debian/patches/CVE-2022-0359.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

From: Markus Koschany <apo@debian.org>
Date: Sun, 23 Oct 2022 17:28:12 +0200
Subject: CVE-2022-0359

Origin: https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1
---
 src/ex_getln.c                | 2 +-
 src/testdir/test_ex_equal.vim | 9 +++++++++
 src/version.c                 | 2 ++
 3 files changed, 12 insertions(+), 1 deletion(-)

--- a/src/ex_getln.c
+++ b/src/ex_getln.c
@@ -898,7 +898,7 @@ getcmdline_int(
     ccline.cmdindent = (firstc > 0 ? indent : 0);
 
     /* alloc initial ccline.cmdbuff */
-    alloc_cmdbuff(exmode_active ? 250 : indent + 1);
+    alloc_cmdbuff(indent + 50);
     if (ccline.cmdbuff == NULL)
 	goto theend;	// out of memory
     ccline.cmdlen = ccline.cmdpos = 0;
--- a/src/testdir/test_ex_equal.vim
+++ b/src/testdir/test_ex_equal.vim
@@ -43,3 +43,12 @@ func Test_open_command_flush_line()
   endtry
   bwipe!
 endfunc
+
+func Test_ex_mode_large_indent()
+  new
+  set ts=500 ai
+  call setline(1, "\t")
+  exe "normal gQi\<CR>."
+  set ts=8 noai
+  bwipe!
+endfunc
--- a/src/version.c
+++ b/src/version.c
@@ -792,6 +792,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    4214,
+/**/
     4120,
 /**/
     1401,