1 files changed, 53 insertions, 0 deletions

diff --git a/debian/patches/CVE-2022-0943.patch b/debian/patches/CVE-2022-0943.patch
new file mode 100644
index 0000000..b4870dc
--- /dev/null
+++ b/debian/patches/CVE-2022-0943.patch
@@ -0,0 +1,53 @@
+From: Markus Koschany <apo@debian.org>
+Date: Sun, 30 Oct 2022 22:14:06 +0100
+Subject: CVE-2022-0943
+
+Origin: https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3
+---
+ src/spell.c                |  4 ++++
+ src/testdir/test_spell.vim | 17 +++++++++++++++++
+ 2 files changed, 21 insertions(+)
+
+diff --git a/src/spell.c b/src/spell.c
+index 758a12e..2d36953 100644
+--- a/src/spell.c
++++ b/src/spell.c
+@@ -3259,6 +3259,10 @@ spell_suggest(int count)
+ 	    curwin->w_cursor.col = VIsual.col;
+ 	++badlen;
+ 	end_visual_mode();
++	// make sure we don't include the NUL at the end of the line
++	line = ml_get_curline();
++	if (badlen > STRLEN(line) - curwin->w_cursor.col)
++	    badlen = STRLEN(line) - curwin->w_cursor.col;
+     }
+     /* Find the start of the badly spelled word. */
+     else if (spell_move_to(curwin, FORWARD, TRUE, TRUE, NULL) == 0
+diff --git a/src/testdir/test_spell.vim b/src/testdir/test_spell.vim
+index 0a7d8d4..50e2d54 100644
+--- a/src/testdir/test_spell.vim
++++ b/src/testdir/test_spell.vim
+@@ -126,6 +126,23 @@ func Test_spellreall()
+   bwipe!
+ endfunc
+ 
++func Test_spellsuggest_visual_end_of_line()
++  set spell
++  let enc_save = &encoding
++  set encoding=iso8859
++
++  " This was reading beyond the end of the line.
++  norm R00000000000
++  sil norm ^V0
++  sil! norm ^Vi00000)
++  sil! norm ^Vi00000)
++  call feedkeys("\<CR>")
++  norm z=
++
++  let &encoding = enc_save
++  set nospell
++endfunc
++
+ func Test_spellinfo()
+   new
+