summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2022-4141.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/CVE-2022-4141.patch140
1 files changed, 140 insertions, 0 deletions
diff --git a/debian/patches/CVE-2022-4141.patch b/debian/patches/CVE-2022-4141.patch
new file mode 100644
index 0000000..e537b7f
--- /dev/null
+++ b/debian/patches/CVE-2022-4141.patch
@@ -0,0 +1,140 @@
+From: Markus Koschany <apo@debian.org>
+Date: Sun, 11 Jun 2023 13:46:58 +0200
+Subject: CVE-2022-4141
+
+Bug-Debian: https://bugs.debian.org/1027146
+Origin: https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5
+---
+ src/normal.c | 35 ++++++++++++++++++++++++++---------
+ src/proto/normal.pro | 1 +
+ src/testdir/test_substitute.vim | 20 ++++++++++++++++++++
+ src/window.c | 4 +++-
+ 4 files changed, 50 insertions(+), 10 deletions(-)
+
+diff --git a/src/normal.c b/src/normal.c
+index 8f92b9c..ee2233d 100644
+--- a/src/normal.c
++++ b/src/normal.c
+@@ -523,13 +523,36 @@ check_text_locked(oparg_T *oap)
+ {
+ if (text_locked())
+ {
+- clearopbeep(oap);
++ if (oap != NULL)
++ clearopbeep(oap);
+ text_locked_msg();
+ return TRUE;
+ }
+ return FALSE;
+ }
+
++/*
++ * If text is locked, "curbuf_lock" or "allbuf_lock" is set:
++ * Give an error message, possibly beep and return TRUE.
++ * "oap" may be NULL.
++ */
++ int
++check_text_or_curbuf_locked(oparg_T *oap)
++{
++ if (check_text_locked(oap))
++ return TRUE;
++
++#ifdef FEAT_AUTOCMD
++ if (curbuf_locked())
++ {
++ if (oap != NULL)
++ clearop(oap);
++ return TRUE;
++ }
++#endif
++ return FALSE;
++}
++
+ /*
+ * Execute a command in Normal mode.
+ */
+@@ -791,8 +814,7 @@ getcount:
+ goto normal_end;
+ }
+
+- if ((nv_cmds[idx].cmd_flags & NV_NCW)
+- && (check_text_locked(oap) || curbuf_locked()))
++ if ((nv_cmds[idx].cmd_flags & NV_NCW) && check_text_or_curbuf_locked(oap))
+ /* this command is not allowed now */
+ goto normal_end;
+
+@@ -6173,13 +6195,8 @@ nv_gotofile(cmdarg_T *cap)
+ char_u *ptr;
+ linenr_T lnum = -1;
+
+- if (check_text_locked(cap->oap))
++ if (check_text_or_curbuf_locked(cap->oap))
+ return;
+- if (curbuf_locked())
+- {
+- clearop(cap->oap);
+- return;
+- }
+
+ ptr = grab_file_name(cap->count1, &lnum);
+
+diff --git a/src/proto/normal.pro b/src/proto/normal.pro
+index 55d12bb..cc81ff9 100644
+--- a/src/proto/normal.pro
++++ b/src/proto/normal.pro
+@@ -1,4 +1,5 @@
+ /* normal.c */
++int check_text_or_curbuf_locked(oparg_T *oap);
+ void init_normal_cmds(void);
+ void normal_cmd(oparg_T *oap, int toplevel);
+ void do_pending_operator(cmdarg_T *cap, int old_col, int gui_yank);
+diff --git a/src/testdir/test_substitute.vim b/src/testdir/test_substitute.vim
+index 9ab0adb..d78b036 100644
+--- a/src/testdir/test_substitute.vim
++++ b/src/testdir/test_substitute.vim
+@@ -565,3 +565,23 @@ func Test_sub_edit_scriptfile()
+ bwipe!
+ endfunc
+
++" This was editing another file from the expression.
++func Test_sub_expr_goto_other_file()
++ call writefile([''], 'Xfileone', 'D')
++ enew!
++ call setline(1, ['a', 'b', 'c', 'd',
++ \ 'Xfileone zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'])
++
++ func g:SplitGotoFile()
++ exe "sil! norm 0\<C-W>gf"
++ return ''
++ endfunc
++
++ $
++ s/\%')/\=g:SplitGotoFile()
++
++ delfunc g:SplitGotoFile
++ bwipe!
++endfunc
++
++
+diff --git a/src/window.c b/src/window.c
+index 7f51c1b..82ece3e 100644
+--- a/src/window.c
++++ b/src/window.c
+@@ -478,6 +478,8 @@ newwindow:
+ case Ctrl_F:
+ wingotofile:
+ CHECK_CMDWIN;
++ if (check_text_or_curbuf_locked(NULL))
++ break;
+
+ ptr = grab_file_name(Prenum1, &lnum);
+ if (ptr != NULL)
+@@ -757,7 +759,7 @@ win_split(int size, int flags)
+ * When "new_wp" is NULL: split the current window in two.
+ * When "new_wp" is not NULL: insert this window at the far
+ * top/left/right/bottom.
+- * return FAIL for failure, OK otherwise
++ * Return FAIL for failure, OK otherwise.
+ */
+ int
+ win_split_ins(