From: Markus Koschany <apo@debian.org>
Date: Sun, 11 Jun 2023 13:48:33 +0200
Subject: CVE-2023-0054

Bug-Debian: https://bugs.debian.org/1031875
Origin: https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731
---
 src/eval.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/eval.c b/src/eval.c
index 659f35c..f22b0ae 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -10612,6 +10612,11 @@ do_string_sub(
 	     * - The text after the match.
 	     */
 	    sublen = vim_regsub(&regmatch, sub, expr, tail, FALSE, TRUE, FALSE);
+	    if (sublen <= 0)
+	    {
+		ga_clear(&ga);
+		break;
+	    }
 	    if (ga_grow(&ga, (int)((end - tail) + sublen -
 			    (regmatch.endp[0] - regmatch.startp[0]))) == FAIL)
 	    {