!615 [sync] PR-614: fix CVE-2023-48232
From: @openeuler-sync-bot Reviewed-by: @gaoruoshu Signed-off-by: @gaoruoshu
This commit is contained in:
openeuler-ci-bot
Gitee
commit
91925baa43
63
backport-CVE-2023-48232.patch
Normal file
63
backport-CVE-2023-48232.patch
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
From cb0b99f0672d8446585d26e998343dceca17d1ce Mon Sep 17 00:00:00 2001
|
||||||
|
From: Christian Brabandt <cb@256bit.org>
|
||||||
|
Date: Tue, 14 Nov 2023 20:05:59 +0100
|
||||||
|
Subject: [PATCH] patch 9.0.2107: [security]: FPE in adjust_plines_for_skipcol
|
||||||
|
|
||||||
|
Problem: [security]: FPE in adjust_plines_for_skipcol
|
||||||
|
Solution: don't divide by zero, return zero
|
||||||
|
|
||||||
|
Prevent a floating point exception when calculating w_skipcol (which can
|
||||||
|
happen with a small window when the number option is set and cpo+=n).
|
||||||
|
|
||||||
|
Add a test to verify
|
||||||
|
|
||||||
|
Signed-off-by: Christian Brabandt <cb@256bit.org>
|
||||||
|
---
|
||||||
|
src/move.c | 5 +++--
|
||||||
|
src/testdir/test_scroll_opt.vim | 19 +++++++++++++++++++
|
||||||
|
2 files changed, 22 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/move.c b/src/move.c
|
||||||
|
index ce06dc3394689..fbb352a32e15a 100644
|
||||||
|
--- a/src/move.c
|
||||||
|
+++ b/src/move.c
|
||||||
|
@@ -45,8 +45,9 @@ adjust_plines_for_skipcol(win_T *wp)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
int width = wp->w_width - win_col_off(wp);
|
||||||
|
- if (wp->w_skipcol >= width)
|
||||||
|
- return (wp->w_skipcol - width) / (width + win_col_off2(wp)) + 1;
|
||||||
|
+ int w2 = width + win_col_off2(wp);
|
||||||
|
+ if (wp->w_skipcol >= width && w2 > 0)
|
||||||
|
+ return (wp->w_skipcol - width) / w2 + 1;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
diff --git a/src/testdir/test_scroll_opt.vim b/src/testdir/test_scroll_opt.vim
|
||||||
|
index d5d08a24c20d4..342d382c20a5a 100644
|
||||||
|
--- a/src/testdir/test_scroll_opt.vim
|
||||||
|
+++ b/src/testdir/test_scroll_opt.vim
|
||||||
|
@@ -926,4 +926,23 @@ func Test_smoothscroll_cursor_top()
|
||||||
|
call StopVimInTerminal(buf)
|
||||||
|
endfunc
|
||||||
|
|
||||||
|
+" Division by zero, shouldn't crash
|
||||||
|
+func Test_smoothscroll_crash()
|
||||||
|
+ CheckScreendump
|
||||||
|
+
|
||||||
|
+ let lines =<< trim END
|
||||||
|
+ 20 new
|
||||||
|
+ vsp
|
||||||
|
+ put =repeat('aaaa', 20)
|
||||||
|
+ set nu fdc=1 smoothscroll cpo+=n
|
||||||
|
+ vert resize 0
|
||||||
|
+ exe "norm! 0\<c-e>"
|
||||||
|
+ END
|
||||||
|
+ call writefile(lines, 'XSmoothScrollCrash', 'D')
|
||||||
|
+ let buf = RunVimInTerminal('-u NONE -S XSmoothScrollCrash', #{rows: 12, cols:40})
|
||||||
|
+ call term_sendkeys(buf, "2\<C-E>\<C-L>")
|
||||||
|
+
|
||||||
|
+ call StopVimInTerminal(buf)
|
||||||
|
+endfunc
|
||||||
|
+
|
||||||
|
" vim: shiftwidth=2 sts=2 expandtab
|
||||||
23
vim.spec
23
vim.spec
@ -14,7 +14,7 @@
|
|||||||
Name: vim
|
Name: vim
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
Version: %{baseversion}.%{patchlevel}
|
Version: %{baseversion}.%{patchlevel}
|
||||||
Release: 5
|
Release: 6
|
||||||
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
|
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
|
||||||
License: Vim and MIT
|
License: Vim and MIT
|
||||||
URL: http://www.vim.org
|
URL: http://www.vim.org
|
||||||
@ -30,17 +30,18 @@ Patch0004: vim-8.0-copy-paste.patch
|
|||||||
Patch0005: vim-python3-tests.patch
|
Patch0005: vim-python3-tests.patch
|
||||||
|
|
||||||
|
|
||||||
Patch6000: bugfix-security-overflow-with-count-for-s-command.patch
|
Patch6000: backport-CVE-2023-48233.patch
|
||||||
Patch6001: backport-patch-9.0.2106-Use-after-free-in-win_close.patch
|
Patch6001: backport-CVE-2023-48231.patch
|
||||||
Patch6002: backport-patch-9.0.2109-overflow-in-nv_z_get_count.patch
|
Patch6002: backport-CVE-2023-48234.patch
|
||||||
Patch6003: backport-patch-9.0.2110-overflow-in-ex-address-parsing.patch
|
Patch6003: backport-CVE-2023-48235.patch
|
||||||
Patch6004: backport-patch-9.0.2111-overflow-in-get_number.patch
|
Patch6004: backport-CVE-2023-48236.patch
|
||||||
Patch6005: backport-patch-9.0.2112-overflow-in-shift_line.patch
|
Patch6005: backport-CVE-2023-48237.patch
|
||||||
Patch6006: backport-patch-9.0.2114-overflow-detection-not-accurate-when-adding.patch
|
Patch6006: backport-patch-9.0.2114-overflow-detection-not-accurate-when-adding.patch
|
||||||
Patch6007: backport-patch-9.0.2121-use-after-free-in-ex_substitute.patch
|
Patch6007: backport-CVE-2023-48706.patch
|
||||||
Patch6008: backport-patch-9.0.2123-Problem-with-initializing-the-length-of-range-lists.patch
|
Patch6008: backport-patch-9.0.2123-Problem-with-initializing-the-length-of-range-lists.patch
|
||||||
Patch6009: backport-vim-7.0-rclocation.patch
|
Patch6009: backport-vim-7.0-rclocation.patch
|
||||||
Patch6010: backport-CVE-2024-22667.patch
|
Patch6010: backport-CVE-2024-22667.patch
|
||||||
|
Patch6011: backport-CVE-2023-48232.patch
|
||||||
|
|
||||||
Patch9000: bugfix-rm-modify-info-version.patch
|
Patch9000: bugfix-rm-modify-info-version.patch
|
||||||
|
|
||||||
@ -448,6 +449,12 @@ LC_ALL=en_US.UTF-8 make -j1 test || echo "Warning: Please check tests."
|
|||||||
%{_mandir}/man1/evim.*
|
%{_mandir}/man1/evim.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jul 12 2024 wangjiang <wangjiang37@h-partners.com> - 2:9.0.2092-6
|
||||||
|
- Type:CVE
|
||||||
|
- ID:CVE-2023-48232
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:fix CVE-2023-48232
|
||||||
|
|
||||||
* Mon Jul 08 2024 wangjiang <wangjiang37@h-partners.com> - 2:9.0.2092-5
|
* Mon Jul 08 2024 wangjiang <wangjiang37@h-partners.com> - 2:9.0.2092-5
|
||||||
- Type:CVE
|
- Type:CVE
|
||||||
- ID:CVE-2024-22667
|
- ID:CVE-2024-22667
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user