mirror of
git://slackware.nl/current.git
synced 2025-01-03 23:03:22 +01:00
821b8a94bf
patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt.
Fix use after free, out-of-bounds read, and heap based buffer overflow.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
(* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt.
26 lines
781 B
Diff
26 lines
781 B
Diff
From dbdd16b62560413abcc3c8e893cc3010ccf31666 Mon Sep 17 00:00:00 2001
|
|
From: Bram Moolenaar <Bram@vim.org>
|
|
Date: Sun, 14 Aug 2022 21:46:07 +0100
|
|
Subject: [PATCH] patch 9.0.0212: invalid memory access when compiling :unlet
|
|
|
|
Problem: Invalid memory access when compiling :unlet.
|
|
Solution: Don't read past the end of the line.
|
|
---
|
|
|
|
diff --git a/src/vim9cmds.c b/src/vim9cmds.c
|
|
index 35a382138bf3..93032d6bf154 100644
|
|
--- a/src/vim9cmds.c
|
|
+++ b/src/vim9cmds.c
|
|
@@ -92,6 +92,12 @@ free_locals(cctx_T *cctx)
|
|
int
|
|
check_vim9_unlet(char_u *name)
|
|
{
|
|
+ if (*name == NUL)
|
|
+ {
|
|
+ semsg(_(e_argument_required_for_str), "unlet");
|
|
+ return FAIL;
|
|
+ }
|
|
+
|
|
if (name[1] != ':' || vim_strchr((char_u *)"gwtb", *name) == NULL)
|
|
{
|
|
// "unlet s:var" is allowed in legacy script.
|