summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2022-0554.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/CVE-2022-0554.patch')
-rw-r--r--debian/patches/CVE-2022-0554.patch68
1 files changed, 68 insertions, 0 deletions
diff --git a/debian/patches/CVE-2022-0554.patch b/debian/patches/CVE-2022-0554.patch
new file mode 100644
index 0000000..ac5038e
--- /dev/null
+++ b/debian/patches/CVE-2022-0554.patch
@@ -0,0 +1,68 @@
+From: Markus Koschany <apo@debian.org>
+Date: Sun, 30 Oct 2022 20:13:30 +0100
+Subject: CVE-2022-0554
+
+Origin: https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8
+---
+ src/buffer.c | 26 ++++++++++++++++++++++----
+ src/testdir/test_quickfix.vim | 25 +++++++++++++++++++++++++
+ 2 files changed, 47 insertions(+), 4 deletions(-)
+
+diff --git a/src/buffer.c b/src/buffer.c
+index 4cac106..912ace9 100644
+--- a/src/buffer.c
++++ b/src/buffer.c
+@@ -1471,8 +1471,14 @@ do_buffer(
+ buf = buflist_findnr(curwin->w_jumplist[jumpidx].fmark.fnum);
+ if (buf != NULL)
+ {
+- if (buf == curbuf || !buf->b_p_bl)
+- buf = NULL; /* skip current and unlisted bufs */
++ // Skip current and unlisted bufs. Also skip a quickfix
++ // buffer, it might be deleted soon.
++ if (buf == curbuf || !buf->b_p_bl
++#if defined(FEAT_QUICKFIX)
++ || bt_quickfix(buf)
++#endif
++ )
++ buf = NULL;
+ else if (buf->b_ml.ml_mfp == NULL)
+ {
+ /* skip unloaded buf, but may keep it for later */
+@@ -1509,7 +1515,11 @@ do_buffer(
+ continue;
+ }
+ /* in non-help buffer, try to skip help buffers, and vv */
+- if (buf->b_help == curbuf->b_help && buf->b_p_bl)
++ if (buf->b_help == curbuf->b_help && buf->b_p_bl
++#if defined(FEAT_QUICKFIX)
++ && !bt_quickfix(buf)
++#endif
++ )
+ {
+ if (buf->b_ml.ml_mfp != NULL) /* found loaded buffer */
+ break;
+@@ -1527,7 +1537,11 @@ do_buffer(
+ if (buf == NULL) /* No loaded buffer, find listed one */
+ {
+ FOR_ALL_BUFFERS(buf)
+- if (buf->b_p_bl && buf != curbuf)
++ if (buf->b_p_bl && buf != curbuf
++#if defined(FEAT_QUICKFIX)
++ && !bt_quickfix(buf)
++#endif
++ )
+ break;
+ }
+ if (buf == NULL) /* Still no buffer, just take one */
+@@ -1536,6 +1550,10 @@ do_buffer(
+ buf = curbuf->b_next;
+ else
+ buf = curbuf->b_prev;
++#if defined(FEAT_QUICKFIX)
++ if (bt_quickfix(buf))
++ buf = NULL;
++#endif
+ }
+ }
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-25 20:22:34 +0000