!265 [sync] PR-250: fix CVE-2022-2124

From: @openeuler-sync-bot 
Reviewed-by: @xiezhipeng1 
Signed-off-by: @xiezhipeng1

backport-CVE-2022-2124.patch

@@ -0,0 +1,35 @@
+From e4463991b2c9243ae93462118b6d6f648852bb0c Mon Sep 17 00:00:00 2001
+From: lauk001 <liukuo@kylinos.cn>
+Date: Tue, 21 Jun 2022 13:43:57 +0800
+Subject: [PATCH] CVE-2022-2124
+
+Signed-off-by: lauk001 <liukuo@kylinos.cn>
+---
+ src/search.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/search.c b/src/search.c
+index 75f0c59..87acb33 100644
+--- a/src/search.c
++++ b/src/search.c
+@@ -4589,11 +4589,17 @@ current_quote(
+ 
+ 	// Find out if we have a quote in the selection.
+ 	while (i <= col_end)
++	{
++	    // check for going over the end of the line, which can happen if
++	    // the line was changed after the Visual area was selected.
++	    if (line[i] == NUL)
++		break;
+ 	    if (line[i++] == quotechar)
+ 	    {
+ 		selected_quote = TRUE;
+ 		break;
+ 	    }
++	}
+     }
+ 
+     if (!vis_empty && line[col_start] == quotechar)
+-- 
+2.33.0
+

vim.spec

@@ -12,7 +12,7 @@
 Name:           vim
 Epoch:          2
 Version:        8.2
-Release:        43
+Release:        44
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@@ -122,6 +122,7 @@ Patch6085:      backport-fix-test-failed.patch
 Patch6086:      backport-CVE-2022-1897.patch
 Patch6087:      backport-CVE-2022-1968.patch
 Patch6088:      backport-CVE-2022-1771.patch
+Patch6089:      backport-CVE-2022-2124.patch
 
 Patch9000:      bugfix-rm-modify-info-version.patch
 
@@ -510,6 +511,12 @@ popd
 %{_mandir}/man1/evim.*
 
 %changelog
+* Thu Jun 23 2022 liukuo <liukuo@kylinos.cn> - 2:8.2-44
+- Type:CVE
+- ID:CVE-2022-2124
+- SUG:NA
+- DESC:fix CVE-2022-2124
+
 * Tue Jun 21 2022 dongyuzhen <dongyuzhen@h-partners.com> - 2:8.2-43
 - Type:CVE
 - ID:CVE-2022-1771