CVE-2022-0368 vim: Out-of-bounds Read in vim
Resolves: CVE-2022-0368
This commit is contained in:
Zdenek Dohnal
parent
7b787a70b7
commit
71d1d36ac8
|
|
@ -0,0 +1,55 @@
|
|||
From 8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa Mon Sep 17 00:00:00 2001
|
||||
From: Bram Moolenaar <Bram@vim.org>
|
||||
Date: Tue, 25 Jan 2022 18:24:00 +0000
|
||||
Subject: [PATCH] patch 8.2.4217: illegal memory access when undo makes Visual
|
||||
area invalid
|
||||
|
||||
Problem: Illegal memory access when undo makes Visual area invalid.
|
||||
Solution: Correct the Visual area after undo.
|
||||
---
|
||||
src/testdir/test_visual.vim | 15 +++++++++++++++
|
||||
src/undo.c | 2 ++
|
||||
src/version.c | 2 ++
|
||||
3 files changed, 19 insertions(+)
|
||||
|
||||
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
|
||||
index 9b322fd21..b2beda08d 100644
|
||||
--- a/src/testdir/test_visual.vim
|
||||
+++ b/src/testdir/test_visual.vim
|
||||
@@ -1339,5 +1339,20 @@ func Test_visual_ex_copy_line()
|
||||
bwipe!
|
||||
endfunc
|
||||
|
||||
+" This was leaving the end of the Visual area beyond the end of a line.
|
||||
+" Set 'undolevels' to start a new undo block.
|
||||
+func Test_visual_undo_deletes_last_line()
|
||||
+ new
|
||||
+ call setline(1, ["aaa", "ccc", "dyd"])
|
||||
+ set undolevels=100
|
||||
+ exe "normal obbbbbbbbbxbb\<Esc>"
|
||||
+ set undolevels=100
|
||||
+ /y
|
||||
+ exe "normal ggvjfxO"
|
||||
+ undo
|
||||
+ normal gNU
|
||||
+ bwipe!
|
||||
+endfunc
|
||||
+
|
||||
|
||||
" vim: shiftwidth=2 sts=2 expandtab
|
||||
diff --git a/src/undo.c b/src/undo.c
|
||||
index 4d186d453..636144aef 100644
|
||||
--- a/src/undo.c
|
||||
+++ b/src/undo.c
|
||||
@@ -3029,6 +3029,8 @@ u_undo_end(
|
||||
}
|
||||
}
|
||||
#endif
|
||||
+ if (VIsual_active)
|
||||
+ check_pos(curbuf, &VIsual);
|
||||
|
||||
smsg_attr_keep(0, _("%ld %s; %s #%ld %s"),
|
||||
u_oldcount < 0 ? -u_oldcount : u_oldcount,
|
||||
--
|
||||
2.34.1
|
||||
|
||||
6
vim.spec
6
vim.spec
|
|
@ -98,6 +98,8 @@ Patch3032: 0001-patch-8.2.4214-illegal-memory-access-with-large-tabs.patch
|
|||
Patch3033: 0001-patch-8.2.4154-ml_get-error-when-exchanging-windows-.patch
|
||||
# CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
|
||||
Patch3034: 0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
|
||||
# CVE-2022-0368 vim: Out-of-bounds Read in vim
|
||||
Patch3035: 0001-patch-8.2.4217-illegal-memory-access-when-undo-makes.patch
|
||||
|
||||
# gcc is no longer in buildroot by default
|
||||
BuildRequires: gcc
|
||||
|
|
@ -319,6 +321,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
|||
%patch3032 -p1 -b .cve0359
|
||||
%patch3033 -p1 -b .cve0319
|
||||
%patch3034 -p1 -b .cve0361
|
||||
%patch3035 -p1 -b .cve0368
|
||||
|
||||
%build
|
||||
cd src
|
||||
|
|
@ -876,6 +879,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Feb 09 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-12
|
||||
- CVE-2022-0368 vim: Out-of-bounds Read in vim
|
||||
|
||||
* Tue Feb 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-12
|
||||
- CVE-2022-0319 vim: heap-based out-of-bounds read
|
||||
- CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
|
||||
|
|
|
|||
Loading…
Reference in New Issue