packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vim/backport-CVE-2023-1264.patch
wangjiang 438a9e51aa fix CVE-2023-1264
2023-03-16 09:16:04 +00:00

138 lines
4.4 KiB
Diff
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 7ac5023a5f1a37baafbe1043645f97ba3443d9f6 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 7 Mar 2023 21:05:04 +0000
Subject: [PATCH] patch 9.0.1392: using NULL pointer with nested :open command
Problem: Using NULL pointer with nested :open command.
Solution: Check that ccline.cmdbuff is not NULL.
---
src/getchar.c | 17 ++++++++++-------
src/testdir/term_util.vim | 5 +++++
src/testdir/test_ex_mode.vim | 22 ++++++++++++++++++++++
3 files changed, 37 insertions(+), 7 deletions(-)
diff --git a/src/getchar.c b/src/getchar.c
index 6645be8a0ebd..dac57eb26c61 100644
--- a/src/getchar.c
+++ b/src/getchar.c
@@ -3019,7 +3019,7 @@ check_end_reg_executing(int advance)
static int
vgetorpeek(int advance)
{
- int c, c1;
+ int c;
int timedout = FALSE; // waited for more than 1 second
// for mapping to complete
int mapdepth = 0; // check for recursive mapping
@@ -3386,7 +3386,7 @@ vgetorpeek(int advance)
#ifdef FEAT_CMDL_INFO
showcmd_idx = 0;
#endif
- c1 = 0;
+ int showing_partial = FALSE;
if (typebuf.tb_len > 0 && advance && !exmode_active)
{
if (((State & (MODE_NORMAL | MODE_INSERT))
@@ -3401,7 +3401,7 @@ vgetorpeek(int advance)
edit_putchar(typebuf.tb_buf[typebuf.tb_off
+ typebuf.tb_len - 1], FALSE);
setcursor(); // put cursor back where it belongs
- c1 = 1;
+ showing_partial = TRUE;
}
#ifdef FEAT_CMDL_INFO
// need to use the col and row from above here
@@ -3420,8 +3420,10 @@ vgetorpeek(int advance)
#endif
}
- // this looks nice when typing a dead character map
+ // This looks nice when typing a dead character map.
+ // There is no actual command line for get_number().
if ((State & MODE_CMDLINE)
+ && get_cmdline_info()->cmdbuff != NULL
#if defined(FEAT_CRYPT) || defined(FEAT_EVAL)
&& cmdline_star == 0
#endif
@@ -3430,7 +3432,7 @@ vgetorpeek(int advance)
{
putcmdline(typebuf.tb_buf[typebuf.tb_off
+ typebuf.tb_len - 1], FALSE);
- c1 = 1;
+ showing_partial = TRUE;
}
}
@@ -3466,11 +3468,12 @@ vgetorpeek(int advance)
if (showcmd_idx != 0)
pop_showcmd();
#endif
- if (c1 == 1)
+ if (showing_partial)
{
if (State & MODE_INSERT)
edit_unputchar();
- if (State & MODE_CMDLINE)
+ if ((State & MODE_CMDLINE)
+ && get_cmdline_info()->cmdbuff != NULL)
unputcmdline();
else
setcursor(); // put cursor back where it belongs
diff --git a/src/testdir/term_util.vim b/src/testdir/term_util.vim
index 0f0373184505..88e2b33d083b 100644
--- a/src/testdir/term_util.vim
+++ b/src/testdir/term_util.vim
@@ -55,6 +55,7 @@ endfunc
" "cols" - width of the terminal window (max. 78)
" "statusoff" - number of lines the status is offset from default
" "wait_for_ruler" - if zero then don't wait for ruler to show
+" "no_clean" - if non-zero then remove "--clean" from the command
func RunVimInTerminal(arguments, options)
" If Vim doesn't exit a swap file remains, causing other tests to fail.
" Remove it here.
@@ -91,6 +92,10 @@ func RunVimInTerminal(arguments, options)
let cmd = GetVimCommandCleanTerm() .. reset_u7 .. a:arguments
+ if get(a:options, 'no_clean', 0)
+ let cmd = substitute(cmd, '--clean', '', '')
+ endif
+
let options = #{curwin: 1}
if &termwinsize == ''
let options.term_rows = rows
diff --git a/src/testdir/test_ex_mode.vim b/src/testdir/test_ex_mode.vim
index a6602227638a..d03ec8f2d81d 100644
--- a/src/testdir/test_ex_mode.vim
+++ b/src/testdir/test_ex_mode.vim
@@ -134,6 +134,28 @@ func Test_open_command_flush_line()
bwipe!
endfunc
+" FIXME: this doesn't fail without the fix but hangs
+func Skip_Test_open_command_state()
+ " Tricky script that failed because State was not set properly
+ let lines =<< trim END
+ !ls ƒ
+ 0scìi
+ so! Xsourced
+ set t_û0=0
+ v/-/o
+ END
+ call writefile(lines, 'XopenScript', '')
+
+ let sourced = ["!f\u0083\x02\<Esc>z=0"]
+ call writefile(sourced, 'Xsourced', 'b')
+
+ CheckRunVimInTerminal
+ let buf = RunVimInTerminal('-u NONE -i NONE -n -m -X -Z -e -s -S XopenScript -c qa!', #{rows: 6, wait_for_ruler: 0, no_clean: 1})
+ sleep 3
+
+ call StopVimInTerminal(buf)
+endfunc
+
" Test for :g/pat/visual to run vi commands in Ex mode
" This used to hang Vim before 8.2.0274.
func Test_Ex_global()
Reference in New Issue View Git Blame Copy Permalink