diff options
Diffstat (limited to 'debian/patches/CVE-2021-4193.patch')
| -rw-r--r-- | debian/patches/CVE-2021-4193.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-4193.patch b/debian/patches/CVE-2021-4193.patch new file mode 100644 index 0000000..564850b --- /dev/null +++ b/debian/patches/CVE-2021-4193.patch @@ -0,0 +1,46 @@ +From: Markus Koschany <apo@debian.org> +Date: Wed, 19 Oct 2022 20:05:49 +0200 +Subject: CVE-2021-4193 + +Origin: https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b +--- + src/charset.c | 13 +++++++++---- + src/testdir/test_regexp_latin.vim | 8 ++++++++ + 2 files changed, 17 insertions(+), 4 deletions(-) + +--- a/src/charset.c ++++ b/src/charset.c +@@ -1244,10 +1244,15 @@ getvcol( + posptr = NULL; /* continue until the NUL */ + else + { +- /* Special check for an empty line, which can happen on exit, when +- * ml_get_buf() always returns an empty string. */ +- if (*ptr == NUL) +- pos->col = 0; ++ colnr_T i; ++ ++ // In a few cases the position can be beyond the end of the line. ++ for (i = 0; i < pos->col; ++i) ++ if (ptr[i] == NUL) ++ { ++ pos->col = i; ++ break; ++ } + posptr = ptr + pos->col; + if (has_mbyte) + /* always start on the first byte */ +--- a/src/testdir/test_regexp_latin.vim ++++ b/src/testdir/test_regexp_latin.vim +@@ -101,3 +101,11 @@ func Test_using_visual_position() + bwipe! + endfunc + ++func Test_using_invalid_visual_position() ++ " this was going beyond the end of the line ++ new ++ exe "norm 0o000\<Esc>0\<C-V>$s0" ++ /\%V ++ bwipe! ++endfunc ++ |