slackware-current/patches/source/vim/CVE-2022-2819.patch

From d1d8f6bacb489036d0fd479c9dd3c0102c988889 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sun, 14 Aug 2022 21:28:32 +0100
Subject: [PATCH] patch 9.0.0211: invalid memory access when compiling :lockvar

Problem:    Invalid memory access when compiling :lockvar.
Solution:   Don't read past the end of the line.
---

diff --git a/src/vim9cmds.c b/src/vim9cmds.c
index ad32c32ff7cb..35a382138bf3 100644
--- a/src/vim9cmds.c
+++ b/src/vim9cmds.c
@@ -188,10 +188,17 @@ compile_lock_unlock(
     size_t	len;
     char_u	*buf;
     isntype_T	isn = ISN_EXEC;
+    char	*cmd = eap->cmdidx == CMD_lockvar ? "lockvar" : "unlockvar";
 
     if (cctx->ctx_skip == SKIP_YES)
 	return OK;
 
+    if (*p == NUL)
+    {
+	semsg(_(e_argument_required_for_str), cmd);
+	return FAIL;
+    }
+
     // Cannot use :lockvar and :unlockvar on local variables.
     if (p[1] != ':')
     {
@@ -223,8 +230,6 @@ compile_lock_unlock(
 	ret = FAIL;
     else
     {
-	char *cmd = eap->cmdidx == CMD_lockvar ? "lockvar" : "unlockvar";
-
 	if (deep < 0)
 	    vim_snprintf((char *)buf, len, "%s! %s", cmd, p);
 	else
Wed Aug 17 20:41:53 UTC 2022 patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt. Fix use after free, out-of-bounds read, and heap based buffer overflow. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819 (* Security fix *) patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt. 2022-08-17 20:41:53 +00:00			`From d1d8f6bacb489036d0fd479c9dd3c0102c988889 Mon Sep 17 00:00:00 2001`
			`From: Bram Moolenaar <Bram@vim.org>`
			`Date: Sun, 14 Aug 2022 21:28:32 +0100`
			`Subject: [PATCH] patch 9.0.0211: invalid memory access when compiling :lockvar`

			`Problem: Invalid memory access when compiling :lockvar.`
			`Solution: Don't read past the end of the line.`
			`---`

			`diff --git a/src/vim9cmds.c b/src/vim9cmds.c`
			`index ad32c32ff7cb..35a382138bf3 100644`
			`--- a/src/vim9cmds.c`
			`+++ b/src/vim9cmds.c`
			`@@ -188,10 +188,17 @@ compile_lock_unlock(`
			`size_t len;`
			`char_u *buf;`
			`isntype_T isn = ISN_EXEC;`
			`+ char *cmd = eap->cmdidx == CMD_lockvar ? "lockvar" : "unlockvar";`

			`if (cctx->ctx_skip == SKIP_YES)`
			`return OK;`

			`+ if (*p == NUL)`
			`+ {`
			`+ semsg(_(e_argument_required_for_str), cmd);`
			`+ return FAIL;`
			`+ }`
			`+`
			`// Cannot use :lockvar and :unlockvar on local variables.`
			`if (p[1] != ':')`
			`{`
			`@@ -223,8 +230,6 @@ compile_lock_unlock(`
			`ret = FAIL;`
			`else`
			`{`
			`- char *cmd = eap->cmdidx == CMD_lockvar ? "lockvar" : "unlockvar";`
			`-`
			`if (deep < 0)`
			`vim_snprintf((char *)buf, len, "%s! %s", cmd, p);`
			`else`