fix CVE-2022-3037

2022-09-05 15:33:17 +08:00 · 2022-09-05 15:33:17 +08:00 · d7d02fd86d
commit d7d02fd86d
parent c96efdc0e7
2 changed files with 64 additions and 1 deletions
--- a/backport-CVE-2022-3037.patch
+++ b/backport-CVE-2022-3037.patch
@ -0,0 +1,56 @@
+From 4f1b083be43f351bc107541e7b0c9655a5d2c0bb Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Mon, 29 Aug 2022 20:45:16 +0100
+Subject: [PATCH] patch 9.0.0322: crash when no errors and 'quickfixtextfunc'
+ is set
+
+Problem:    Crash when no errors and 'quickfixtextfunc' is set.
+Solution:   Do not handle errors if there aren't any.
+---
+ src/quickfix.c                |  2 +-
+ src/testdir/test_quickfix.vim | 16 ++++++++++++++++
+ 2 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/src/quickfix.c b/src/quickfix.c
+index f6851ef..edf262c 100644
+--- a/src/quickfix.c
+++ b/src/quickfix.c
+@@ -4743,7 +4743,7 @@ qf_fill_buffer(qf_list_T *qfl, buf_T *buf, qfline_T *old_last, int qf_winid)
+     }
+ 
+     // Check if there is anything to display
+-    if (qfl != NULL)
+    if (qfl != NULL && qfl->qf_start != NULL)
+     {
+ 	char_u		dirname[MAXPATHL];
+ 	int		invalid_val = FALSE;
+diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
+index cf803ca..27bed51 100644
+--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
+@@ -4090,6 +4090,22 @@ func Xgetlist_empty_tests(cchar)
+   endif
+ endfunc
+ 
+func Test_empty_list_quickfixtextfunc()
+  " This was crashing.  Can only reproduce by running it in a separate Vim
+  " instance.
+  let lines =<< trim END
+      func s:Func(o)
+              cgetexpr '0'
+      endfunc
+      cope
+      let &quickfixtextfunc = 's:Func'
+      cgetfile [ex
+  END
+  call writefile(lines, 'Xquickfixtextfunc')
+  call RunVim([], [], '-e -s -S Xquickfixtextfunc -c qa')
+  call delete('Xquickfixtextfunc')
+endfunc
+
+ func Test_getqflist()
+   call Xgetlist_empty_tests('c')
+   call Xgetlist_empty_tests('l')
+-- 
+2.33.0
+
--- a/vim.spec
+++ b/vim.spec
@ -12,7 +12,7 @@
 Name:           vim
 Epoch:          2
 Version:        9.0
-Release:        10
+Release:        11
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@ -59,6 +59,7 @@ Patch6028:      backport-CVE-2022-2946.patch
 Patch6029:      backport-CVE-2022-2980.patch
 Patch6030:      backport-CVE-2022-2982.patch
 Patch6031:      backport-CVE-2022-3016.patch
+Patch6032:      backport-CVE-2022-3037.patch

 Patch9000:      bugfix-rm-modify-info-version.patch

@ -457,6 +458,12 @@ LC_ALL=en_US.UTF-8 make -j1 test
 %{_mandir}/man1/evim.*

 %changelog
+* Wed Aug 31 2022 yinyongkang <yinyongkang@kylinos.cn> - 2:9.0-11
+- Type:CVE
+- ID:CVE-2022-3037
+- SUG:NA
+- DESC:fix CVE-2022-3037
+
 * Mon Aug 29 2022 shixuantong <shixuantong@h-partners.com> - 2:9.0-10
 - Type:CVE
 - ID:CVE-2022-3016