1 files changed, 53 insertions, 0 deletions

diff --git a/debian/patches/CVE-2022-1616.patch b/debian/patches/CVE-2022-1616.patch
new file mode 100644
index 0000000..85a2ed0
--- /dev/null
+++ b/debian/patches/CVE-2022-1616.patch
@@ -0,0 +1,53 @@
+From: Markus Koschany <apo@debian.org>
+Date: Mon, 31 Oct 2022 14:50:16 +0100
+Subject: CVE-2022-1616
+
+Origin: https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c
+---
+ src/ex_docmd.c               |  4 +++-
+ src/testdir/test_cmdline.vim | 12 ++++++++++++
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/src/ex_docmd.c b/src/ex_docmd.c
+index 1dfa95d..bb8d719 100644
+--- a/src/ex_docmd.c
++++ b/src/ex_docmd.c
+@@ -3116,7 +3116,7 @@ append_command(char_u *cmd)
+ 
+     STRCAT(IObuff, ": ");
+     d = IObuff + STRLEN(IObuff);
+-    while (*s != NUL && d - IObuff < IOSIZE - 7)
++    while (*s != NUL && d - IObuff + 5 < IOSIZE)
+     {
+ 	if (enc_utf8 ? (s[0] == 0xc2 && s[1] == 0xa0) : *s == 0xa0)
+ 	{
+@@ -3124,6 +3124,8 @@ append_command(char_u *cmd)
+ 	    STRCPY(d, "<a0>");
+ 	    d += 4;
+ 	}
++	else if (d - IObuff + (*mb_ptr2len)(s) + 1 >= IOSIZE)
++	    break;
+ 	else
+ 	    MB_COPY_CHAR(s, d);
+     }
+diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim
+index 02eeb6b..46f18dc 100644
+--- a/src/testdir/test_cmdline.vim
++++ b/src/testdir/test_cmdline.vim
+@@ -609,4 +609,16 @@ func Test_cmdline_overstrike()
+   let &encoding = encoding_save
+ endfunc
+ 
++" this was going over the end of IObuff
++func Test_report_error_with_composing()
++  let caught = 'no'
++  try
++    exe repeat('0', 987) . "0\xdd\x80\xdd\x80\xdd\x80\xdd\x80"
++  catch /E492:/
++    let caught = 'yes'
++ endtry
++  call assert_equal('yes', caught)
++endfunc
++
++
+ set cpo&