1 files changed, 45 insertions, 0 deletions

diff --git a/debian/patches/CVE-2023-4752-heap-use-after-free-in-ins_compl_get_exp.patch b/debian/patches/CVE-2023-4752-heap-use-after-free-in-ins_compl_get_exp.patch
new file mode 100644
index 0000000..cbe7a0b
--- /dev/null
+++ b/debian/patches/CVE-2023-4752-heap-use-after-free-in-ins_compl_get_exp.patch
@@ -0,0 +1,45 @@
+From: Christian Brabandt <cb@256bit.org>
+Date: Wed, 27 Sep 2023 22:42:36 +0000
+Subject: CVE-2023-4752: heap use after free in ins_compl_get_exp()
+
+Problem:  heap use after free in ins_compl_get_exp()
+Solution: validate buffer before accessing it
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-4752
+origin: https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139
+bug: https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757/
+
+[backport]
+ins_compl_get_exp is under sr/edit.c
+---
+ src/edit.c    | 2 +-
+ src/version.c | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/edit.c b/src/edit.c
+index f2521e1..428b69c 100644
+--- a/src/edit.c
++++ b/src/edit.c
+@@ -4752,7 +4752,7 @@ ins_compl_get_exp(pos_T *ini)
+ 	else
+ 	{
+ 	    /* Mark a buffer scanned when it has been scanned completely */
+-	    if (type == 0 || type == CTRL_X_PATH_PATTERNS)
++	  if (buf_valid(ins_buf) && (type == 0 || type == CTRL_X_PATH_PATTERNS))
+ 		ins_buf->b_scanned = TRUE;
+ 
+ 	    compl_started = FALSE;
+diff --git a/src/version.c b/src/version.c
+index a03d79b..d863dd1 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -791,6 +791,8 @@ static char *(features[]) =
+ 
+ static int included_patches[] =
+ {   /* Add new patch number below this line */
++/**/
++    1858,
+ /**/
+     5126,
+ /**/