From 8d6c7893cf22f628948ce2a9eceb9c1ba2ac1ebe Mon Sep 17 00:00:00 2001
From: yinyongkang <yinyongkang@kylinos.cn>
Date: Wed, 31 Aug 2022 16:24:36 +0800
Subject: [PATCH] fix CVE-2022-3037

---
 backport-CVE-2022-3037.patch | 56 ++++++++++++++++++++++++++++++++++++
 vim.spec                     |  9 +++++-
 2 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2022-3037.patch

diff --git a/backport-CVE-2022-3037.patch b/backport-CVE-2022-3037.patch
new file mode 100644
index 0000000..c3fac80
--- /dev/null
+++ b/backport-CVE-2022-3037.patch
@@ -0,0 +1,56 @@
+From aabb3d526e0684bb22f899bab4ffdf30c05cf840 Mon Sep 17 00:00:00 2001
+From: yinyongkang <yinyongkang@kylinos.cn>
+Date: Wed, 31 Aug 2022 16:20:25 +0800
+Subject: [PATCH] patch 9.0.0322: crash when no errors and 'quickfixtextfunc'
+ is set
+
+Problem:    Crash when no errors and 'quickfixtextfunc' is set.
+Solution:   Do not handle errors if there aren't any.
+---
+ src/quickfix.c                |  2 +-
+ src/testdir/test_quickfix.vim | 16 ++++++++++++++++
+ 2 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/src/quickfix.c b/src/quickfix.c
+index 3ae5934..da18d0e 100644
+--- a/src/quickfix.c
++++ b/src/quickfix.c
+@@ -4552,7 +4552,7 @@ qf_fill_buffer(qf_list_T *qfl, buf_T *buf, qfline_T *old_last)
+     }
+ 
+     // Check if there is anything to display
+-    if (qfl != NULL)
++    if (qfl != NULL && qfl->qf_start != NULL)
+     {
+ 	char_u		dirname[MAXPATHL];
+ 
+diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
+index cf0fdf9..876288a 100644
+--- a/src/testdir/test_quickfix.vim
++++ b/src/testdir/test_quickfix.vim
+@@ -3540,6 +3540,22 @@ func Xgetlist_empty_tests(cchar)
+   endif
+ endfunc
+ 
++func Test_empty_list_quickfixtextfunc()
++  " This was crashing.  Can only reproduce by running it in a separate Vim
++  " instance.
++  let lines =<< trim END
++      func s:Func(o)
++              cgetexpr '0'
++      endfunc
++      cope
++      let &quickfixtextfunc = 's:Func'
++      cgetfile [ex
++  END
++  call writefile(lines, 'Xquickfixtextfunc')
++  call RunVim([], [], '-e -s -S Xquickfixtextfunc -c qa')
++  call delete('Xquickfixtextfunc')
++endfunc
++
+ func Test_getqflist()
+   call Xgetlist_empty_tests('c')
+   call Xgetlist_empty_tests('l')
+-- 
+2.33.0
+
diff --git a/vim.spec b/vim.spec
index 04eecf3..ffb46f9 100644
--- a/vim.spec
+++ b/vim.spec
@@ -11,7 +11,7 @@
 Name:           vim
 Epoch:          2
 Version:        8.2
-Release:        54
+Release:        55
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@@ -157,6 +157,7 @@ Patch6123:      backport-CVE-2022-2946.patch
 Patch6124:      backport-CVE-2022-2980.patch
 Patch6125:      backport-patch-8.2.1677-memory-access-errors-when-calling-set.patch
 Patch6126:      backport-CVE-2022-3016.patch
+Patch6127:      backport-CVE-2022-3037.patch
 
 Patch9000:      bugfix-rm-modify-info-version.patch
 Patch9001:      remove-failed-tests-due-to-patch.patch
@@ -559,6 +560,12 @@ LC_ALL=en_US.UTF-8 make -j1 test
 %{_mandir}/man1/evim.*
 
 %changelog
+* Wed Aug 31 2022 yinyongkang <yinyongkang@kylinos.cn> - 2:8.2-55
+- Type:CVE
+- ID:CVE-2022-3037
+- SUG:NA
+- DESC:fix CVE-2022-3037
+
 * Mon Aug 29 2022 shixuantong <shixuantong@h-partners.com> - 2:8.2-54
 - Type:CVE
 - ID:CVE-2022-3016
-- 
Gitee