From e326db2eac5277c90c34b831603116e6b06bac84 Mon Sep 17 00:00:00 2001
From: wangjiang <wangjiang37@h-partners.com>
Date: Mon, 6 Feb 2023 16:32:33 +0800
Subject: [PATCH] fix CVE-2023-0433

(cherry picked from commit 612c50b81f5c17561bdaa2b9a30ccaf195810d0b)
---
 backport-CVE-2023-0433.patch | 40 ++++++++++++++++++++++++++++++++++++
 vim.spec                     |  9 +++++++-
 2 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-0433.patch

diff --git a/backport-CVE-2023-0433.patch b/backport-CVE-2023-0433.patch
new file mode 100644
index 0000000..4f151df
--- /dev/null
+++ b/backport-CVE-2023-0433.patch
@@ -0,0 +1,40 @@
+From 11977f917506d950b7e0cae558bd9189260b253b Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Sat, 21 Jan 2023 13:09:19 +0000
+Subject: [PATCH] patch 9.0.1225: reading past the end of a line when
+ formatting text
+
+Problem:    Reading past the end of a line when formatting text.
+Solution:   Check for not going over the end of the line.
+---
+ src/textformat.c | 10 +++++++++-
+ 1 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/textformat.c b/src/textformat.c
+index 6a93890bd2c4..7ebbc8849a45 100644
+--- a/src/textformat.c
++++ b/src/textformat.c
+@@ -540,6 +540,9 @@ same_leader(
+     if (leader1_len == 0)
+ 	return (leader2_len == 0);
+ 
++    char_u  *lnum_line = NULL;
++    int	    line_len = 0;
++
+     // If first leader has 'f' flag, the lines can be joined only if the
+     // second line does not have a leader.
+     // If first leader has 'e' flag, the lines can never be joined.
+@@ -555,7 +558,12 @@ same_leader(
+ 		return FALSE;
+ 	    if (*p == COM_START)
+ 	    {
+-		if (*(ml_get(lnum) + leader1_len) == NUL)
++		if (lnum_line == NULL)
++		{
++		    lnum_line = ml_get(lnum);
++		    line_len = (int)STRLEN(lnum_line);
++		}
++		if (line_len <= leader1_len)
+ 		    return FALSE;
+ 		if (leader2_flags == NULL || leader2_len == 0)
+ 		    return FALSE;
diff --git a/vim.spec b/vim.spec
index 0588306..98ade9d 100644
--- a/vim.spec
+++ b/vim.spec
@@ -12,7 +12,7 @@
 Name:           vim
 Epoch:          2
 Version:        9.0
-Release:        8
+Release:        9
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@@ -86,6 +86,7 @@ Patch6056:      backport-CVE-2023-0051.patch
 Patch6057:      backport-CVE-2023-0054.patch
 Patch6058:      backport-CVE-2022-47024.patch
 Patch6059:      backport-CVE-2023-0288.patch
+Patch6060:      backport-CVE-2023-0433.patch
 
 Patch9000:      bugfix-rm-modify-info-version.patch
 
@@ -495,6 +496,12 @@ LC_ALL=en_US.UTF-8 make -j1 test
 %{_mandir}/man1/evim.*
 
 %changelog
+* Mon Feb 06 2023 wangjiang <wangjiang37@h-partners.com> - 2:9.0-9
+- Type:CVE
+- ID:CVE-2023-0433
+- SUG:NA
+- DESC:CVE-2023-0433
+
 * Sun Jan 29 2023 wangjiang <wangjiang37@h-partners.com> - 2:9.0-8
 - Type:CVE
 - ID:CVE-2022-47024 CVE-2023-0288
-- 
Gitee