rpms/vim
5
0
Fork 0
Code Issues Pull Requests Releases Activity

CVE-2022-1629 vim: buffer over-read

Browse Source 
Resolves: CVE-2022-1629
This commit is contained in:
Zdenek Dohnal 2022-05-25 10:41:36 +02:00
parent 9eda475105
commit e53ef5204f
2 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch Normal file
View File

@ -0,0 +1,33 @@
From 53a70289c2712808e6d4e88927e03cac01b470dd Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Mon, 9 May 2022 13:15:07 +0100
Subject: [PATCH] patch 8.2.4925: trailing backslash may cause reading past end
of line
Problem: Trailing backslash may cause reading past end of line.
Solution: Check for NUL after backslash.
---
src/testdir/test_textobjects.vim | 10 +++++++++-
src/textobject.c | 4 ++++
src/version.c | 2 ++
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/src/textobject.c b/src/textobject.c
index e4a7db38e..edaa64c51 100644
--- a/src/textobject.c
+++ b/src/textobject.c
@@ -1664,7 +1664,11 @@ find_next_quote(
if (c == NUL)
return -1;
else if (escape != NULL && vim_strchr(escape, c))
+ {
++col;
+ if (line[col] == NUL)
+ return -1;
+ }
else if (c == quotechar)
break;
if (has_mbyte)
--
2.36.1

4
vim.spec
View File

@ -126,6 +126,8 @@ Patch3046: 0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
Patch3047: 0001-patch-8.2.4774-crash-when-using-a-number-for-lambda-.patch Patch3047: 0001-patch-8.2.4774-crash-when-using-a-number-for-lambda-.patch
# CVE-2022-1621 vim: heap buffer overflow # CVE-2022-1621 vim: heap buffer overflow
Patch3048: 0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch Patch3048: 0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch
# CVE-2022-1629 vim: buffer over-read
Patch3049: 0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch
# gcc is no longer in buildroot by default # gcc is no longer in buildroot by default
BuildRequires: gcc BuildRequires: gcc
@ -361,6 +363,7 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
%patch3046 -p1 -b .cve1154 %patch3046 -p1 -b .cve1154
%patch3047 -p1 -b .cve1420 %patch3047 -p1 -b .cve1420
%patch3048 -p1 -b .cve1621 %patch3048 -p1 -b .cve1621
%patch3049 -p1 -b .cve1629
%build %build
cd src cd src
@ -920,6 +923,7 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
%changelog %changelog
* Tue May 24 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-18 * Tue May 24 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-18
- CVE-2022-1621 vim: heap buffer overflow - CVE-2022-1621 vim: heap buffer overflow
- CVE-2022-1629 vim: buffer over-read
* Mon Apr 25 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-17 * Mon Apr 25 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-17
- CVE-2022-1154 vim: use after free in utf_ptr2char - CVE-2022-1154 vim: use after free in utf_ptr2char