2028342 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-9.0]
Resolves: rhbz#2028342
This commit is contained in:
Zdenek Dohnal
parent
3d44a275df
commit
e13cce4bf4
|
|
@ -0,0 +1,34 @@
|
|||
diff --git a/src/cindent.c b/src/cindent.c
|
||||
index b2fac1a..ce513e3 100644
|
||||
--- a/src/cindent.c
|
||||
+++ b/src/cindent.c
|
||||
@@ -1654,7 +1654,7 @@ find_start_brace(void) // XXX
|
||||
&& (pos = ind_find_start_CORS(NULL)) == NULL) // XXX
|
||||
break;
|
||||
if (pos != NULL)
|
||||
- curwin->w_cursor.lnum = pos->lnum;
|
||||
+ curwin->w_cursor = *pos;
|
||||
}
|
||||
curwin->w_cursor = cursor_save;
|
||||
return trypos;
|
||||
diff --git a/src/testdir/test_cindent.vim b/src/testdir/test_cindent.vim
|
||||
index 5926408..f668faa 100644
|
||||
--- a/src/testdir/test_cindent.vim
|
||||
+++ b/src/testdir/test_cindent.vim
|
||||
@@ -5307,4 +5307,16 @@ func Test_cindent_pragma()
|
||||
enew! | close
|
||||
endfunc
|
||||
|
||||
+func Test_find_brace_backwards()
|
||||
+ " this was looking beyond the end of the line
|
||||
+ new
|
||||
+ norm R/*
|
||||
+ norm o0{
|
||||
+ norm o//
|
||||
+ norm V{=
|
||||
+ call assert_equal(['/*', ' 0{', '//'], getline(1, 3))
|
||||
+ bwipe!
|
||||
+endfunc
|
||||
+
|
||||
+
|
||||
" vim: shiftwidth=2 sts=2 expandtab
|
||||
8
vim.spec
8
vim.spec
|
|
@ -27,7 +27,7 @@ Summary: The VIM editor
|
|||
URL: http://www.vim.org/
|
||||
Name: vim
|
||||
Version: %{baseversion}.%{patchlevel}
|
||||
Release: 8%{?dist}
|
||||
Release: 10%{?dist}
|
||||
License: Vim and MIT
|
||||
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
||||
Source1: virc
|
||||
|
|
@ -80,6 +80,8 @@ Patch3023: 0001-patch-8.2.3428-using-freed-memory-when-replacing.patch
|
|||
Patch3024: 0001-patch-8.2.3406-on-some-systems-tests-fail-without-_R.patch
|
||||
# 2016202 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-9.0]
|
||||
Patch3025: 0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
|
||||
# 2028342 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-9.0]
|
||||
Patch3026: 0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch
|
||||
|
||||
# gcc is no longer in buildroot by default
|
||||
BuildRequires: gcc
|
||||
|
|
@ -292,6 +294,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
|||
%patch3023 -p1 -b .cve-nv-replace
|
||||
%patch3024 -p1 -b .reentrant
|
||||
%patch3025 -p1 -b .cve-win-redr
|
||||
%patch3026 -p1 -b .cve3984
|
||||
|
||||
%build
|
||||
cd src
|
||||
|
|
@ -849,6 +852,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Dec 02 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-9
|
||||
- 2028342 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-9.0]
|
||||
|
||||
* Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-8
|
||||
- 2016202 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-9.0]
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue