blob: 7333268fe789b4d5c650209746480af4e1864c1e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
From: Markus Koschany <apo@debian.org>
Date: Sun, 30 Oct 2022 22:10:14 +0100
Subject: CVE-2022-0729
Origin: https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30
---
src/regexp.c | 5 +++++
src/testdir/test_regexp_utf8.vim | 8 ++++++++
2 files changed, 13 insertions(+)
diff --git a/src/regexp.c b/src/regexp.c
index 6ad928d..33414ce 100644
--- a/src/regexp.c
+++ b/src/regexp.c
@@ -5575,6 +5575,11 @@ regmatch(
if (rex.input == rex.line)
{
/* backup to last char of previous line */
+ if (rex.lnum == 0)
+ {
+ status = RA_NOMATCH;
+ break;
+ }
--rex.lnum;
rex.line = reg_getline(rex.lnum);
/* Just in case regrepeat() didn't count
diff --git a/src/testdir/test_regexp_utf8.vim b/src/testdir/test_regexp_utf8.vim
index 75485dc..378bc21 100644
--- a/src/testdir/test_regexp_utf8.vim
+++ b/src/testdir/test_regexp_utf8.vim
@@ -215,4 +215,12 @@ func Test_match_invalid_byte()
call delete('Xinvalid')
endfunc
+func Test_match_too_complicated()
+ set regexpengine=1
+ exe "vsplit \xeb\xdb\x99"
+ silent! buf \&\zs*\zs*0
+ bwipe!
+ set regexpengine=0
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
|