From 8efa1d12130ca870fc70b0fce762a9e80657940e Mon Sep 17 00:00:00 2001
From: Alfrodull <bxbwj318@gmail.com>
Date: Sat, 6 Jan 2024 16:35:21 +0800
Subject: [PATCH 1/2] =?UTF-8?q?CVE-2023-2609=20=E5=AE=89=E5=85=A8=E6=9B=B4?=
 =?UTF-8?q?=E6=96=B0=EF=BC=9A=E4=BF=AE=E5=A4=8D=E4=BA=86Vim=209.0.1531?=
 =?UTF-8?q?=E4=B9=8B=E5=89=8D=E7=89=88=E6=9C=AC=E5=AD=98=E5=9C=A8=E7=9A=84?=
 =?UTF-8?q?=E7=94=B1=E4=BA=8E=E5=AD=98=E5=9C=A8=E7=A9=BA=E6=8C=87=E9=92=88?=
 =?UTF-8?q?=E5=8F=96=E6=B6=88=E5=BC=95=E7=94=A8=E8=80=8C=E5=BC=95=E5=8F=91?=
 =?UTF-8?q?=E7=9A=84=E6=BC=8F=E6=B4=9E.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/register.c                 |  2 +-
 src/testdir/test_registers.vim | 17 +++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/src/register.c b/src/register.c
index 267f9b3..876bdfb 100644
--- a/src/register.c
+++ b/src/register.c
@@ -304,7 +304,7 @@ get_register(
 	if (copy)
 	{
 	    // If we run out of memory some or all of the lines are empty.
-	    if (reg->y_size == 0)
+	    if (reg->y_size == 0 || y_current->y_array == NULL)
 		reg->y_array = NULL;
 	    else
 		reg->y_array = ALLOC_MULT(char_u *, reg->y_size);
diff --git a/src/testdir/test_registers.vim b/src/testdir/test_registers.vim
index d9cf7ed..5ca03e8 100644
--- a/src/testdir/test_registers.vim
+++ b/src/testdir/test_registers.vim
@@ -167,3 +167,20 @@ func Test_recording_esc_sequence()
     set t_F2=
   endif
 endfunc
+
+" This was causing a crash because y_append was ending up being NULL
+func Test_zero_y_append()
+  " Run in a separate Vim instance because changing 'encoding' may cause
+  " trouble for later tests.
+  let lines =<< trim END
+      d
+      silent ?n
+      next <sfile>
+      so
+      sil! norm 0VPSP
+      set enc=latin1
+       
+  END
+  call writefile(lines, 'XTest_zero_y_append', 'D')
+  call RunVim([], [], '-u NONE -i NONE -e -s -S XTest_zero_y_append -c qa\!')
+endfunc
-- 
Gitee


From 2cc136aadc653b7ae644e491e57902a9caa4f086 Mon Sep 17 00:00:00 2001
From: Alfrodull <bxbwj318@gmail.com>
Date: Sat, 6 Jan 2024 16:52:10 +0800
Subject: [PATCH 2/2] =?UTF-8?q?CVE-2023-2609=20=E5=AE=89=E5=85=A8=E6=9B=B4?=
 =?UTF-8?q?=E6=96=B0=EF=BC=9A=E4=BF=AE=E5=A4=8D=E4=BA=86Vim=209.0.1531?=
 =?UTF-8?q?=E4=B9=8B=E5=89=8D=E7=89=88=E6=9C=AC=E5=AD=98=E5=9C=A8=E7=9A=84?=
 =?UTF-8?q?=E7=94=B1=E4=BA=8E=E5=AD=98=E5=9C=A8=E7=A9=BA=E6=8C=87=E9=92=88?=
 =?UTF-8?q?=E5=8F=96=E6=B6=88=E5=BC=95=E7=94=A8=E8=80=8C=E5=BC=95=E5=8F=91?=
 =?UTF-8?q?=E7=9A=84=E6=BC=8F=E6=B4=9E.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/testdir/test_registers.vim | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/testdir/test_registers.vim b/src/testdir/test_registers.vim
index 5ca03e8..9eb33e4 100644
--- a/src/testdir/test_registers.vim
+++ b/src/testdir/test_registers.vim
@@ -177,7 +177,7 @@ func Test_zero_y_append()
       silent ?n
       next <sfile>
       so
-      sil! norm 0VPSP
+      sil! norm 0VPSP
       set enc=latin1
        
   END
-- 
Gitee

