CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
Resolves: CVE-2022-0361
This commit is contained in:
Zdenek Dohnal
parent
604cf01a29
commit
7b787a70b7
@ -0,0 +1,51 @@
|
||||
From dc5490e2cbc8c16022a23b449b48c1bd0083f366 Mon Sep 17 00:00:00 2001
|
||||
From: Bram Moolenaar <Bram@vim.org>
|
||||
Date: Tue, 25 Jan 2022 13:52:53 +0000
|
||||
Subject: [PATCH] patch 8.2.4215: illegal memory access when copying lines in
|
||||
Visual mode
|
||||
|
||||
Problem: Illegal memory access when copying lines in Visual mode.
|
||||
Solution: Adjust the Visual position after copying lines.
|
||||
---
|
||||
src/ex_cmds.c | 2 ++
|
||||
src/testdir/test_visual.vim | 11 +++++++++++
|
||||
src/version.c | 2 ++
|
||||
3 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
|
||||
index 95209985e..f5d93e664 100644
|
||||
--- a/src/ex_cmds.c
|
||||
+++ b/src/ex_cmds.c
|
||||
@@ -866,6 +866,8 @@ ex_copy(linenr_T line1, linenr_T line2, linenr_T n)
|
||||
}
|
||||
|
||||
appended_lines_mark(n, count);
|
||||
+ if (VIsual_active)
|
||||
+ check_pos(curbuf, &VIsual);
|
||||
|
||||
msgmore((long)count);
|
||||
}
|
||||
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
|
||||
index 72f5388b9..9b322fd21 100644
|
||||
--- a/src/testdir/test_visual.vim
|
||||
+++ b/src/testdir/test_visual.vim
|
||||
@@ -1328,5 +1328,16 @@ func Test_visual_exchange_windows()
|
||||
bwipe!
|
||||
endfunc
|
||||
|
||||
+" this was leaving the end of the Visual area beyond the end of a line
|
||||
+func Test_visual_ex_copy_line()
|
||||
+ new
|
||||
+ call setline(1, ["aaa", "bbbbbbbbbxbb"])
|
||||
+ /x
|
||||
+ exe "normal ggvjfxO"
|
||||
+ t0
|
||||
+ normal gNU
|
||||
+ bwipe!
|
||||
+endfunc
|
||||
+
|
||||
|
||||
" vim: shiftwidth=2 sts=2 expandtab
|
||||
--
|
||||
2.34.1
|
||||
|
||||
4
vim.spec
4
vim.spec
@ -96,6 +96,8 @@ Patch3031: 0001-patch-8.2.4151-reading-beyond-the-end-of-a-line.patch
|
||||
Patch3032: 0001-patch-8.2.4214-illegal-memory-access-with-large-tabs.patch
|
||||
# CVE-2022-0319 vim: heap-based out-of-bounds read
|
||||
Patch3033: 0001-patch-8.2.4154-ml_get-error-when-exchanging-windows-.patch
|
||||
# CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
|
||||
Patch3034: 0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
|
||||
|
||||
# gcc is no longer in buildroot by default
|
||||
BuildRequires: gcc
|
||||
@ -316,6 +318,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
||||
%patch3031 -p1 -b .cve0318
|
||||
%patch3032 -p1 -b .cve0359
|
||||
%patch3033 -p1 -b .cve0319
|
||||
%patch3034 -p1 -b .cve0361
|
||||
|
||||
%build
|
||||
cd src
|
||||
@ -875,6 +878,7 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
||||
%changelog
|
||||
* Tue Feb 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-12
|
||||
- CVE-2022-0319 vim: heap-based out-of-bounds read
|
||||
- CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
|
||||
|
||||
* Thu Jan 27 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-11
|
||||
- CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
|
||||
|
||||
Loading…
Reference in New Issue
Block a user