packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-3099

Browse Source
This commit is contained in:
rwx403335 2022-09-08 15:05:03 +08:00
parent cc44a189eb
commit b26efbe50f
2 changed files with 65 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
backport-CVE-2022-3099.patch Normal file
View File

@ -0,0 +1,57 @@
From 35d21c6830fc2d68aca838424a0e786821c5891c Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Fri, 2 Sep 2022 16:47:16 +0100
Subject: [PATCH] patch 9.0.0360: crash when invalid line number on :for is
ignored
Problem: Crash when invalid line number on :for is ignored.
Solution: Do not check breakpoint for non-existing line.
---
src/ex_docmd.c | 2 +-
src/testdir/test_eval_stuff.vim | 13 +++++++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/ex_docmd.c b/src/ex_docmd.c
index ae1f195..0b6b217 100644
--- a/src/ex_docmd.c
+++ b/src/ex_docmd.c
@@ -1068,7 +1068,7 @@ do_cmdline(
// Check for the next breakpoint at or after the ":while"
// or ":for".
- if (breakpoint != NULL)
+ if (breakpoint != NULL && lines_ga.ga_len > current_line)
{
*breakpoint = dbg_find_breakpoint(
getline_equal(fgetline, cookie, getsourceline),
diff --git a/src/testdir/test_eval_stuff.vim b/src/testdir/test_eval_stuff.vim
index 313d791..934286b 100644
--- a/src/testdir/test_eval_stuff.vim
+++ b/src/testdir/test_eval_stuff.vim
@@ -1,5 +1,7 @@
" Tests for various eval things.
+source shared.vim
+
function s:foo() abort
try
return [] == 0
@@ -221,3 +223,15 @@ func Test_deep_recursion()
" this was running out of stack
call assert_fails("exe 'if ' .. repeat('(', 1002)", 'E1169: Expression too recursive: ((')
endfunc
+
+func Test_for_invalid_line_count()
+ let lines =<< trim END
+ 111111111111111111111111 for line in ['one']
+ endfor
+ END
+ call writefile(lines, 'XinvalidFor')
+ " only test that this doesn't crash
+ call RunVim([], [], '-u NONE -e -s -S XinvalidFor -c qa')
+
+ call delete('XinvalidFor')
+endfunc
--
1.8.3.1

9
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim Name: vim
Epoch: 2 Epoch: 2
Version: 8.2 Version: 8.2
Release: 63 Release: 64
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT License: Vim and MIT
URL: http://www.vim.org URL: http://www.vim.org
@ -183,6 +183,7 @@ Patch6141: backport-patch-8.2.0945-cannot-use-z-when-spell-is-off.patch
Patch6142: backport-patch-8.2.3110-a-pattern-that-matches-the-cursor-pos.patch Patch6142: backport-patch-8.2.3110-a-pattern-that-matches-the-cursor-pos.patch
Patch6143: backport-patch-8.2.4152-block-insert-with-double-wide-charact.patch Patch6143: backport-patch-8.2.4152-block-insert-with-double-wide-charact.patch
Patch6144: backport-patch-8.2.0195-some-tests-fail-when-run-in-the-GUI.patch Patch6144: backport-patch-8.2.0195-some-tests-fail-when-run-in-the-GUI.patch
Patch6145: backport-CVE-2022-3099.patch
BuildRequires: autoconf python3-devel ncurses-devel gettext perl-devel perl-generators gcc BuildRequires: autoconf python3-devel ncurses-devel gettext perl-devel perl-generators gcc
BuildRequires: perl(ExtUtils::Embed) perl(ExtUtils::ParseXS) libacl-devel gpm-devel file BuildRequires: perl(ExtUtils::Embed) perl(ExtUtils::ParseXS) libacl-devel gpm-devel file
@ -571,6 +572,12 @@ LC_ALL=en_US.UTF-8 make -j1 test
%{_mandir}/man1/evim.* %{_mandir}/man1/evim.*
%changelog %changelog
* Thu Sep 08 2022 renhongxun <renhongxun@h-partners.com> - 2:8.2-64
- Type:CVE
- ID:CVE-2022-3099
- SUG:NA
- DESC:fix CVE-2022-3099
* Sat Sep 03 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-63 * Sat Sep 03 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-63
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA