packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vim/backport-CVE-2022-2344.patch
wangjiang 037eeee382 upgrade version to 9.0
2022-11-03 15:22:25 +08:00

51 lines
1.4 KiB
Diff
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From baefde14550231f6468ac2ed2ed495bc381c0c92 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Thu, 7 Jul 2022 19:59:49 +0100
Subject: [PATCH] patch 9.0.0046: reading past end of completion with
duplicate match
Problem: Reading past end of completion with duplicate match.
Solution: Check string length
---
src/insexpand.c | 3 ++-
src/testdir/test_ins_complete.vim | 10 ++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/insexpand.c b/src/insexpand.c
index 0ecb656..9c598a8 100644
--- a/src/insexpand.c
+++ b/src/insexpand.c
@@ -786,7 +786,8 @@ ins_compl_add(
{
if (!match_at_original_text(match)
&& STRNCMP(match->cp_str, str, len) == 0
- && match->cp_str[len] == NUL)
+ && ((int)STRLEN(match->cp_str) <= len
+ || match->cp_str[len] == NUL))
return NOTDONE;
match = match->cp_next;
} while (match != NULL && !is_first_match(match));
diff --git a/src/testdir/test_ins_complete.vim b/src/testdir/test_ins_complete.vim
index 5e5b1bb..2be6d06 100644
--- a/src/testdir/test_ins_complete.vim
+++ b/src/testdir/test_ins_complete.vim
@@ -2112,5 +2112,15 @@ func Test_infercase_very_long_line()
set noic noinfercase
endfunc
+func Test_ins_complete_add()
+ " this was reading past the end of allocated memory
+ new
+ norm o
+ norm 7o€€
+ sil! norm o
+
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink