diff --git a/0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch b/0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch new file mode 100644 index 0000000..55dade6 --- /dev/null +++ b/0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch @@ -0,0 +1,33 @@ +From 53a70289c2712808e6d4e88927e03cac01b470dd Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Mon, 9 May 2022 13:15:07 +0100 +Subject: [PATCH] patch 8.2.4925: trailing backslash may cause reading past end + of line + +Problem: Trailing backslash may cause reading past end of line. +Solution: Check for NUL after backslash. +--- + src/testdir/test_textobjects.vim | 10 +++++++++- + src/textobject.c | 4 ++++ + src/version.c | 2 ++ + 3 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/src/textobject.c b/src/textobject.c +index e4a7db38e..edaa64c51 100644 +--- a/src/textobject.c ++++ b/src/textobject.c +@@ -1664,7 +1664,11 @@ find_next_quote( + if (c == NUL) + return -1; + else if (escape != NULL && vim_strchr(escape, c)) ++ { + ++col; ++ if (line[col] == NUL) ++ return -1; ++ } + else if (c == quotechar) + break; + if (has_mbyte) +-- +2.36.1 + diff --git a/vim.spec b/vim.spec index 70e0e6f..c6e40da 100644 --- a/vim.spec +++ b/vim.spec @@ -126,6 +126,8 @@ Patch3046: 0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch Patch3047: 0001-patch-8.2.4774-crash-when-using-a-number-for-lambda-.patch # CVE-2022-1621 vim: heap buffer overflow Patch3048: 0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch +# CVE-2022-1629 vim: buffer over-read +Patch3049: 0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch # gcc is no longer in buildroot by default BuildRequires: gcc @@ -361,6 +363,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk %patch3046 -p1 -b .cve1154 %patch3047 -p1 -b .cve1420 %patch3048 -p1 -b .cve1621 +%patch3049 -p1 -b .cve1629 %build cd src @@ -920,6 +923,7 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags %changelog * Tue May 24 2022 Zdenek Dohnal - 2:8.2.2637-18 - CVE-2022-1621 vim: heap buffer overflow +- CVE-2022-1629 vim: buffer over-read * Mon Apr 25 2022 Zdenek Dohnal - 2:8.2.2637-17 - CVE-2022-1154 vim: use after free in utf_ptr2char