diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-08 05:05:20 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-08 05:05:20 +0000 |
| commit | d314229aa657bc23c0fc99aa79a347326095b190 (patch) | |
| tree | e2a542e09db76f34502e20a5f9a8c1a4ef52c420 /debian/patches/CVE-2021-3872.patch | |
| parent | Adding debian version 2:8.1.0875-5+deb10u2. (diff) | |
| download | vim-d314229aa657bc23c0fc99aa79a347326095b190.tar.xz vim-d314229aa657bc23c0fc99aa79a347326095b190.zip | |
Adding debian version 2:8.1.0875-5+deb10u3.debian/2%8.1.0875-5+deb10u3
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2021-3872.patch')
| -rw-r--r-- | debian/patches/CVE-2021-3872.patch | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-3872.patch b/debian/patches/CVE-2021-3872.patch new file mode 100644 index 0000000..ad1ffc3 --- /dev/null +++ b/debian/patches/CVE-2021-3872.patch @@ -0,0 +1,64 @@ +From: Markus Koschany <apo@debian.org> +Date: Wed, 19 Oct 2022 18:47:02 +0200 +Subject: CVE-2021-3872 + +Origin: https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b +--- + src/screen.c | 10 +++++----- + src/testdir/test_statusline.vim | 14 ++++++++++++++ + 2 files changed, 19 insertions(+), 5 deletions(-) + +--- a/src/screen.c ++++ b/src/screen.c +@@ -6887,13 +6887,13 @@ win_redr_status(win_T *wp, int ignore_pu + *(p + len++) = ' '; + if (bt_help(wp->w_buffer)) + { +- STRCPY(p + len, _("[Help]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Help]")); + len += (int)STRLEN(p + len); + } + #ifdef FEAT_QUICKFIX + if (wp->w_p_pvw) + { +- STRCPY(p + len, _("[Preview]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[Preview]")); + len += (int)STRLEN(p + len); + } + #endif +@@ -6903,12 +6903,12 @@ win_redr_status(win_T *wp, int ignore_pu + #endif + ) + { +- STRCPY(p + len, "[+]"); +- len += 3; ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", "[+]"); ++ len += (int)STRLEN(p + len); + } + if (wp->w_buffer->b_p_ro) + { +- STRCPY(p + len, _("[RO]")); ++ vim_snprintf((char *)p + len, MAXPATHL - len, "%s", _("[RO]")); + len += (int)STRLEN(p + len); + } + +--- a/src/testdir/test_statusline.vim ++++ b/src/testdir/test_statusline.vim +@@ -341,3 +341,17 @@ func Test_statusline() + set laststatus& + set splitbelow& + endfunc ++ ++ ++" CVE-2021-3872 ++" Used to write beyond allocated memory. This assumes MAXPATHL is 4096 bytes. ++function Test_statusline_verylong_filename() ++ let fname = repeat('x', 4090) ++ exe "new " . fname ++ set buftype=help ++ set previewwindow ++ redraw ++ bwipe! ++endfunc ++ ++ |