vim/0001-patch-8.2.4436-crash-with-weird-vartabstop-value.patch
Zdenek Dohnal 4704df36f2 CVE-2022-0714 vim: buffer overflow [rhel-9]
Resolves: CVE-2022-0714
2022-02-24 14:31:35 +01:00

36 lines
977 B
Diff

diff --git a/src/indent.c b/src/indent.c
index 77d8b0a..9830685 100644
--- a/src/indent.c
+++ b/src/indent.c
@@ -1284,6 +1284,8 @@ change_indent(
new_cursor_col += (*mb_ptr2len)(ptr + new_cursor_col);
else
++new_cursor_col;
+ if (ptr[new_cursor_col] == NUL)
+ break;
vcol += lbr_chartabsize(ptr, ptr + new_cursor_col, (colnr_T)vcol);
}
vcol = last_vcol;
diff --git a/src/testdir/test_vartabs.vim b/src/testdir/test_vartabs.vim
index 0ff1ea8..a613510 100644
--- a/src/testdir/test_vartabs.vim
+++ b/src/testdir/test_vartabs.vim
@@ -419,4 +419,17 @@ func Test_varsofttabstop()
close!
endfunc
+func Test_vartabstop_latin1()
+ let save_encoding = &encoding
+ new
+ set encoding=iso8859-1
+ set compatible linebreak list revins smarttab
+ set vartabstop=400
+ exe "norm i00\t\<C-D>"
+ bwipe!
+ let &encoding = save_encoding
+ set nocompatible linebreak& list& revins& smarttab& vartabstop&
+endfunc
+
+
" vim: shiftwidth=2 sts=2 expandtab