CVE-2022-1629 vim: buffer over-read
Resolves: CVE-2022-1629
This commit is contained in:
Zdenek Dohnal
parent
9eda475105
commit
e53ef5204f
@ -0,0 +1,33 @@
|
||||
From 53a70289c2712808e6d4e88927e03cac01b470dd Mon Sep 17 00:00:00 2001
|
||||
From: Bram Moolenaar <Bram@vim.org>
|
||||
Date: Mon, 9 May 2022 13:15:07 +0100
|
||||
Subject: [PATCH] patch 8.2.4925: trailing backslash may cause reading past end
|
||||
of line
|
||||
|
||||
Problem: Trailing backslash may cause reading past end of line.
|
||||
Solution: Check for NUL after backslash.
|
||||
---
|
||||
src/testdir/test_textobjects.vim | 10 +++++++++-
|
||||
src/textobject.c | 4 ++++
|
||||
src/version.c | 2 ++
|
||||
3 files changed, 15 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/textobject.c b/src/textobject.c
|
||||
index e4a7db38e..edaa64c51 100644
|
||||
--- a/src/textobject.c
|
||||
+++ b/src/textobject.c
|
||||
@@ -1664,7 +1664,11 @@ find_next_quote(
|
||||
if (c == NUL)
|
||||
return -1;
|
||||
else if (escape != NULL && vim_strchr(escape, c))
|
||||
+ {
|
||||
++col;
|
||||
+ if (line[col] == NUL)
|
||||
+ return -1;
|
||||
+ }
|
||||
else if (c == quotechar)
|
||||
break;
|
||||
if (has_mbyte)
|
||||
--
|
||||
2.36.1
|
||||
|
||||
4
vim.spec
4
vim.spec
@ -126,6 +126,8 @@ Patch3046: 0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
|
||||
Patch3047: 0001-patch-8.2.4774-crash-when-using-a-number-for-lambda-.patch
|
||||
# CVE-2022-1621 vim: heap buffer overflow
|
||||
Patch3048: 0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch
|
||||
# CVE-2022-1629 vim: buffer over-read
|
||||
Patch3049: 0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch
|
||||
|
||||
# gcc is no longer in buildroot by default
|
||||
BuildRequires: gcc
|
||||
@ -361,6 +363,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
|
||||
%patch3046 -p1 -b .cve1154
|
||||
%patch3047 -p1 -b .cve1420
|
||||
%patch3048 -p1 -b .cve1621
|
||||
%patch3049 -p1 -b .cve1629
|
||||
|
||||
%build
|
||||
cd src
|
||||
@ -920,6 +923,7 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
|
||||
%changelog
|
||||
* Tue May 24 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-18
|
||||
- CVE-2022-1621 vim: heap buffer overflow
|
||||
- CVE-2022-1629 vim: buffer over-read
|
||||
|
||||
* Mon Apr 25 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-17
|
||||
- CVE-2022-1154 vim: use after free in utf_ptr2char
|
||||
|
||||
Loading…
Reference in New Issue
Block a user