summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2022-2598.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-08 05:05:20 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-08 05:05:20 +0000
commitd314229aa657bc23c0fc99aa79a347326095b190 (patch)
treee2a542e09db76f34502e20a5f9a8c1a4ef52c420 /debian/patches/CVE-2022-2598.patch
parentAdding debian version 2:8.1.0875-5+deb10u2. (diff)
downloadvim-debian/2%8.1.0875-5+deb10u3.tar.xz
vim-debian/2%8.1.0875-5+deb10u3.zip
Adding debian version 2:8.1.0875-5+deb10u3.debian/2%8.1.0875-5+deb10u3
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/CVE-2022-2598.patch')
-rw-r--r--debian/patches/CVE-2022-2598.patch60
1 files changed, 60 insertions, 0 deletions
diff --git a/debian/patches/CVE-2022-2598.patch b/debian/patches/CVE-2022-2598.patch
new file mode 100644
index 0000000..d7732d4
--- /dev/null
+++ b/debian/patches/CVE-2022-2598.patch
@@ -0,0 +1,60 @@
+From: Markus Koschany <apo@debian.org>
+Date: Sun, 6 Nov 2022 23:00:10 +0100
+Subject: CVE-2022-2598
+
+Origin: https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d
+---
+ src/diff.c | 9 ++++++---
+ src/testdir/test_diffmode.vim | 15 +++++++++++++++
+ 2 files changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/diff.c b/src/diff.c
+index d368f96..745cb87 100644
+--- a/src/diff.c
++++ b/src/diff.c
+@@ -451,7 +451,10 @@ diff_mark_adjust_tp(
+ for (i = 0; i < DB_COUNT; ++i)
+ if (tp->tp_diffbuf[i] != NULL && i != idx)
+ {
+- dp->df_lnum[i] -= off;
++ if (dp->df_lnum[i] > off)
++ dp->df_lnum[i] -= off;
++ else
++ dp->df_lnum[i] = 1;
+ dp->df_count[i] += n;
+ }
+ }
+@@ -2735,8 +2738,8 @@ ex_diffgetput(exarg_T *eap)
+ {
+ /* remember deleting the last line of the buffer */
+ buf_empty = curbuf->b_ml.ml_line_count == 1;
+- ml_delete(lnum, FALSE);
+- --added;
++ if (ml_delete(lnum, FALSE) == OK)
++ --added;
+ }
+ for (i = 0; i < dp->df_count[idx_from] - start_skip - end_skip; ++i)
+ {
+diff --git a/src/testdir/test_diffmode.vim b/src/testdir/test_diffmode.vim
+index 84fb451..3ced8cd 100644
+--- a/src/testdir/test_diffmode.vim
++++ b/src/testdir/test_diffmode.vim
+@@ -913,3 +913,18 @@ func Test_diff_of_diff()
+ call StopVimInTerminal(buf)
+ call delete('Xtest_diff_diff')
+ endfunc
++
++" This was causing the line number in the diff block to go below one.
++" FIXME: somehow this causes a valgrind error when run directly but not when
++" run as a test.
++func Test_diff_put_and_undo()
++ set diff
++ next 0
++ split 00
++ sil! norm o0gguudpo0ggJuudp
++
++ bwipe!
++ bwipe!
++ set nodiff
++endfunc
++