Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2025-01-16 15:41:42 +01:00
Code Issues Projects Releases Packages Wiki Activity
slackware-current/patches/source/vim/CVE-2022-2819.patch
Patrick J Volkerding 821b8a94bf Wed Aug 17 20:41:53 UTC 2022 
patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz:  Rebuilt.
  Fix use after free, out-of-bounds read, and heap based buffer overflow.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
  (* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz:  Rebuilt.
2022-08-18 13:30:02 +02:00

40 lines
1.1 KiB
Diff
Raw Blame History

From d1d8f6bacb489036d0fd479c9dd3c0102c988889 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sun, 14 Aug 2022 21:28:32 +0100
Subject: [PATCH] patch 9.0.0211: invalid memory access when compiling :lockvar
Problem: Invalid memory access when compiling :lockvar.
Solution: Don't read past the end of the line.
---
diff --git a/src/vim9cmds.c b/src/vim9cmds.c
index ad32c32ff7cb..35a382138bf3 100644
--- a/src/vim9cmds.c
+++ b/src/vim9cmds.c
@@ -188,10 +188,17 @@ compile_lock_unlock(
size_t len;
char_u *buf;
isntype_T isn = ISN_EXEC;
+ char *cmd = eap->cmdidx == CMD_lockvar ? "lockvar" : "unlockvar";
if (cctx->ctx_skip == SKIP_YES)
return OK;
+ if (*p == NUL)
+ {
+ semsg(_(e_argument_required_for_str), cmd);
+ return FAIL;
+ }
+
// Cannot use :lockvar and :unlockvar on local variables.
if (p[1] != ':')
{
@@ -223,8 +230,6 @@ compile_lock_unlock(
ret = FAIL;
else
{
- char *cmd = eap->cmdidx == CMD_lockvar ? "lockvar" : "unlockvar";
-
if (deep < 0)
vim_snprintf((char *)buf, len, "%s! %s", cmd, p);
else
Reference in a new issue View git blame Copy permalink