packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!430 fix CVE-2022-3705

Browse Source 
From: @wangjiang37 
Reviewed-by: @xiezhipeng1 
Signed-off-by: @xiezhipeng1
This commit is contained in:
openeuler-ci-bot 2022-11-02 01:33:30 +00:00 committed by Gitee
commit 73f01bfb0f
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 80 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
backport-CVE-2022-3705.patch Normal file
View File

@ -0,0 +1,72 @@
From d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Thu, 20 Oct 2022 16:03:33 +0100
Subject: [PATCH] patch 9.0.0805: filetype autocmd may cause freed memory
access
Problem: Filetype autocmd may cause freed memory access.
Solution: Set the quickfix-busy flag while filling the buffer.
---
src/quickfix.c | 6 ++++++
src/testdir/test_quickfix.vim | 16 ++++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/src/quickfix.c b/src/quickfix.c
index a90611475ab1..f85fff56f23d 100644
--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -4543,6 +4543,9 @@ qf_update_buffer(qf_info_T *qi, qfline_T *old_last)
qf_winid = win->w_id;
}
+ // autocommands may cause trouble
+ incr_quickfix_busy();
+
if (old_last == NULL)
// set curwin/curbuf to buf and save a few things
aucmd_prepbuf(&aco, buf);
@@ -4564,6 +4567,9 @@ qf_update_buffer(qf_info_T *qi, qfline_T *old_last)
// when the added lines are not visible.
if ((win = qf_find_win(qi)) != NULL && old_line_count < win->w_botline)
redraw_buf_later(buf, NOT_VALID);
+
+ // always called after incr_quickfix_busy()
+ decr_quickfix_busy();
}
}
diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
index 2ee754b39690..bcaef5da175c 100644
--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
@@ -3471,6 +3471,21 @@ func Test_resize_from_copen()
endtry
endfunc
+func Test_filetype_autocmd()
+ " this changes the location list while it is in use to fill a buffer
+ lexpr ''
+ lopen
+ augroup FT_loclist
+ au FileType * call setloclist(0, [], 'f')
+ augroup END
+ silent! lolder
+ lexpr ''
+
+ augroup FT_loclist
+ au! FileType
+ augroup END
+endfunc
+
func Test_vimgrep_with_textlock()
new
@@ -6380,4 +6395,5 @@ func Test_loclist_replace_autocmd()
call setloclist(0, [], 'f')
endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
--
2.33.0

9
vim.spec
View File

@ -12,7 +12,7 @@
Name: vim Name: vim
Epoch: 2 Epoch: 2
Version: 9.0 Version: 9.0
Release: 19 Release: 20
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT License: Vim and MIT
URL: http://www.vim.org URL: http://www.vim.org
@ -73,6 +73,7 @@ Patch6042: backport-CVE-2022-3278.patch
Patch6043: backport-CVE-2022-3297.patch Patch6043: backport-CVE-2022-3297.patch
Patch6044: backport-9.0.0581-adding-a-character-for-incsearch-fails-at-end-of-line.patch Patch6044: backport-9.0.0581-adding-a-character-for-incsearch-fails-at-end-of-line.patch
Patch6045: backport-CVE-2022-3324.patch Patch6045: backport-CVE-2022-3324.patch
Patch6046: backport-CVE-2022-3705.patch
Patch9000: bugfix-rm-modify-info-version.patch Patch9000: bugfix-rm-modify-info-version.patch
@ -472,6 +473,12 @@ LC_ALL=en_US.UTF-8 make -j1 test
%{_mandir}/man1/evim.* %{_mandir}/man1/evim.*
%changelog %changelog
* Tue Nov 01 2022 wangjiang <wangjiang37@h-partners.com> - 2:9.0-20
- Type:CVE
- ID:CVE-2022-3705
- SUG:NA
- DESC:fix CVE-2022-3705
* Mon Oct 17 2022 dongyuzhen <dongyuzhen@h-partners.com> - 2:9.0-19 * Mon Oct 17 2022 dongyuzhen <dongyuzhen@h-partners.com> - 2:9.0-19
- Type:CVE - Type:CVE
- ID:CVE-2022-3278 CVE-2022-3297 CVE-2022-3324 - ID:CVE-2022-3278 CVE-2022-3297 CVE-2022-3324