Projects
openEuler:Mainline
vim
_service:tar_scm:backport-CVE-2023-0054.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-CVE-2023-0054.patch of Package vim
From 3ac1d97a1d9353490493d30088256360435f7731 Mon Sep 17 00:00:00 2001 From: Bram Moolenaar <Bram@vim.org> Date: Wed, 4 Jan 2023 17:17:54 +0000 Subject: [PATCH] patch 9.0.1145: invalid memory access with recursive substitute expression Problem: Invalid memory access with recursive substitute expression. Solution: Check the return value of vim_regsub(). --- src/eval.c | 5 +++++ src/testdir/test_substitute.vim | 16 ++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/src/eval.c b/src/eval.c index 2fbd867ab..9ca805061 100644 --- a/src/eval.c +++ b/src/eval.c @@ -6969,6 +6969,11 @@ do_string_sub( * - The text after the match. */ sublen = vim_regsub(®match, sub, expr, tail, 0, REGSUB_MAGIC); + if (sublen <= 0) + { + ga_clear(&ga); + break; + } if (ga_grow(&ga, (int)((end - tail) + sublen - (regmatch.endp[0] - regmatch.startp[0]))) == FAIL) { diff --git a/src/testdir/test_substitute.vim b/src/testdir/test_substitute.vim index 251322337..4268aab03 100644 --- a/src/testdir/test_substitute.vim +++ b/src/testdir/test_substitute.vim @@ -1095,6 +1095,22 @@ func Test_sub_expr_goto_other_file() bwipe! endfunc +func Test_recursive_expr_substitute() + " this was reading invalid memory + let lines =<< trim END + func Repl(g, n) + s + r%:s000 + endfunc + next 0 + let caught = 0 + s/\%')/\=Repl(0, 0) + qall! + END + call writefile(lines, 'XexprSubst', 'D') + call RunVim([], [], '--clean -S XexprSubst') +endfunc + " Test for the 2-letter and 3-letter :substitute commands func Test_substitute_short_cmd() new -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2