packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!225 [sync] PR-224: fix CVE-2022-1796

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @lvying6 
Signed-off-by: @lvying6
This commit is contained in:
openeuler-ci-bot 2022-06-16 03:34:49 +00:00 committed by Gitee
commit 264ff3d4a5
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
backport-CVE-2022-1796.patch Normal file
View File

@ -0,0 +1,54 @@
From 28d032cc688ccfda18c5bbcab8b50aba6e18cde5 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 18 May 2022 16:29:08 +0100
Subject: [PATCH] patch 8.2.4979: accessing freed memory when line is flushed
Problem: Accessing freed memory when line is flushed.
Solution: Make a copy of the pattern to search for.
---
src/testdir/test_tagjump.vim | 9 +++++++++
src/window.c | 7 +++++++
2 files changed, 16 insertions(+)
diff --git a/src/testdir/test_tagjump.vim b/src/testdir/test_tagjump.vim
index 14ba1f7..24df68f 100644
--- a/src/testdir/test_tagjump.vim
+++ b/src/testdir/test_tagjump.vim
@@ -556,4 +556,13 @@ func Test_tagline()
set tags&
endfunc
+func Test_define_search()
+ " this was accessing freed memory
+ new
+ call setline(1, ['first line', '', '#define something 0'])
+ sil norm o0
+ sil! norm 
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/window.c b/src/window.c
index bb17167..ee2a374 100644
--- a/src/window.c
+++ b/src/window.c
@@ -554,9 +554,16 @@ wingotofile:
CHECK_CMDWIN;
if ((len = find_ident_under_cursor(&ptr, FIND_IDENT)) == 0)
break;
+
+ // Make a copy, if the line was changed it will be freed.
+ ptr = vim_strnsave(ptr, len);
+ if (ptr == NULL)
+ break;
+
find_pattern_in_path(ptr, 0, len, TRUE,
Prenum == 0 ? TRUE : FALSE, type,
Prenum1, ACTION_SPLIT, (linenr_T)1, (linenr_T)MAXLNUM);
+ vim_free(ptr);
curwin->w_set_curswant = TRUE;
break;
#endif
--
1.8.3.1

9
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim Name: vim
Epoch: 2 Epoch: 2
Version: 8.2 Version: 8.2
Release: 35 Release: 36
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT License: Vim and MIT
URL: http://www.vim.org URL: http://www.vim.org
@ -106,6 +106,7 @@ Patch6069: backport-command-line-editing-not-sufficiently-tested.patch
Patch6070: backport-CVE-2022-1619.patch Patch6070: backport-CVE-2022-1619.patch
Patch6071: backport-CVE-2022-1733.patch Patch6071: backport-CVE-2022-1733.patch
Patch6072: backport-CVE-2022-1735.patch Patch6072: backport-CVE-2022-1735.patch
Patch6073: backport-CVE-2022-1796.patch
Patch9000: bugfix-rm-modify-info-version.patch Patch9000: bugfix-rm-modify-info-version.patch
@ -494,6 +495,12 @@ popd
%{_mandir}/man1/evim.* %{_mandir}/man1/evim.*
%changelog %changelog
* Thu Jun 09 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-36
- Type:CVE
- ID:CVE-2022-1796
- SUG:NA
- DESC:fix CVE-2022-1796
* Tue May 31 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-35 * Tue May 31 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-35
- Type:CVE - Type:CVE
- ID:CVE-2022-1733 CVE-2022-1735 - ID:CVE-2022-1733 CVE-2022-1735