summaryrefslogtreecommitdiffstats
path: root/debian/patches/CVE-2022-0943.patch
blob: b9851cd82ecb43f7e6c565023ad5dd0c9781e058 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
From: Markus Koschany <apo@debian.org>
Date: Sun, 30 Oct 2022 22:14:06 +0100
Subject: CVE-2022-0943

Origin: https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3
---
 src/spell.c                |  4 ++++
 src/testdir/test_spell.vim | 17 +++++++++++++++++
 2 files changed, 21 insertions(+)

--- a/src/spell.c
+++ b/src/spell.c
@@ -3259,6 +3259,10 @@ spell_suggest(int count)
 	    curwin->w_cursor.col = VIsual.col;
 	++badlen;
 	end_visual_mode();
+	// make sure we don't include the NUL at the end of the line
+	line = ml_get_curline();
+	if (badlen > STRLEN(line) - curwin->w_cursor.col)
+	    badlen = STRLEN(line) - curwin->w_cursor.col;
     }
     /* Find the start of the badly spelled word. */
     else if (spell_move_to(curwin, FORWARD, TRUE, TRUE, NULL) == 0
--- a/src/testdir/test_spell.vim
+++ b/src/testdir/test_spell.vim
@@ -126,6 +126,23 @@ func Test_spellreall()
   bwipe!
 endfunc
 
+func Test_spellsuggest_visual_end_of_line()
+  set spell
+  let enc_save = &encoding
+  set encoding=iso8859
+
+  " This was reading beyond the end of the line.
+  norm R00000000000
+  sil norm ^V0
+  sil! norm ^Vi00000)
+  sil! norm ^Vi00000)
+  call feedkeys("\<CR>")
+  norm z=
+
+  let &encoding = enc_save
+  set nospell
+endfunc
+
 func Test_spellinfo()
   new