From 7c674cf9b056a7ff0c19b155cb387e236aa6bcc7 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 9 Feb 2023 17:14:22 +0100
Subject: [PATCH] CVE-2022-47024 vim: no check if the return value of
 XChangeGC() is NULL

Resolves: CVE-2022-47024
---
 ...o-check-if-the-return-value-of-XChan.patch | 38 +++++++++++++++++++
 vim.spec                                      |  8 +++-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 0001-patch-9.0.0339-no-check-if-the-return-value-of-XChan.patch

diff --git a/0001-patch-9.0.0339-no-check-if-the-return-value-of-XChan.patch b/0001-patch-9.0.0339-no-check-if-the-return-value-of-XChan.patch
new file mode 100644
index 0000000..d3b0a70
--- /dev/null
+++ b/0001-patch-9.0.0339-no-check-if-the-return-value-of-XChan.patch
@@ -0,0 +1,38 @@
+From a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Wed, 31 Aug 2022 12:01:54 +0100
+Subject: [PATCH] patch 9.0.0339: no check if the return value of XChangeGC()
+ is NULL
+
+Problem:    No check if the return value of XChangeGC() is NULL.
+Solution:   Only use the return value when it is not NULL. (closes #11020)
+---
+ src/gui_x11.c | 10 +++++++---
+ src/version.c |  2 ++
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/gui_x11.c b/src/gui_x11.c
+index 6e3e903be..7293ac490 100644
+--- a/src/gui_x11.c
++++ b/src/gui_x11.c
+@@ -2231,10 +2231,14 @@ gui_x11_create_blank_mouse(void)
+ {
+     Pixmap blank_pixmap = XCreatePixmap(gui.dpy, gui.wid, 1, 1, 1);
+     GC gc = XCreateGC(gui.dpy, blank_pixmap, (unsigned long)0, (XGCValues*)0);
+-    XDrawPoint(gui.dpy, blank_pixmap, gc, 0, 0);
+-    XFreeGC(gui.dpy, gc);
++
++    if (gc != NULL)
++    {
++	XDrawPoint(gui.dpy, blank_pixmap, gc, 0, 0);
++	XFreeGC(gui.dpy, gc);
++    }
+     return XCreatePixmapCursor(gui.dpy, blank_pixmap, blank_pixmap,
+-	    (XColor*)&gui.norm_pixel, (XColor*)&gui.norm_pixel, 0, 0);
++		     (XColor*)&gui.norm_pixel, (XColor*)&gui.norm_pixel, 0, 0);
+ }
+ 
+ /*
+-- 
+2.39.1
+
diff --git a/vim.spec b/vim.spec
index 39c40f5..ec73e6c 100644
--- a/vim.spec
+++ b/vim.spec
@@ -27,7 +27,7 @@ Summary: The VIM editor
 URL:     http://www.vim.org/
 Name: vim
 Version: %{baseversion}.%{patchlevel}
-Release: 19%{?dist}
+Release: 20%{?dist}
 License: Vim and MIT
 Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
 Source1: virc
@@ -134,6 +134,8 @@ Patch3050: 0001-patch-8.2.4977-memory-access-error-when-substitute-e.patch
 Patch3051: 0001-patch-8.2.5023-substitute-overwrites-allocated-buffe.patch
 # CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c
 Patch3052: 0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch
+# CVE-2022-47024 vim: no check if the return value of XChangeGC() is NULL
+Patch3053:0001-patch-9.0.0339-no-check-if-the-return-value-of-XChan.patch
 
 # gcc is no longer in buildroot by default
 BuildRequires: gcc
@@ -373,6 +375,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
 %patch3050 -p1 -b .cve1785
 %patch3051 -p1 -b .cve1897
 %patch3052 -p1 -b .cve1927
+%patch3053 -p1 -b .cve47024
 
 %build
 cd src
@@ -930,6 +933,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
 %endif
 
 %changelog
+* Thu Feb 09 2023 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-20
+- CVE-2022-47024 vim: no check if the return value of XChangeGC() is NULL
+
 * Mon Jun 13 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-19
 - CVE-2022-1785 vim: Out-of-bounds Write
 - CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c