packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-3903

Browse Source 
(cherry picked from commit 41a0a6992a8d2b6ccada8ba2107e86fa6a79c09f)
This commit is contained in:
shixuantong 2021-10-30 18:09:49 +08:00 committed by openeuler-sync-bot
parent f31b2f2b32
commit db2ebc45a6
2 changed files with 86 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
backport-CVE-2021-3903.patch Normal file
View File

@ -0,0 +1,78 @@
From 777e7c21b7627be80961848ac560cb0a9978ff43 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Mon, 25 Oct 2021 17:07:04 +0100
Subject: [PATCH] patch 8.2.3564: invalid memory access when scrolling without
valid screen
Problem: Invalid memory access when scrolling without a valid screen.
Solution: Do not set VALID_BOTLINE in w_valid.
---
src/move.c | 1 -
src/testdir/test_normal.vim | 22 +++++++++++++++++++---
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/src/move.c b/src/move.c
index 8e53d8b..10165ef 100644
--- a/src/move.c
+++ b/src/move.c
@@ -198,7 +198,6 @@ update_topline(void)
{
curwin->w_topline = curwin->w_cursor.lnum;
curwin->w_botline = curwin->w_topline;
- curwin->w_valid |= VALID_BOTLINE|VALID_BOTLINE_AP;
curwin->w_scbind_pos = 1;
return;
}
diff --git a/src/testdir/test_normal.vim b/src/testdir/test_normal.vim
index d45cf41..1f0088a 100644
--- a/src/testdir/test_normal.vim
+++ b/src/testdir/test_normal.vim
@@ -33,14 +33,14 @@ func CountSpaces(type, ...)
else
silent exe "normal! `[v`]y"
endif
- let g:a=strlen(substitute(@@, '[^ ]', '', 'g'))
+ let g:a = strlen(substitute(@@, '[^ ]', '', 'g'))
let &selection = sel_save
let @@ = reg_save
endfunc
func OpfuncDummy(type, ...)
" for testing operatorfunc
- let g:opt=&linebreak
+ let g:opt = &linebreak
if a:0 " Invoked from Visual mode, use gv command.
silent exe "normal! gvy"
@@ -51,7 +51,7 @@ func OpfuncDummy(type, ...)
endif
" Create a new dummy window
new
- let g:bufnr=bufnr('%')
+ let g:bufnr = bufnr('%')
endfunc
fun! Test_normal00_optrans()
@@ -2705,3 +2705,19 @@ func Test_normal_gk()
bw!
set cpoptions& number& numberwidth&
endfunc
+
+func Test_scroll_in_ex_mode()
+ " This was using invalid memory because w_botline was invalid.
+ let lines =<< trim END
+ diffsplit
+ norm os00(
+ call writefile(['done'], 'Xdone')
+ qa!
+ END
+ call writefile(lines, 'Xscript')
+ call assert_equal(1, RunVim([], [], '--clean -X -Z -e -s -S Xscript'))
+ call assert_equal(['done'], readfile('Xdone'))
+
+ call delete('Xscript')
+ call delete('Xdone')
+endfunc
--
1.8.3.1

9
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim Name: vim
Epoch: 2 Epoch: 2
Version: 8.2 Version: 8.2
Release: 12 Release: 13
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT License: Vim and MIT
URL: http://www.vim.org URL: http://www.vim.org
@ -42,6 +42,7 @@ Patch6004: backport-CVE-2021-3778.patch
Patch6005: backport-CVE-2021-3796.patch Patch6005: backport-CVE-2021-3796.patch
Patch6006: backport-CVE-2021-3872.patch Patch6006: backport-CVE-2021-3872.patch
Patch6007: backport-CVE-2021-3875.patch Patch6007: backport-CVE-2021-3875.patch
Patch6008: backport-CVE-2021-3903.patch
Patch9000: bugfix-rm-modify-info-version.patch Patch9000: bugfix-rm-modify-info-version.patch
@ -430,6 +431,12 @@ popd
%{_mandir}/man1/evim.* %{_mandir}/man1/evim.*
%changelog %changelog
* Sat Oct 30 2021 shixuantong<shixuantong@huawei> - 2:8.2-13
- Type:CVE
- ID:CVE-2021-3903
- SUG:NA
- DESC:fix CVE-2021-3903
* Sat Oct 23 2021 shixuantong<shixuantong@huawei> - 2:8.2-12 * Sat Oct 23 2021 shixuantong<shixuantong@huawei> - 2:8.2-12
- Type:CVE - Type:CVE
- ID:CVE-2021-3872 CVE-2021-3875 - ID:CVE-2021-3872 CVE-2021-3875