From: Markus Koschany Date: Sun, 23 Oct 2022 17:28:12 +0200 Subject: CVE-2022-0359 Origin: https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 --- src/ex_getln.c | 2 +- src/testdir/test_ex_equal.vim | 9 +++++++++ src/version.c | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/ex_getln.c b/src/ex_getln.c index cba082a..328450c 100644 --- a/src/ex_getln.c +++ b/src/ex_getln.c @@ -898,7 +898,7 @@ getcmdline_int( ccline.cmdindent = (firstc > 0 ? indent : 0); /* alloc initial ccline.cmdbuff */ - alloc_cmdbuff(exmode_active ? 250 : indent + 1); + alloc_cmdbuff(indent + 50); if (ccline.cmdbuff == NULL) goto theend; // out of memory ccline.cmdlen = ccline.cmdpos = 0; diff --git a/src/testdir/test_ex_equal.vim b/src/testdir/test_ex_equal.vim index 03cfc46..fa00072 100644 --- a/src/testdir/test_ex_equal.vim +++ b/src/testdir/test_ex_equal.vim @@ -43,3 +43,12 @@ func Test_open_command_flush_line() endtry bwipe! endfunc + +func Test_ex_mode_large_indent() + new + set ts=500 ai + call setline(1, "\t") + exe "normal gQi\." + set ts=8 noai + bwipe! +endfunc diff --git a/src/version.c b/src/version.c index 0a29ebb..586e9ca 100644 --- a/src/version.c +++ b/src/version.c @@ -791,6 +791,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 4214, /**/ 4120, /**/