spell.vim
+index 79fb892..e435e91 100644
+--- a/src/testdir/test_spell.vim
++++ b/src/testdir/test_spell.vim
+@@ -498,6 +498,14 @@ func Test_spell_screendump()
+   call delete('XtestSpell')
+ endfunc
+ 
++func Test_spell_single_word()
++  new
++  silent! norm 0R00
++  spell! ßÂ
++  silent 0norm 0r$ Dvz=
++  bwipe!
++endfunc
++
+ let g:test_data_aff1 = [
+       \"SET ISO8859-1",
+       \"TRY esianrtolcdugmphbyfvkwjkqxz-\xEB\xE9\xE8\xEA\xEF\xEE\xE4\xE0\xE2\xF6\xFC\xFB'ESIANRTOLCDUGMPHBYFVKWJKQXZ",
+-- 
+1.8.3.1
+

vim.spec

@@ -12,7 +12,7 @@
 Name:           vim
 Epoch:          2
 Version:        8.2
-Release:        13
+Release:        14
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@@ -43,6 +43,8 @@ Patch6005:      backport-CVE-2021-3796.patch
 Patch6006:      backport-CVE-2021-3872.patch
 Patch6007:      backport-CVE-2021-3875.patch
 Patch6008:      backport-CVE-2021-3903.patch
+Patch6009:      backport-CVE-2021-3927.patch
+Patch6010:      backport-CVE-2021-3928.patch
 
 Patch9000:      bugfix-rm-modify-info-version.patch
 
@@ -431,6 +433,12 @@ popd
 %{_mandir}/man1/evim.*
 
 %changelog
+* Sat Nov 13 2021 shixuantong<shixuantong@huawei> - 2:8.2-14
+- Type:CVE
+- ID:CVE-2021-3927 CVE-2021-3927
+- SUG:NA
+- DESC:fix CVE-2021-3927 CVE-2021-3928
+
 * Sat Oct 30 2021 shixuantong<shixuantong@huawei> - 2:8.2-13
 - Type:CVE
 - ID:CVE-2021-3903