!277 [sync] PR-273: Fix CVE-2022-1720 CVE-2022-2183
From: @openeuler-sync-bot Reviewed-by: @lvying6 Signed-off-by: @lvying6
This commit is contained in:
openeuler-ci-bot
Gitee
commit
99ec4c8db4
66
backport-CVE-2022-1720.patch
Normal file
66
backport-CVE-2022-1720.patch
Normal file
@ -0,0 +1,66 @@
|
||||
From 395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c Mon Sep 17 00:00:00 2001
|
||||
From: Bram Moolenaar <Bram@vim.org>
|
||||
Date: Sat, 14 May 2022 21:29:44 +0100
|
||||
Subject: [PATCH] patch 8.2.4956: reading past end of line with "gf" in Visual
|
||||
block mode
|
||||
|
||||
Problem: Reading past end of line with "gf" in Visual block mode.
|
||||
Solution: Do not include the NUL in the length.
|
||||
---
|
||||
src/normal.c | 13 ++++++++++---
|
||||
src/testdir/test_gf.vim | 15 +++++++++++++++
|
||||
2 files changed, 25 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/normal.c b/src/normal.c
|
||||
index d33a56a..898c836 100644
|
||||
--- a/src/normal.c
|
||||
+++ b/src/normal.c
|
||||
@@ -3791,9 +3791,16 @@ get_visual_text(
|
||||
}
|
||||
if (**pp == NUL)
|
||||
*lenp = 0;
|
||||
- if (has_mbyte && *lenp > 0)
|
||||
- // Correct the length to include all bytes of the last character.
|
||||
- *lenp += (*mb_ptr2len)(*pp + (*lenp - 1)) - 1;
|
||||
+ if (*lenp > 0)
|
||||
+ {
|
||||
+ if (has_mbyte)
|
||||
+ // Correct the length to include all bytes of the last
|
||||
+ // character.
|
||||
+ *lenp += (*mb_ptr2len)(*pp + (*lenp - 1)) - 1;
|
||||
+ else if ((*pp)[*lenp - 1] == NUL)
|
||||
+ // Do not include a trailing NUL.
|
||||
+ *lenp -= 1;
|
||||
+ }
|
||||
}
|
||||
reset_VIsual_and_resel();
|
||||
return OK;
|
||||
diff --git a/src/testdir/test_gf.vim b/src/testdir/test_gf.vim
|
||||
index d301874..596f3e8 100644
|
||||
--- a/src/testdir/test_gf.vim
|
||||
+++ b/src/testdir/test_gf.vim
|
||||
@@ -106,6 +106,21 @@ func Test_gf_visual()
|
||||
call setline(1, 'XXXtest_gf_visualXXX')
|
||||
set hidden
|
||||
|
||||
+ " do not include the NUL at the end
|
||||
+ call writefile(['x'], 'X')
|
||||
+ let save_enc = &enc
|
||||
+ for enc in ['latin1', 'utf-8']
|
||||
+ exe "set enc=" .. enc
|
||||
+ new
|
||||
+ call setline(1, 'X')
|
||||
+ set nomodified
|
||||
+ exe "normal \<C-V>$gf"
|
||||
+ call assert_equal('X', bufname())
|
||||
+ bwipe!
|
||||
+ endfor
|
||||
+ let &enc = save_enc
|
||||
+ call delete('X')
|
||||
+
|
||||
" Visually select Xtest_gf_visual and use gf to go to that file
|
||||
norm! ttvtXgf
|
||||
call assert_equal('Xtest_gf_visual', bufname('%'))
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
59
backport-CVE-2022-2183.patch
Normal file
59
backport-CVE-2022-2183.patch
Normal file
@ -0,0 +1,59 @@
|
||||
From 8eba2bd291b347e3008aa9e565652d51ad638cfa Mon Sep 17 00:00:00 2001
|
||||
From: Bram Moolenaar <Bram@vim.org>
|
||||
Date: Wed, 22 Jun 2022 19:59:28 +0100
|
||||
Subject: [PATCH] patch 8.2.5151: reading beyond the end of the line with lisp
|
||||
indenting
|
||||
|
||||
Problem: Reading beyond the end of the line with lisp indenting.
|
||||
Solution: Avoid going over the NUL at the end of the line.
|
||||
---
|
||||
src/indent.c | 7 +++++--
|
||||
src/testdir/test_lispwords.vim | 12 +++++++++++-
|
||||
2 files changed, 16 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/indent.c b/src/indent.c
|
||||
index 2d07e2e..a58d6ea 100644
|
||||
--- a/src/indent.c
|
||||
+++ b/src/indent.c
|
||||
@@ -1967,8 +1967,11 @@ get_lisp_indent(void)
|
||||
amount += 2;
|
||||
else
|
||||
{
|
||||
- that++;
|
||||
- amount++;
|
||||
+ if (*that != NUL)
|
||||
+ {
|
||||
+ that++;
|
||||
+ amount++;
|
||||
+ }
|
||||
firsttry = amount;
|
||||
|
||||
while (VIM_ISWHITE(*that))
|
||||
diff --git a/src/testdir/test_lispwords.vim b/src/testdir/test_lispwords.vim
|
||||
index ff710b2..4144fb0 100644
|
||||
--- a/src/testdir/test_lispwords.vim
|
||||
+++ b/src/testdir/test_lispwords.vim
|
||||
@@ -1,4 +1,5 @@
|
||||
-" Tests for 'lispwords' settings being global-local
|
||||
+" Tests for 'lispwords' settings being global-local.
|
||||
+" And other lisp indent stuff.
|
||||
|
||||
set nocompatible viminfo+=nviminfo
|
||||
|
||||
@@ -85,4 +86,13 @@ func Test_lisp_indent()
|
||||
set nolisp
|
||||
endfunc
|
||||
|
||||
+func Test_lisp_indent_works()
|
||||
+ " This was reading beyond the end of the line
|
||||
+ new
|
||||
+ exe "norm a\tü(\<CR>="
|
||||
+ set lisp
|
||||
+ norm ==
|
||||
+ bwipe!
|
||||
+endfunc
|
||||
+
|
||||
" vim: shiftwidth=2 sts=2 expandtab
|
||||
--
|
||||
2.27.0
|
||||
|
||||
10
vim.spec
10
vim.spec
@ -12,7 +12,7 @@
|
||||
Name: vim
|
||||
Epoch: 2
|
||||
Version: 8.2
|
||||
Release: 47
|
||||
Release: 48
|
||||
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
|
||||
License: Vim and MIT
|
||||
URL: http://www.vim.org
|
||||
@ -133,6 +133,8 @@ Patch6096: backport-patch-8.2.0358-insufficient-testing-for-indent.c.patch
|
||||
Patch6097: backport-CVE-2022-2125.patch
|
||||
Patch6098: backport-CVE-2022-2206.patch
|
||||
Patch6099: backport-patch-8.2.5161-might-still-access-invalid-memory.patch
|
||||
Patch6100: backport-CVE-2022-1720.patch
|
||||
Patch6101: backport-CVE-2022-2183.patch
|
||||
|
||||
Patch9000: bugfix-rm-modify-info-version.patch
|
||||
|
||||
@ -521,6 +523,12 @@ popd
|
||||
%{_mandir}/man1/evim.*
|
||||
|
||||
%changelog
|
||||
* Tue Jul 05 2022 renhongxun <renhongxun@h-partners.com> - 2:8.2-48
|
||||
- Type:CVE
|
||||
- ID:CVE-2022-1720,CVE-2022-2183
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2022-1720,CVE-2022-2183
|
||||
|
||||
* Tue Jul 05 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-47
|
||||
- Type:CVE
|
||||
- ID:CVE-2022-2125,CVE-2022-2206
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user