fix CVE-2021-3984

2021-12-04 10:58:29 +08:00 · 2021-12-04 10:58:29 +08:00 · 67526d86e2
commit 67526d86e2
parent 539b728a2b
2 changed files with 82 additions and 11 deletions
--- a/backport-CVE-2021-3984.patch
+++ b/backport-CVE-2021-3984.patch
@ -0,0 +1,64 @@
+From 2de9b7c7c8791da8853a9a7ca9c467867465b655 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Fri, 19 Nov 2021 19:41:13 +0000
+Subject: [PATCH] patch 8.2.3625: illegal memory access when C-indenting
+
+Problem:    Illegal memory access when C-indenting.
+Solution:   Also set the cursor column.
+---
+ src/cindent.c                | 10 +++++-----
+ src/testdir/test_cindent.vim | 12 ++++++++++++
+ 2 files changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/src/cindent.c b/src/cindent.c
+index c7caed6..28d1558 100644
+--- a/src/cindent.c
+++ b/src/cindent.c
+@@ -1635,10 +1635,10 @@ get_baseclass_amount(int col)
+     static pos_T *
+ find_start_brace(void)	    // XXX
+ {
+-    pos_T	cursor_save;
+-    pos_T	*trypos;
+-    pos_T	*pos;
+-    static pos_T	pos_copy;
+    pos_T	    cursor_save;
+    pos_T	    *trypos;
+    pos_T	    *pos;
+    static pos_T    pos_copy;
+ 
+     cursor_save = curwin->w_cursor;
+     while ((trypos = findmatchlimit(NULL, '{', FM_BLOCKSTOP, 0)) != NULL)
+@@ -1652,7 +1652,7 @@ find_start_brace(void)	    // XXX
+ 		       && (pos = ind_find_start_CORS(NULL)) == NULL) // XXX
+ 	    break;
+ 	if (pos != NULL)
+-	    curwin->w_cursor.lnum = pos->lnum;
+	    curwin->w_cursor = *pos;
+     }
+     curwin->w_cursor = cursor_save;
+     return trypos;
+diff --git a/src/testdir/test_cindent.vim b/src/testdir/test_cindent.vim
+index 2cb3f24..2a87460 100644
+--- a/src/testdir/test_cindent.vim
+++ b/src/testdir/test_cindent.vim
+@@ -5251,4 +5251,16 @@ func Test_cindent_56()
+   enew! | close
+ endfunc
+ 
+func Test_find_brace_backwards()
+  " this was looking beyond the end of the line
+  new
+  norm R/*
+  norm o0{
+  norm o//
+  norm V{=
+  call assert_equal(['/*', '   0{', '//'], getline(1, 3))
+  bwipe!
+endfunc
+
+
+ " vim: shiftwidth=2 sts=2 expandtab
+-- 
+1.8.3.1
+
--- a/vim.spec
+++ b/vim.spec
@ -12,7 +12,7 @@
 Name:           vim
 Epoch:          2
 Version:        8.2
-Release:        16
+Release:        17
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@ -54,6 +54,7 @@ Patch6016:      backport-CVE-2021-3973.patch
 Patch6017:      backport-CVE-2021-3974.patch
 Patch6018:      backport-find-test-fails.patch
 Patch6019:      backport-no-early-check-if-find-and-sfind-have-an-argument.patch
+Patch6020:      backport-CVE-2021-3984.patch

 Patch9000:      bugfix-rm-modify-info-version.patch

@ -442,61 +443,67 @@ popd
 %{_mandir}/man1/evim.*

 %changelog
-* Tue Nov 30 2021 shixuantong<shixuantong@huawei> - 2:8.2-16
+* Sat Dec 04 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-17
+- Type:CVE
+- ID:CVE-2021-3984
+- SUG:NA
+- DESC:fix CVE-2021-3984
+
+* Tue Nov 30 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-16
 - Type:CVE
 - ID:CVE-2021-3973 CVE-2021-3974
 - SUG:NA
 - DESC:fix CVE-2021-3973 CVE-2021-3974

-* Sat Nov 27 2021 shixuantong<shixuantong@huawei> - 2:8.2-15
+* Sat Nov 27 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-15
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:fix build fail for python3-3.10.0

-* Sat Nov 13 2021 shixuantong<shixuantong@huawei> - 2:8.2-14
+* Sat Nov 13 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-14
 - Type:CVE
 - ID:CVE-2021-3927 CVE-2021-3927
 - SUG:NA
 - DESC:fix CVE-2021-3927 CVE-2021-3928

-* Sat Oct 30 2021 shixuantong<shixuantong@huawei> - 2:8.2-13
+* Sat Oct 30 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-13
 - Type:CVE
 - ID:CVE-2021-3903
 - SUG:NA
 - DESC:fix CVE-2021-3903

-* Sat Oct 23 2021 shixuantong<shixuantong@huawei> - 2:8.2-12
+* Sat Oct 23 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-12
 - Type:CVE
 - ID:CVE-2021-3872 CVE-2021-3875
 - SUG:NA
 - DESC:fix CVE-2021-3872 CVE-2021-3875

-* Sun Sep 26 2021 shixuantong<shixuantong@huawei> - 2:8.2-11
+* Sun Sep 26 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-11
 - Type:CVE
 - ID:CVE-2021-3778 CVE-2021-3796
 - SUG:NA
 - DESC:fix CVE-2021-3778 CVE-2021-3796

-* Sat Sep 11 2021 shixuantong<shixuantong@huawei> - 2:8.2-10
+* Sat Sep 11 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-10
 - Type:CVE
 - ID:NA
 - SUG:NA
 - DESC:fix CVE-2021-3770

-* Tue Aug 10 2021 shixuantong<shixuantong@huawei> - 2:8.2-9
+* Tue Aug 10 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-9
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:fix signal stack size is wrong with latest glibc 2.34

-* Sat Aug 07 2021 shixuantong<shixuantong@huawei> - 2:8.2-8
+* Sat Aug 07 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-8
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:fix configure does not recognize gcc 10.0 and later

-* Sat Jun 12 2021 shixuantong<shixuantong@huawei> - 2:8.2-7
+* Sat Jun 12 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-7
 - Type:bugfix
 - ID:NA
 - SUG:NA