!266 [sync] PR-256: Fix CVE-2022-2175

### 1. Origin pull request: https://gitee.com/src-openeuler/vim/pulls/256 ### 2. Original pull request related issue(s): https://gitee.com/src-openeuler/vim/issues/I5DV96 ### 3. Original pull request related commit(s): | Sha | Datetime | Message | |---|---|---| |[f2b7e60f](f2b7e60f2f)|2022-06-28 15:12:54 +0800 CST|Fix CVE-2022-2175<br>| From: @openeuler-sync-bot Reviewed-by: @lvying6 Signed-off-by: @lvying6
2022-07-05 02:35:01 +00:00 · 2022-07-05 02:35:01 +00:00 · c7a07b374f
commit c7a07b374f
parent e9c9bbcb46 f897b93c30
3 changed files with 125 additions and 1 deletions
--- a/backport-CVE-2022-2175.patch
+++ b/backport-CVE-2022-2175.patch
@ -0,0 +1,68 @@
+From 6046aded8da002b08d380db29de2ba0268b6616e Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Wed, 22 Jun 2022 13:51:54 +0100
+Subject: [PATCH] patch 8.2.5148: invalid memory access when using expression
+ on command line
+
+Problem:    Invalid memory access when using an expression on the command line.
+Solution:   Make sure the position does not go negative.
+---
+ src/ex_getln.c               | 6 ++++--
+ src/testdir/test_cmdline.vim | 5 +++++
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/ex_getln.c b/src/ex_getln.c
+index aa01f80..887b47d 100644
+--- a/src/ex_getln.c
+++ b/src/ex_getln.c
+@@ -820,6 +820,7 @@ getcmdline_int(
+     cmdline_info_T save_ccline;
+     int		did_save_ccline = FALSE;
+     int		cmdline_type;
+    int		save_new_cmdpos;
+ 
+     // one recursion level deeper
+     ++depth;
+@@ -1757,6 +1758,7 @@ getcmdline_int(
+ 		goto returncmd;		// back to cmd mode
+ 
+ 	case Ctrl_R:			// insert register
+		save_new_cmdpos = new_cmdpos;
+ #ifdef USE_ON_FLY_SCROLL
+ 		dont_scroll = TRUE;	// disallow scrolling here
+ #endif
+@@ -1774,8 +1776,6 @@ getcmdline_int(
+ #ifdef FEAT_EVAL
+ 		/*
+ 		 * Insert the result of an expression.
+-		 * Need to save the current command line, to be able to enter
+-		 * a new one...
+ 		 */
+ 		new_cmdpos = -1;
+ 		if (c == '=')
+@@ -1816,6 +1816,8 @@ getcmdline_int(
+ 		    }
+ #endif
+ 		}
+		new_cmdpos = save_new_cmdpos;
+
+ 		redrawcmd();
+ 		goto cmdline_changed;
+ 
+diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim
+index 4665c75..2588a0d 100644
+--- a/src/testdir/test_cmdline.vim
+++ b/src/testdir/test_cmdline.vim
+@@ -925,4 +925,9 @@ func Test_recursive_register()
+   call assert_equal('yes', caught)
+ endfunc
+ 
+" This was making the insert position negative
+func Test_cmdline_expr_register()
+  exe "sil! norm! ?\<C-\>e0\<C-R>0\<Esc>?\<C-\>e0\<CR>"
+endfunc
+
+ " vim: shiftwidth=2 sts=2 expandtab
+-- 
+1.8.3.1
+
--- a/backport-patch-8.2.5149-cannot-build-without-the-eval-feature.patch
+++ b/backport-patch-8.2.5149-cannot-build-without-the-eval-feature.patch
@ -0,0 +1,48 @@
+From 6689df024bce4309ec5884e445738fe07ee4ffcc Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Wed, 22 Jun 2022 18:14:29 +0100
+Subject: [PATCH] patch 8.2.5149: cannot build without the +eval feature
+
+Problem:    Cannot build without the +eval feature. (Tony Mechelynck)
+Solution:   Add #ifdefs.
+---
+ src/ex_getln.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/ex_getln.c b/src/ex_getln.c
+index 887b47d..8383eee 100644
+--- a/src/ex_getln.c
+++ b/src/ex_getln.c
+@@ -820,7 +820,9 @@ getcmdline_int(
+     cmdline_info_T save_ccline;
+     int		did_save_ccline = FALSE;
+     int		cmdline_type;
+#ifdef FEAT_EVAL
+     int		save_new_cmdpos;
+#endif
+ 
+     // one recursion level deeper
+     ++depth;
+@@ -1758,7 +1760,9 @@ getcmdline_int(
+ 		goto returncmd;		// back to cmd mode
+ 
+ 	case Ctrl_R:			// insert register
+#ifdef FEAT_EVAL
+ 		save_new_cmdpos = new_cmdpos;
+#endif
+ #ifdef USE_ON_FLY_SCROLL
+ 		dont_scroll = TRUE;	// disallow scrolling here
+ #endif
+@@ -1816,7 +1820,9 @@ getcmdline_int(
+ 		    }
+ #endif
+ 		}
+#ifdef FEAT_EVAL
+ 		new_cmdpos = save_new_cmdpos;
+#endif
+ 
+ 		redrawcmd();
+ 		goto cmdline_changed;
+-- 
+1.8.3.1
+
--- a/vim.spec
+++ b/vim.spec
@ -12,7 +12,7 @@
 Name:           vim
 Epoch:          2
 Version:        8.2
-Release:        44
+Release:        45
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@ -123,6 +123,8 @@ Patch6086:      backport-CVE-2022-1897.patch
 Patch6087:      backport-CVE-2022-1968.patch
 Patch6088:      backport-CVE-2022-1771.patch
 Patch6089:      backport-CVE-2022-2124.patch
+Patch6090:      backport-CVE-2022-2175.patch
+Patch6091:      backport-patch-8.2.5149-cannot-build-without-the-eval-feature.patch

 Patch9000:      bugfix-rm-modify-info-version.patch

@ -511,6 +513,12 @@ popd
 %{_mandir}/man1/evim.*

 %changelog
+* Tue Jun 28 2022 renhongxun <renhongxun@h-partners.com> - 2:8.2-45
+- Type:CVE
+- ID:CVE-2022-2175
+- SUG:NA
+- DESC:fix CVE-2022-2175
+
 * Thu Jun 23 2022 liukuo <liukuo@kylinos.cn> - 2:8.2-44
 - Type:CVE
 - ID:CVE-2022-2124