CVE-2022-0943 vim: Heap-based Buffer Overflow occurs in vim
Resolves: CVE-2022-0943
This commit is contained in:
parent
27c905a9a9
commit
13ff67f4d3
|
@ -0,0 +1,39 @@
|
|||
diff -up vim82/src/spellsuggest.c.cve0943 vim82/src/spellsuggest.c
|
||||
--- vim82/src/spellsuggest.c.cve0943 2022-03-28 20:48:07.079197805 +0200
|
||||
+++ vim82/src/spellsuggest.c 2022-03-28 20:48:07.101197522 +0200
|
||||
@@ -501,6 +501,10 @@ spell_suggest(int count)
|
||||
curwin->w_cursor.col = VIsual.col;
|
||||
++badlen;
|
||||
end_visual_mode();
|
||||
+ // make sure we don't include the NUL at the end of the line
|
||||
+ line = ml_get_curline();
|
||||
+ if (badlen > STRLEN(line) - curwin->w_cursor.col)
|
||||
+ badlen = STRLEN(line) - curwin->w_cursor.col;
|
||||
}
|
||||
// Find the start of the badly spelled word.
|
||||
else if (spell_move_to(curwin, FORWARD, TRUE, TRUE, NULL) == 0
|
||||
diff -up vim82/src/testdir/test_spell.vim.cve0943 vim82/src/testdir/test_spell.vim
|
||||
--- vim82/src/testdir/test_spell.vim.cve0943 2022-03-28 20:48:07.102197509 +0200
|
||||
+++ vim82/src/testdir/test_spell.vim 2022-03-28 20:49:05.038452974 +0200
|
||||
@@ -441,6 +441,21 @@ func Test_spellsuggest_expr_errors()
|
||||
delfunc MySuggest3
|
||||
endfunc
|
||||
|
||||
+func Test_spellsuggest_visual_end_of_line()
|
||||
+ let enc_save = &encoding
|
||||
+ set encoding=iso8859
|
||||
+
|
||||
+ " This was reading beyond the end of the line.
|
||||
+ norm R00000000000
|
||||
+ sil norm 0
|
||||
+ sil! norm i00000)
|
||||
+ sil! norm i00000)
|
||||
+ call feedkeys("\<CR>")
|
||||
+ norm z=
|
||||
+
|
||||
+ let &encoding = enc_save
|
||||
+endfunc
|
||||
+
|
||||
func Test_spellinfo()
|
||||
new
|
||||
let runtime = substitute($VIMRUNTIME, '\\', '/', 'g')
|
5
vim.spec
5
vim.spec
|
@ -116,7 +116,10 @@ Patch3041: 0001-patch-8.2.4359-crash-when-repeatedly-using-retab.patch
|
|||
Patch3042: 0001-patch-8.2.4397-crash-when-using-many-composing-chara.patch
|
||||
# CVE-2022-0714 vim: buffer overflow [rhel-9]
|
||||
Patch3043: 0001-patch-8.2.4436-crash-with-weird-vartabstop-value.patch
|
||||
# CVE-2022-0554 vim: Use of Out-of-range Pointer Offset in vim prior
|
||||
Patch3044: 0001-patch-8.2.4327-may-end-up-with-no-current-buffer.patch
|
||||
# CVE-2022-0943 vim: Heap-based Buffer Overflow occurs in vim
|
||||
Patch3045: 0001-patch-8.2.4563-z-in-Visual-mode-may-go-beyond-the-en.patch
|
||||
|
||||
# gcc is no longer in buildroot by default
|
||||
BuildRequires: gcc
|
||||
|
@ -348,6 +351,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
|||
%patch3042 -p1 -b .cve0629
|
||||
%patch3043 -p1 -b .cve0714
|
||||
%patch3044 -p1 -b .cve0554
|
||||
%patch3045 -p1 -b .cve0943
|
||||
|
||||
%build
|
||||
cd src
|
||||
|
@ -907,6 +911,7 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
|||
%changelog
|
||||
* Mon Mar 28 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-16
|
||||
- CVE-2022-0554 vim: Use of Out-of-range Pointer Offset in vim prior
|
||||
- CVE-2022-0943 vim: Heap-based Buffer Overflow occurs in vim
|
||||
|
||||
* Thu Feb 24 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-15
|
||||
- CVE-2022-0714 vim: buffer overflow [rhel-9]
|
||||
|
|
Loading…
Reference in New Issue