CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
Resolves: CVE-2022-0361
This commit is contained in:
parent
604cf01a29
commit
7b787a70b7
|
@ -0,0 +1,51 @@
|
||||||
|
From dc5490e2cbc8c16022a23b449b48c1bd0083f366 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Bram Moolenaar <Bram@vim.org>
|
||||||
|
Date: Tue, 25 Jan 2022 13:52:53 +0000
|
||||||
|
Subject: [PATCH] patch 8.2.4215: illegal memory access when copying lines in
|
||||||
|
Visual mode
|
||||||
|
|
||||||
|
Problem: Illegal memory access when copying lines in Visual mode.
|
||||||
|
Solution: Adjust the Visual position after copying lines.
|
||||||
|
---
|
||||||
|
src/ex_cmds.c | 2 ++
|
||||||
|
src/testdir/test_visual.vim | 11 +++++++++++
|
||||||
|
src/version.c | 2 ++
|
||||||
|
3 files changed, 15 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
|
||||||
|
index 95209985e..f5d93e664 100644
|
||||||
|
--- a/src/ex_cmds.c
|
||||||
|
+++ b/src/ex_cmds.c
|
||||||
|
@@ -866,6 +866,8 @@ ex_copy(linenr_T line1, linenr_T line2, linenr_T n)
|
||||||
|
}
|
||||||
|
|
||||||
|
appended_lines_mark(n, count);
|
||||||
|
+ if (VIsual_active)
|
||||||
|
+ check_pos(curbuf, &VIsual);
|
||||||
|
|
||||||
|
msgmore((long)count);
|
||||||
|
}
|
||||||
|
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
|
||||||
|
index 72f5388b9..9b322fd21 100644
|
||||||
|
--- a/src/testdir/test_visual.vim
|
||||||
|
+++ b/src/testdir/test_visual.vim
|
||||||
|
@@ -1328,5 +1328,16 @@ func Test_visual_exchange_windows()
|
||||||
|
bwipe!
|
||||||
|
endfunc
|
||||||
|
|
||||||
|
+" this was leaving the end of the Visual area beyond the end of a line
|
||||||
|
+func Test_visual_ex_copy_line()
|
||||||
|
+ new
|
||||||
|
+ call setline(1, ["aaa", "bbbbbbbbbxbb"])
|
||||||
|
+ /x
|
||||||
|
+ exe "normal ggvjfxO"
|
||||||
|
+ t0
|
||||||
|
+ normal gNU
|
||||||
|
+ bwipe!
|
||||||
|
+endfunc
|
||||||
|
+
|
||||||
|
|
||||||
|
" vim: shiftwidth=2 sts=2 expandtab
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
4
vim.spec
4
vim.spec
|
@ -96,6 +96,8 @@ Patch3031: 0001-patch-8.2.4151-reading-beyond-the-end-of-a-line.patch
|
||||||
Patch3032: 0001-patch-8.2.4214-illegal-memory-access-with-large-tabs.patch
|
Patch3032: 0001-patch-8.2.4214-illegal-memory-access-with-large-tabs.patch
|
||||||
# CVE-2022-0319 vim: heap-based out-of-bounds read
|
# CVE-2022-0319 vim: heap-based out-of-bounds read
|
||||||
Patch3033: 0001-patch-8.2.4154-ml_get-error-when-exchanging-windows-.patch
|
Patch3033: 0001-patch-8.2.4154-ml_get-error-when-exchanging-windows-.patch
|
||||||
|
# CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
|
||||||
|
Patch3034: 0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
|
||||||
|
|
||||||
# gcc is no longer in buildroot by default
|
# gcc is no longer in buildroot by default
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
|
@ -316,6 +318,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
||||||
%patch3031 -p1 -b .cve0318
|
%patch3031 -p1 -b .cve0318
|
||||||
%patch3032 -p1 -b .cve0359
|
%patch3032 -p1 -b .cve0359
|
||||||
%patch3033 -p1 -b .cve0319
|
%patch3033 -p1 -b .cve0319
|
||||||
|
%patch3034 -p1 -b .cve0361
|
||||||
|
|
||||||
%build
|
%build
|
||||||
cd src
|
cd src
|
||||||
|
@ -875,6 +878,7 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Feb 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-12
|
* Tue Feb 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-12
|
||||||
- CVE-2022-0319 vim: heap-based out-of-bounds read
|
- CVE-2022-0319 vim: heap-based out-of-bounds read
|
||||||
|
- CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
|
||||||
|
|
||||||
* Thu Jan 27 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-11
|
* Thu Jan 27 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-11
|
||||||
- CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
|
- CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
|
||||||
|
|
Loading…
Reference in New Issue