2028342 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-9.0]
Resolves: rhbz#2028342
This commit is contained in:
parent
3d44a275df
commit
e13cce4bf4
|
@ -0,0 +1,34 @@
|
||||||
|
diff --git a/src/cindent.c b/src/cindent.c
|
||||||
|
index b2fac1a..ce513e3 100644
|
||||||
|
--- a/src/cindent.c
|
||||||
|
+++ b/src/cindent.c
|
||||||
|
@@ -1654,7 +1654,7 @@ find_start_brace(void) // XXX
|
||||||
|
&& (pos = ind_find_start_CORS(NULL)) == NULL) // XXX
|
||||||
|
break;
|
||||||
|
if (pos != NULL)
|
||||||
|
- curwin->w_cursor.lnum = pos->lnum;
|
||||||
|
+ curwin->w_cursor = *pos;
|
||||||
|
}
|
||||||
|
curwin->w_cursor = cursor_save;
|
||||||
|
return trypos;
|
||||||
|
diff --git a/src/testdir/test_cindent.vim b/src/testdir/test_cindent.vim
|
||||||
|
index 5926408..f668faa 100644
|
||||||
|
--- a/src/testdir/test_cindent.vim
|
||||||
|
+++ b/src/testdir/test_cindent.vim
|
||||||
|
@@ -5307,4 +5307,16 @@ func Test_cindent_pragma()
|
||||||
|
enew! | close
|
||||||
|
endfunc
|
||||||
|
|
||||||
|
+func Test_find_brace_backwards()
|
||||||
|
+ " this was looking beyond the end of the line
|
||||||
|
+ new
|
||||||
|
+ norm R/*
|
||||||
|
+ norm o0{
|
||||||
|
+ norm o//
|
||||||
|
+ norm V{=
|
||||||
|
+ call assert_equal(['/*', ' 0{', '//'], getline(1, 3))
|
||||||
|
+ bwipe!
|
||||||
|
+endfunc
|
||||||
|
+
|
||||||
|
+
|
||||||
|
" vim: shiftwidth=2 sts=2 expandtab
|
8
vim.spec
8
vim.spec
|
@ -27,7 +27,7 @@ Summary: The VIM editor
|
||||||
URL: http://www.vim.org/
|
URL: http://www.vim.org/
|
||||||
Name: vim
|
Name: vim
|
||||||
Version: %{baseversion}.%{patchlevel}
|
Version: %{baseversion}.%{patchlevel}
|
||||||
Release: 8%{?dist}
|
Release: 10%{?dist}
|
||||||
License: Vim and MIT
|
License: Vim and MIT
|
||||||
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
|
||||||
Source1: virc
|
Source1: virc
|
||||||
|
@ -80,6 +80,8 @@ Patch3023: 0001-patch-8.2.3428-using-freed-memory-when-replacing.patch
|
||||||
Patch3024: 0001-patch-8.2.3406-on-some-systems-tests-fail-without-_R.patch
|
Patch3024: 0001-patch-8.2.3406-on-some-systems-tests-fail-without-_R.patch
|
||||||
# 2016202 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-9.0]
|
# 2016202 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-9.0]
|
||||||
Patch3025: 0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
|
Patch3025: 0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
|
||||||
|
# 2028342 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-9.0]
|
||||||
|
Patch3026: 0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch
|
||||||
|
|
||||||
# gcc is no longer in buildroot by default
|
# gcc is no longer in buildroot by default
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
|
@ -292,6 +294,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
||||||
%patch3023 -p1 -b .cve-nv-replace
|
%patch3023 -p1 -b .cve-nv-replace
|
||||||
%patch3024 -p1 -b .reentrant
|
%patch3024 -p1 -b .reentrant
|
||||||
%patch3025 -p1 -b .cve-win-redr
|
%patch3025 -p1 -b .cve-win-redr
|
||||||
|
%patch3026 -p1 -b .cve3984
|
||||||
|
|
||||||
%build
|
%build
|
||||||
cd src
|
cd src
|
||||||
|
@ -849,6 +852,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 02 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-9
|
||||||
|
- 2028342 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-9.0]
|
||||||
|
|
||||||
* Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-8
|
* Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-8
|
||||||
- 2016202 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-9.0]
|
- 2016202 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-9.0]
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue