!484 fix CVE-2023-0433

From: @wangjiang37 Reviewed-by: @lvying6 Signed-off-by: @lvying6
2023-02-07 02:28:05 +00:00 · 2023-02-07 02:28:05 +00:00 · e576f07da0
commit e576f07da0
parent 32242fef3f 612c50b81f
2 changed files with 48 additions and 1 deletions
--- a/backport-CVE-2023-0433.patch
+++ b/backport-CVE-2023-0433.patch
@ -0,0 +1,40 @@
+From 11977f917506d950b7e0cae558bd9189260b253b Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Sat, 21 Jan 2023 13:09:19 +0000
+Subject: [PATCH] patch 9.0.1225: reading past the end of a line when
+ formatting text
+
+Problem:    Reading past the end of a line when formatting text.
+Solution:   Check for not going over the end of the line.
+---
+ src/textformat.c | 10 +++++++++-
+ 1 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/textformat.c b/src/textformat.c
+index 6a93890bd2c4..7ebbc8849a45 100644
+--- a/src/textformat.c
+++ b/src/textformat.c
+@@ -540,6 +540,9 @@ same_leader(
+     if (leader1_len == 0)
+ 	return (leader2_len == 0);
+ 
+    char_u  *lnum_line = NULL;
+    int	    line_len = 0;
+
+     // If first leader has 'f' flag, the lines can be joined only if the
+     // second line does not have a leader.
+     // If first leader has 'e' flag, the lines can never be joined.
+@@ -555,7 +558,12 @@ same_leader(
+ 		return FALSE;
+ 	    if (*p == COM_START)
+ 	    {
+-		if (*(ml_get(lnum) + leader1_len) == NUL)
+		if (lnum_line == NULL)
+		{
+		    lnum_line = ml_get(lnum);
+		    line_len = (int)STRLEN(lnum_line);
+		}
+		if (line_len <= leader1_len)
+ 		    return FALSE;
+ 		if (leader2_flags == NULL || leader2_len == 0)
+ 		    return FALSE;
--- a/vim.spec
+++ b/vim.spec
@ -12,7 +12,7 @@
 Name:           vim
 Epoch:          2
 Version:        9.0
-Release:        8
+Release:        9
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@ -86,6 +86,7 @@ Patch6056:      backport-CVE-2023-0051.patch
 Patch6057:      backport-CVE-2023-0054.patch
 Patch6058:      backport-CVE-2022-47024.patch
 Patch6059:      backport-CVE-2023-0288.patch
+Patch6060:      backport-CVE-2023-0433.patch

 Patch9000:      bugfix-rm-modify-info-version.patch
 Patch9001:      vim-Add-sw64-architecture.patch
@ -494,6 +495,12 @@ LC_ALL=en_US.UTF-8 make -j1 test
 %{_mandir}/man1/evim.*

 %changelog
+* Mon Feb 06 2023 wangjiang <wangjiang37@h-partners.com> - 2:9.0-9
+- Type:CVE
+- ID:CVE-2023-0433
+- SUG:NA
+- DESC:CVE-2023-0433
+
 * Sun Jan 29 2023 wangjiang <wangjiang37@h-partners.com> - 2:9.0-8
 - Type:CVE
 - ID:CVE-2022-47024 CVE-2023-0288