packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!71 [sync] PR-70: fix CVE-2021-3984

Browse Source 
From: @openeuler-sync-bot
Reviewed-by: @xiezhipeng1
Signed-off-by: @xiezhipeng1
This commit is contained in:
openeuler-ci-bot 2021-12-06 01:41:23 +00:00 committed by Gitee
commit fdcb4922fc
2 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
backport-CVE-2021-3984.patch Normal file
View File

@ -0,0 +1,64 @@
From 2de9b7c7c8791da8853a9a7ca9c467867465b655 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Fri, 19 Nov 2021 19:41:13 +0000
Subject: [PATCH] patch 8.2.3625: illegal memory access when C-indenting
Problem: Illegal memory access when C-indenting.
Solution: Also set the cursor column.
---
src/cindent.c | 10 +++++-----
src/testdir/test_cindent.vim | 12 ++++++++++++
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/src/cindent.c b/src/cindent.c
index c7caed6..28d1558 100644
--- a/src/cindent.c
+++ b/src/cindent.c
@@ -1635,10 +1635,10 @@ get_baseclass_amount(int col)
static pos_T *
find_start_brace(void) // XXX
{
- pos_T cursor_save;
- pos_T *trypos;
- pos_T *pos;
- static pos_T pos_copy;
+ pos_T cursor_save;
+ pos_T *trypos;
+ pos_T *pos;
+ static pos_T pos_copy;
cursor_save = curwin->w_cursor;
while ((trypos = findmatchlimit(NULL, '{', FM_BLOCKSTOP, 0)) != NULL)
@@ -1652,7 +1652,7 @@ find_start_brace(void) // XXX
&& (pos = ind_find_start_CORS(NULL)) == NULL) // XXX
break;
if (pos != NULL)
- curwin->w_cursor.lnum = pos->lnum;
+ curwin->w_cursor = *pos;
}
curwin->w_cursor = cursor_save;
return trypos;
diff --git a/src/testdir/test_cindent.vim b/src/testdir/test_cindent.vim
index 2cb3f24..2a87460 100644
--- a/src/testdir/test_cindent.vim
+++ b/src/testdir/test_cindent.vim
@@ -5251,4 +5251,16 @@ func Test_cindent_56()
enew! | close
endfunc
+func Test_find_brace_backwards()
+ " this was looking beyond the end of the line
+ new
+ norm R/*
+ norm o0{
+ norm o//
+ norm V{=
+ call assert_equal(['/*', ' 0{', '//'], getline(1, 3))
+ bwipe!
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab
--
1.8.3.1

9
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim Name: vim
Epoch: 2 Epoch: 2
Version: 8.2 Version: 8.2
Release: 15 Release: 16
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT License: Vim and MIT
URL: http://www.vim.org URL: http://www.vim.org
@ -49,6 +49,7 @@ Patch6011: backport-CVE-2021-3973.patch
Patch6012: backport-CVE-2021-3974.patch Patch6012: backport-CVE-2021-3974.patch
Patch6013: backport-find-test-fails.patch Patch6013: backport-find-test-fails.patch
Patch6014: backport-no-early-check-if-find-and-sfind-have-an-argument.patch Patch6014: backport-no-early-check-if-find-and-sfind-have-an-argument.patch
Patch6015: backport-CVE-2021-3984.patch
Patch9000: bugfix-rm-modify-info-version.patch Patch9000: bugfix-rm-modify-info-version.patch
@ -437,6 +438,12 @@ popd
%{_mandir}/man1/evim.* %{_mandir}/man1/evim.*
%changelog %changelog
* Sat Dec 04 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-16
- Type:CVE
- ID:CVE-2021-3984
- SUG:NA
- DESC:fix CVE-2021-3984
* Wed Dec 01 2021 ExtinctFire<shenyining_00@126.com> - 2:8.2-15 * Wed Dec 01 2021 ExtinctFire<shenyining_00@126.com> - 2:8.2-15
- Type:CVE - Type:CVE
- ID:CVE-2021-3973 CVE-2021-3974 - ID:CVE-2021-3973 CVE-2021-3974