CVE-2022-0714 vim: buffer overflow [rhel-9]

Resolves: CVE-2022-0714
This commit is contained in:
Zdenek Dohnal 2022-02-24 14:31:35 +01:00
parent e2ec7ae719
commit 4704df36f2
2 changed files with 42 additions and 1 deletions

View File

@ -0,0 +1,35 @@
diff --git a/src/indent.c b/src/indent.c
index 77d8b0a..9830685 100644
--- a/src/indent.c
+++ b/src/indent.c
@@ -1284,6 +1284,8 @@ change_indent(
new_cursor_col += (*mb_ptr2len)(ptr + new_cursor_col);
else
++new_cursor_col;
+ if (ptr[new_cursor_col] == NUL)
+ break;
vcol += lbr_chartabsize(ptr, ptr + new_cursor_col, (colnr_T)vcol);
}
vcol = last_vcol;
diff --git a/src/testdir/test_vartabs.vim b/src/testdir/test_vartabs.vim
index 0ff1ea8..a613510 100644
--- a/src/testdir/test_vartabs.vim
+++ b/src/testdir/test_vartabs.vim
@@ -419,4 +419,17 @@ func Test_varsofttabstop()
close!
endfunc
+func Test_vartabstop_latin1()
+ let save_encoding = &encoding
+ new
+ set encoding=iso8859-1
+ set compatible linebreak list revins smarttab
+ set vartabstop=400
+ exe "norm i00\t\<C-D>"
+ bwipe!
+ let &encoding = save_encoding
+ set nocompatible linebreak& list& revins& smarttab& vartabstop&
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab

View File

@ -27,7 +27,7 @@ Summary: The VIM editor
URL: http://www.vim.org/ URL: http://www.vim.org/
Name: vim Name: vim
Version: %{baseversion}.%{patchlevel} Version: %{baseversion}.%{patchlevel}
Release: 14%{?dist} Release: 15%{?dist}
License: Vim and MIT License: Vim and MIT
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2 Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
Source1: virc Source1: virc
@ -114,6 +114,8 @@ Patch3040: 0001-patch-8.2.4218-illegal-memory-access-with-bracketed-.patch
Patch3041: 0001-patch-8.2.4359-crash-when-repeatedly-using-retab.patch Patch3041: 0001-patch-8.2.4359-crash-when-repeatedly-using-retab.patch
# CVE-2022-0629 vim: Stack-based Buffer Overflow in vim prior to 8.2 # CVE-2022-0629 vim: Stack-based Buffer Overflow in vim prior to 8.2
Patch3042: 0001-patch-8.2.4397-crash-when-using-many-composing-chara.patch Patch3042: 0001-patch-8.2.4397-crash-when-using-many-composing-chara.patch
# CVE-2022-0714 vim: buffer overflow [rhel-9]
Patch3043: 0001-patch-8.2.4436-crash-with-weird-vartabstop-value.patch
# gcc is no longer in buildroot by default # gcc is no longer in buildroot by default
BuildRequires: gcc BuildRequires: gcc
@ -343,6 +345,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
%patch3040 -p1 -b .cve0392 %patch3040 -p1 -b .cve0392
%patch3041 -p1 -b .cve0572 %patch3041 -p1 -b .cve0572
%patch3042 -p1 -b .cve0629 %patch3042 -p1 -b .cve0629
%patch3043 -p1 -b .cve0714
%build %build
cd src cd src
@ -900,6 +903,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
%endif %endif
%changelog %changelog
* Thu Feb 24 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-15
- CVE-2022-0714 vim: buffer overflow [rhel-9]
* Wed Feb 23 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-14 * Wed Feb 23 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-14
- CVE-2022-0629 vim: Stack-based Buffer Overflow in vim prior to 8.2 - CVE-2022-0629 vim: Stack-based Buffer Overflow in vim prior to 8.2