Projects
Factory:RISC-V:Base
vim
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 9
View file
_service:tar_scm:vim.spec
Changed
@@ -12,7 +12,7 @@ Name: vim Epoch: 2 Version: 9.0 -Release: 27 +Release: 28 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim and MIT URL: http://www.vim.org @@ -88,6 +88,8 @@ Patch6058: backport-CVE-2022-47024.patch Patch6059: backport-CVE-2023-0288.patch Patch6060: backport-CVE-2023-0433.patch +Patch6061: backport-patch-9.0.0024-may-access-part-of-typeahead-buf-that-is-not-filled.patch +Patch6062: backport-patch-9.0.1331-illegal-memory-access-when-using-ball-in-Visual-mode.patch Patch9000: bugfix-rm-modify-info-version.patch @@ -495,6 +497,12 @@ %{_mandir}/man1/evim.* %changelog +* Wed Feb 22 2023 wangjiang <wangjiang37@h-partners.com> - 2:9.0-28 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:backport upstream patch to fix memory leak + * Mon Feb 06 2023 wangjiang <wangjiang37@h-partners.com> - 2:9.0-27 - Type:CVE - ID:CVE-2023-0433
View file
_service:tar_scm:backport-patch-9.0.0024-may-access-part-of-typeahead-buf-that-is-not-filled.patch
Added
@@ -0,0 +1,26 @@ +From af043e12d9e5869c597de40b9a2517ae97ac72e7 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Sat, 2 Jul 2022 12:08:16 +0100 +Subject: PATCH patch 9.0.0024: may access part of typeahead buf that isn't + filled + +Problem: May access part of typeahead buf that isn't filled. +Solution: Check length of typeahead. +--- + src/getchar.c | 3 ++- + files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/getchar.c b/src/getchar.c +index 210a67acad59..12fd1c9146b3 100644 +--- a/src/getchar.c ++++ b/src/getchar.c +@@ -2437,7 +2437,8 @@ handle_mapping( + int is_plug_map = FALSE; + + // If typehead starts with <Plug> then remap, even for a "noremap" mapping. +- if (typebuf.tb_buftypebuf.tb_off == K_SPECIAL ++ if (typebuf.tb_len >= 3 ++ && typebuf.tb_buftypebuf.tb_off == K_SPECIAL + && typebuf.tb_buftypebuf.tb_off + 1 == KS_EXTRA + && typebuf.tb_buftypebuf.tb_off + 2 == KE_PLUG) + is_plug_map = TRUE;
View file
_service:tar_scm:backport-patch-9.0.1331-illegal-memory-access-when-using-ball-in-Visual-mode.patch
Added
@@ -0,0 +1,57 @@ +From e1121b139480f53d1b06f84f3e4574048108fa0b Mon Sep 17 00:00:00 2001 +From: Pavel Mayorov <pmayorov@cloudlinux.com> +Date: Mon, 20 Feb 2023 14:35:20 +0000 +Subject: PATCH patch 9.0.1331: illegal memory access when using :ball in + Visual mode + +Problem: Illegal memory access when using :ball in Visual mode. +Solution: Stop Visual mode when using :ball. (Pavel Mayorov, closes #11923) +--- + src/buffer.c | 4 ++++ + src/testdir/test_visual.vim | 19 +++++++++++++++++++++ + 2 files changed, 23 insertions(+) + +diff --git a/src/buffer.c b/src/buffer.c +index cb7bdf445dee..ff35729fb929 100644 +--- a/src/buffer.c ++++ b/src/buffer.c +@@ -5319,6 +5319,10 @@ ex_buffer_all(exarg_T *eap) + else + all = TRUE; + ++ // Stop Visual mode, the cursor and "VIsual" may very well be invalid after ++ // switching to another buffer. ++ reset_VIsual_and_resel(); ++ + setpcmark(); + + #ifdef FEAT_GUI +diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim +index 295e16f93d9d..f152e7b79ba8 100644 +--- a/src/testdir/test_visual.vim ++++ b/src/testdir/test_visual.vim +@@ -1493,5 +1493,24 @@ func Test_visual_area_adjusted_when_hiding() + bwipe! + endfunc + ++" Check fix for the heap-based buffer overflow bug found in the function ++" utfc_ptr2len and reported at ++" https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e ++func Test_heap_buffer_overflow() ++ enew ++ set updatecount=0 ++ ++ norm R0 ++ split other ++ norm R000 ++ exe "norm \<C-V>l" ++ ball ++ call assert_equal(getpos("."), getpos("v")) ++ call assert_equal('n', mode()) ++ norm zW ++ ++ %bwipe! ++ set updatecount& ++endfunc + + " vim: shiftwidth=2 sts=2 expandtab
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2