packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!601 增加新的报错类型,修复:s命令溢出报错

Browse Source 
From: @yinyongkang 
Reviewed-by: @gaoruoshu 
Signed-off-by: @gaoruoshu
This commit is contained in:
openeuler-ci-bot 2024-05-10 06:45:26 +00:00 committed by Gitee
commit 9526948d07
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 120 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
bugfix-security-overflow-with-count-for-s-command.patch Normal file
View File

@ -0,0 +1,112 @@
From ac63787734fda2e294e477af52b3bd601517fa78 Mon Sep 17 00:00:00 2001
From: Christian Brabandt <cb@256bit.org>
Date: Tue, 14 Nov 2023 20:45:48 +0100
Subject: [PATCH] patch 9.0.2108: [security]: overflow with count for :s
command
Problem: [security]: overflow with count for :s command
Solution: Abort the :s command if the count is too large
If the count after the :s command is larger than what fits into a
(signed) long variable, abort with e_value_too_large.
Adds a test with INT_MAX as count and verify it correctly fails.
It seems the return value on Windows using mingw compiler wraps around,
so the initial test using :s/./b/9999999999999999999999999990 doesn't
fail there, since the count is wrapping around several times and finally
is no longer larger than 2147483647. So let's just use 2147483647 in the
test, which hopefully will always cause a failure
---
runtime/doc/change.txt | 8 ++++----
runtime/doc/cmdline.txt | 3 ++-
runtime/doc/tags | 1 +
src/ex_cmds.c | 7 +++++++
src/testdir/test_substitute.vim | 1 +
5 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/runtime/doc/change.txt b/runtime/doc/change.txt
index 65da9a7..dccaa44 100644
--- a/runtime/doc/change.txt
+++ b/runtime/doc/change.txt
@@ -1,4 +1,4 @@
-*change.txt* For Vim version 9.0. Last change: 2023 Sep 19
+*change.txt* For Vim version 9.0. Last change: 2023 Nov 15
VIM REFERENCE MANUAL by Bram Moolenaar
@@ -644,9 +644,9 @@ For other systems the tmpnam() library function is used.
current line only. When [count] is given, replace in
[count] lines, starting with the last line in [range].
When [range] is omitted start in the current line.
- *E939*
- [count] must be a positive number. Also see
- |cmdline-ranges|.
+ *E939* *E1510*
+ [count] must be a positive number (max 2147483647)
+ Also see |cmdline-ranges|.
See |:s_flags| for [flags].
The delimiter doesn't need to be /, see
diff --git a/runtime/doc/cmdline.txt b/runtime/doc/cmdline.txt
index c5d0096..cbcf0ad 100644
--- a/runtime/doc/cmdline.txt
+++ b/runtime/doc/cmdline.txt
@@ -1,4 +1,4 @@
-*cmdline.txt* For Vim version 9.0. Last change: 2023 May 20
+*cmdline.txt* For Vim version 9.0. Last change: 2023 Nov 15
VIM REFERENCE MANUAL by Bram Moolenaar
@@ -362,6 +362,7 @@ terminals)
A positive number represents the absolute index of an entry
as it is given in the first column of a :history listing.
This number remains fixed even if other entries are deleted.
+ (see |E1510|)
A negative number means the relative position of an entry,
counted from the newest entry (which has index -1) backwards.
diff --git a/runtime/doc/tags b/runtime/doc/tags
index f450288..b5b2a97 100644
--- a/runtime/doc/tags
+++ b/runtime/doc/tags
@@ -4514,6 +4514,7 @@ E1507 builtin.txt /*E1507*
E1508 editing.txt /*E1508*
E1509 editing.txt /*E1509*
E151 helphelp.txt /*E151*
+E1510 change.txt /*E1510*
E152 helphelp.txt /*E152*
E153 helphelp.txt /*E153*
E154 helphelp.txt /*E154*
diff --git a/src/ex_cmds.c b/src/ex_cmds.c
index 3544092..c5f912e 100644
--- a/src/ex_cmds.c
+++ b/src/ex_cmds.c
@@ -3993,6 +3993,13 @@ ex_substitute(exarg_T *eap)
emsg(_(e_positive_count_required));
return;
}
+ else if (i >= INT_MAX)
+ {
+ char buf[20];
+ vim_snprintf(buf, sizeof(buf), "%ld", i);
+ semsg(_(e_val_too_large), buf);
+ return;
+ }
eap->line1 = eap->line2;
eap->line2 += i - 1;
if (eap->line2 > curbuf->b_ml.ml_line_count)
diff --git a/src/testdir/test_substitute.vim b/src/testdir/test_substitute.vim
index b99d0e0..3ed1597 100644
--- a/src/testdir/test_substitute.vim
+++ b/src/testdir/test_substitute.vim
@@ -206,6 +206,7 @@ func Test_substitute_count()
call assert_equal(['foo foo', 'foo foo', 'foo foo', 'bar foo', 'bar foo'],
\ getline(1, '$'))
+ call assert_fails('s/./b/2147483647', 'E1510:')
bwipe!
endfunc
--

9
vim.spec
View File

@ -14,7 +14,7 @@
Name: vim Name: vim
Epoch: 2 Epoch: 2
Version: %{baseversion}.%{patchlevel} Version: %{baseversion}.%{patchlevel}
Release: 1 Release: 2
Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
License: Vim and MIT License: Vim and MIT
URL: http://www.vim.org URL: http://www.vim.org
@ -28,6 +28,7 @@ Patch0006: vim-7.4-fstabsyntax.patch
Patch0009: vim-7.4-globalsyntax.patch Patch0009: vim-7.4-globalsyntax.patch
Patch0011: vim-8.0-copy-paste.patch Patch0011: vim-8.0-copy-paste.patch
Patch0012: vim-python3-tests.patch Patch0012: vim-python3-tests.patch
Patch0013: bugfix-security-overflow-with-count-for-s-command.patch
Patch9000: bugfix-rm-modify-info-version.patch Patch9000: bugfix-rm-modify-info-version.patch
@ -435,6 +436,12 @@ LC_ALL=en_US.UTF-8 make -j1 test || echo "Warning: Please check tests."
%{_mandir}/man1/evim.* %{_mandir}/man1/evim.*
%changelog %changelog
* Wed May 08 2024 yinyongkang <yinyongkang@kylinos.cn> - 2:9.0.2092-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: overflow with count for :s command
* Sun Feb 04 2024 wangjiang <wangjiang37@h-partners.com> - 2:9.0.2092-1 * Sun Feb 04 2024 wangjiang <wangjiang37@h-partners.com> - 2:9.0.2092-1
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA