packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!303 [sync] PR-302: fix CVE-2022-2210

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @xiezhipeng1 
Signed-off-by: @xiezhipeng1
This commit is contained in:
openeuler-ci-bot 2022-07-15 01:09:56 +00:00 committed by Gitee
commit cc2418b22a
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 75 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
backport-CVE-2022-2210.patch Normal file
View File

@ -0,0 +1,67 @@
From c101abff4c6756db4f5e740fde289decb9452efa Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sun, 26 Jun 2022 16:53:34 +0100
Subject: [PATCH] patch 8.2.5164: invalid memory access after diff buffer
manipulations
Problem: Invalid memory access after diff buffer manipulations.
Solution: Use zero offset when change removes all lines in a diff block.
---
src/diff.c | 4 ++--
src/testdir/test_diffmode.vim | 12 ++++++++++++
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/diff.c b/src/diff.c
index eddf33165628..91e5ae2f2f68 100644
--- a/src/diff.c
+++ b/src/diff.c
@@ -391,9 +391,9 @@ diff_mark_adjust_tp(
// 2. 3. 4. 5.: inserted/deleted lines touching this diff.
if (deleted > 0)
{
+ off = 0;
if (dp->df_lnum[idx] >= line1)
{
- off = dp->df_lnum[idx] - lnum_deleted;
if (last <= line2)
{
// 4. delete all lines of diff
@@ -414,6 +414,7 @@ diff_mark_adjust_tp(
else
{
// 5. delete lines at or just before top of diff
+ off = dp->df_lnum[idx] - lnum_deleted;
n = off;
dp->df_count[idx] -= line2 - dp->df_lnum[idx] + 1;
check_unchanged = TRUE;
@@ -422,7 +423,6 @@ diff_mark_adjust_tp(
}
else
{
- off = 0;
if (last < line2)
{
// 2. delete at end of diff
diff --git a/src/testdir/test_diffmode.vim b/src/testdir/test_diffmode.vim
index afa8f891be55..4c7aff5ccb6e 100644
--- a/src/testdir/test_diffmode.vim
+++ b/src/testdir/test_diffmode.vim
@@ -1021,3 +1021,15 @@ func Test_diff_only()
set nodiff
%bwipe!
endfunc
+
+" This was causing invalid diff block values
+" FIXME: somehow this causes a valgrind error when run directly but not when
+" run as a test.
+func Test_diff_manipulations()
+ set diff
+ split 0
+ sil! norm R doobdeuR doobdeuR doobdeu
+
+ set nodiff
+ %bwipe!
+endfunc
--
2.33.0

9
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim
Epoch: 2
Version: 8.2
Release: 51
Release: 52
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT
URL: http://www.vim.org
@ -153,6 +153,7 @@ Patch6116: backport-CVE-2022-2257.patch
Patch6117: backport-CVE-2022-2286.patch
Patch6118: backport-CVE-2022-2287.patch
Patch6119: backport-patch-9.0.0022-spell-test-fails.patch
Patch6120: backport-CVE-2022-2210.patch
Patch9000: bugfix-rm-modify-info-version.patch
@ -541,6 +542,12 @@ popd
%{_mandir}/man1/evim.*
%changelog
* Wed Jul 13 2022 yanglongkang <yanglongkang@h-partners.com> - 2:8.2-52
- Type:CVE
- ID:CVE-2022-2210
- SUG:NA
- DESC:fix CVE-2022-2210
* Wed Jul 13 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-51
- Type:CVE
- ID:CVE-2022-2264 CVE-2022-2257 CVE-2022-2286 CVE-2022-2287