diff options
Diffstat (limited to 'debian/patches/CVE-2022-4141.patch')
| -rw-r--r-- | debian/patches/CVE-2022-4141.patch | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/debian/patches/CVE-2022-4141.patch b/debian/patches/CVE-2022-4141.patch new file mode 100644 index 0000000..e537b7f --- /dev/null +++ b/debian/patches/CVE-2022-4141.patch @@ -0,0 +1,140 @@ +From: Markus Koschany <apo@debian.org> +Date: Sun, 11 Jun 2023 13:46:58 +0200 +Subject: CVE-2022-4141 + +Bug-Debian: https://bugs.debian.org/1027146 +Origin: https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 +--- + src/normal.c | 35 ++++++++++++++++++++++++++--------- + src/proto/normal.pro | 1 + + src/testdir/test_substitute.vim | 20 ++++++++++++++++++++ + src/window.c | 4 +++- + 4 files changed, 50 insertions(+), 10 deletions(-) + +diff --git a/src/normal.c b/src/normal.c +index 8f92b9c..ee2233d 100644 +--- a/src/normal.c ++++ b/src/normal.c +@@ -523,13 +523,36 @@ check_text_locked(oparg_T *oap) + { + if (text_locked()) + { +- clearopbeep(oap); ++ if (oap != NULL) ++ clearopbeep(oap); + text_locked_msg(); + return TRUE; + } + return FALSE; + } + ++/* ++ * If text is locked, "curbuf_lock" or "allbuf_lock" is set: ++ * Give an error message, possibly beep and return TRUE. ++ * "oap" may be NULL. ++ */ ++ int ++check_text_or_curbuf_locked(oparg_T *oap) ++{ ++ if (check_text_locked(oap)) ++ return TRUE; ++ ++#ifdef FEAT_AUTOCMD ++ if (curbuf_locked()) ++ { ++ if (oap != NULL) ++ clearop(oap); ++ return TRUE; ++ } ++#endif ++ return FALSE; ++} ++ + /* + * Execute a command in Normal mode. + */ +@@ -791,8 +814,7 @@ getcount: + goto normal_end; + } + +- if ((nv_cmds[idx].cmd_flags & NV_NCW) +- && (check_text_locked(oap) || curbuf_locked())) ++ if ((nv_cmds[idx].cmd_flags & NV_NCW) && check_text_or_curbuf_locked(oap)) + /* this command is not allowed now */ + goto normal_end; + +@@ -6173,13 +6195,8 @@ nv_gotofile(cmdarg_T *cap) + char_u *ptr; + linenr_T lnum = -1; + +- if (check_text_locked(cap->oap)) ++ if (check_text_or_curbuf_locked(cap->oap)) + return; +- if (curbuf_locked()) +- { +- clearop(cap->oap); +- return; +- } + + ptr = grab_file_name(cap->count1, &lnum); + +diff --git a/src/proto/normal.pro b/src/proto/normal.pro +index 55d12bb..cc81ff9 100644 +--- a/src/proto/normal.pro ++++ b/src/proto/normal.pro +@@ -1,4 +1,5 @@ + /* normal.c */ ++int check_text_or_curbuf_locked(oparg_T *oap); + void init_normal_cmds(void); + void normal_cmd(oparg_T *oap, int toplevel); + void do_pending_operator(cmdarg_T *cap, int old_col, int gui_yank); +diff --git a/src/testdir/test_substitute.vim b/src/testdir/test_substitute.vim +index 9ab0adb..d78b036 100644 +--- a/src/testdir/test_substitute.vim ++++ b/src/testdir/test_substitute.vim +@@ -565,3 +565,23 @@ func Test_sub_edit_scriptfile() + bwipe! + endfunc + ++" This was editing another file from the expression. ++func Test_sub_expr_goto_other_file() ++ call writefile([''], 'Xfileone', 'D') ++ enew! ++ call setline(1, ['a', 'b', 'c', 'd', ++ \ 'Xfileone zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz']) ++ ++ func g:SplitGotoFile() ++ exe "sil! norm 0\<C-W>gf" ++ return '' ++ endfunc ++ ++ $ ++ s/\%')/\=g:SplitGotoFile() ++ ++ delfunc g:SplitGotoFile ++ bwipe! ++endfunc ++ ++ +diff --git a/src/window.c b/src/window.c +index 7f51c1b..82ece3e 100644 +--- a/src/window.c ++++ b/src/window.c +@@ -478,6 +478,8 @@ newwindow: + case Ctrl_F: + wingotofile: + CHECK_CMDWIN; ++ if (check_text_or_curbuf_locked(NULL)) ++ break; + + ptr = grab_file_name(Prenum1, &lnum); + if (ptr != NULL) +@@ -757,7 +759,7 @@ win_split(int size, int flags) + * When "new_wp" is NULL: split the current window in two. + * When "new_wp" is not NULL: insert this window at the far + * top/left/right/bottom. +- * return FAIL for failure, OK otherwise ++ * Return FAIL for failure, OK otherwise. + */ + int + win_split_ins( |