CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
Resolves: CVE-2021-4193
This commit is contained in:
parent
825cea52d2
commit
b7a801e714
|
@ -0,0 +1,39 @@
|
||||||
|
diff -up vim82/src/charset.c.cve4193 vim82/src/charset.c
|
||||||
|
--- vim82/src/charset.c.cve4193 2021-03-22 10:02:42.000000000 +0100
|
||||||
|
+++ vim82/src/charset.c 2022-01-13 10:14:55.634913386 +0100
|
||||||
|
@@ -1232,10 +1232,15 @@ getvcol(
|
||||||
|
posptr = NULL; // continue until the NUL
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- // Special check for an empty line, which can happen on exit, when
|
||||||
|
- // ml_get_buf() always returns an empty string.
|
||||||
|
- if (*ptr == NUL)
|
||||||
|
- pos->col = 0;
|
||||||
|
+ colnr_T i;
|
||||||
|
+
|
||||||
|
+ // In a few cases the position can be beyond the end of the line.
|
||||||
|
+ for (i = 0; i < pos->col; ++i)
|
||||||
|
+ if (ptr[i] == NUL)
|
||||||
|
+ {
|
||||||
|
+ pos->col = i;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
posptr = ptr + pos->col;
|
||||||
|
if (has_mbyte)
|
||||||
|
// always start on the first byte
|
||||||
|
diff -up vim82/src/testdir/test_regexp_latin.vim.cve4193 vim82/src/testdir/test_regexp_latin.vim
|
||||||
|
--- vim82/src/testdir/test_regexp_latin.vim.cve4193 2022-01-13 10:14:55.634913386 +0100
|
||||||
|
+++ vim82/src/testdir/test_regexp_latin.vim 2022-01-13 10:17:01.905292715 +0100
|
||||||
|
@@ -938,4 +938,12 @@ func Test_regexp_last_subst_string()
|
||||||
|
close!
|
||||||
|
endfunc
|
||||||
|
|
||||||
|
+func Test_using_invalid_visual_position()
|
||||||
|
+ " this was going beyond the end of the line
|
||||||
|
+ new
|
||||||
|
+ exe "norm 0o000\<Esc>0\<C-V>$s0"
|
||||||
|
+ /\%V
|
||||||
|
+ bwipe!
|
||||||
|
+endfunc
|
||||||
|
+
|
||||||
|
" vim: shiftwidth=2 sts=2 expandtab
|
8
vim.spec
8
vim.spec
|
@ -27,7 +27,7 @@ Summary: The VIM editor
|
||||||
URL: http://www.vim.org/
|
URL: http://www.vim.org/
|
||||||
Name: vim
|
Name: vim
|
||||||
Version: %{baseversion}.%{patchlevel}
|
Version: %{baseversion}.%{patchlevel}
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
License: Vim and MIT
|
License: Vim and MIT
|
||||||
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
||||||
Source1: virc
|
Source1: virc
|
||||||
|
@ -84,6 +84,8 @@ Patch3025: 0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
|
||||||
Patch3026: 0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch
|
Patch3026: 0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch
|
||||||
# 2028431 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-9.0]
|
# 2028431 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-9.0]
|
||||||
Patch3027: 0001-patch-8.2.3669-buffer-overflow-with-long-help-argume.patch
|
Patch3027: 0001-patch-8.2.3669-buffer-overflow-with-long-help-argume.patch
|
||||||
|
# CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
|
||||||
|
Patch3028: 0001-patch-8.2.3950-going-beyond-the-end-of-the-line-with.patch
|
||||||
|
|
||||||
# gcc is no longer in buildroot by default
|
# gcc is no longer in buildroot by default
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
|
@ -298,6 +300,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
||||||
%patch3025 -p1 -b .cve-win-redr
|
%patch3025 -p1 -b .cve-win-redr
|
||||||
%patch3026 -p1 -b .cve3984
|
%patch3026 -p1 -b .cve3984
|
||||||
%patch3027 -p1 -b .cve4019
|
%patch3027 -p1 -b .cve4019
|
||||||
|
%patch3028 -p1 -b .cve4193
|
||||||
|
|
||||||
%build
|
%build
|
||||||
cd src
|
cd src
|
||||||
|
@ -855,6 +858,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 13 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-10
|
||||||
|
- CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
|
||||||
|
|
||||||
* Mon Dec 06 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-9
|
* Mon Dec 06 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-9
|
||||||
- 2028431 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-9.0]
|
- 2028431 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-9.0]
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue