diff options
Diffstat (limited to 'debian/patches/CVE-2022-2129.patch')
-rw-r--r-- | debian/patches/CVE-2022-2129.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/debian/patches/CVE-2022-2129.patch b/debian/patches/CVE-2022-2129.patch new file mode 100644 index 0000000..70bdd57 --- /dev/null +++ b/debian/patches/CVE-2022-2129.patch @@ -0,0 +1,65 @@ +From d6211a52ab9f53b82f884561ed43d2fe4d24ff7d Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Sat, 18 Jun 2022 19:48:14 +0100 +Subject: [PATCH] patch 8.2.5126: substitute may overrun destination buffer + +Problem: Substitute may overrun destination buffer. +Solution: Disallow switching buffers in a substitute expression. +--- + src/ex_docmd.c | 7 ++++--- + src/testdir/test_substitute.vim | 13 +++++++++++++ + src/version.c | 2 ++ + 3 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/src/ex_docmd.c b/src/ex_docmd.c +index fed9330b52e9..1185cd1550a6 100644 +--- a/src/ex_docmd.c ++++ b/src/ex_docmd.c +@@ -8778,9 +8778,10 @@ do_exedit( + #endif + ) + { +- /* Can't edit another file when "curbuf_lock" is set. Only ":edit" +- * can bring us here, others are stopped earlier. */ +- if (*eap->arg != NUL && curbuf_locked()) ++ /* Can't edit another file when "textlock" or "curbuf_lock" is set. ++ * Only ":edit" or ":script" can bring us here, others are stopped ++ earlier. */ ++ if (*eap->arg != NUL && text_or_buf_locked()) + return; + + n = readonlymode; +diff --git a/src/testdir/test_substitute.vim b/src/testdir/test_substitute.vim +index 46ea95513192..c056fa965692 100644 +--- a/src/testdir/test_substitute.vim ++++ b/src/testdir/test_substitute.vim +@@ -552,3 +552,16 @@ + delfunc Repl + endfunc + ++" This was editing a script file from the expression ++func Test_sub_edit_scriptfile() ++ new ++ norm o0000000000000000000000000000000000000000000000000000 ++ func EditScript() ++ silent! scr! Xfile ++ endfunc ++ s/\%')/\=EditScript() ++ ++ delfunc EditScript ++ bwipe! ++endfunc ++ +diff --git a/src/version.c b/src/version.c +index 82ac4eaf2dd9..2f397ae315f7 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -791,6 +791,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 5126, + /**/ + 5063, + /**/ |