vim/backport-CVE-2022-2210.patch

From c101abff4c6756db4f5e740fde289decb9452efa Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sun, 26 Jun 2022 16:53:34 +0100
Subject: [PATCH] patch 8.2.5164: invalid memory access after diff buffer
 manipulations

Problem:    Invalid memory access after diff buffer manipulations.
Solution:   Use zero offset when change removes all lines in a diff block.
---
 src/diff.c                    |  4 ++--
 src/testdir/test_diffmode.vim | 12 ++++++++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/diff.c b/src/diff.c
index eddf33165628..91e5ae2f2f68 100644
--- a/src/diff.c
+++ b/src/diff.c
@@ -391,9 +391,9 @@ diff_mark_adjust_tp(
 		// 2. 3. 4. 5.: inserted/deleted lines touching this diff.
 		if (deleted > 0)
 		{
+		    off = 0;
 		    if (dp->df_lnum[idx] >= line1)
 		    {
-			off = dp->df_lnum[idx] - lnum_deleted;
 			if (last <= line2)
 			{
 			    // 4. delete all lines of diff
@@ -414,6 +414,7 @@ diff_mark_adjust_tp(
 			else
 			{
 			    // 5. delete lines at or just before top of diff
+			    off = dp->df_lnum[idx] - lnum_deleted;
 			    n = off;
 			    dp->df_count[idx] -= line2 - dp->df_lnum[idx] + 1;
 			    check_unchanged = TRUE;
@@ -422,7 +423,6 @@ diff_mark_adjust_tp(
 		    }
 		    else
 		    {
-			off = 0;
 			if (last < line2)
 			{
 			    // 2. delete at end of diff
diff --git a/src/testdir/test_diffmode.vim b/src/testdir/test_diffmode.vim
index afa8f891be55..4c7aff5ccb6e 100644
--- a/src/testdir/test_diffmode.vim
+++ b/src/testdir/test_diffmode.vim
@@ -1021,3 +1021,15 @@ func Test_diff_only()
   set nodiff
   %bwipe!
 endfunc
+ 
+" This was causing invalid diff block values
+" FIXME: somehow this causes a valgrind error when run directly but not when
+" run as a test.
+func Test_diff_manipulations()
+  set diff
+  split 0
+  sil! norm R
doobdeuR
doobdeuR
doobdeu
+
+  set nodiff
+  %bwipe!
+endfunc
-- 
2.33.0