From 1d29eb2e408d7b8b5a3be3348edbb6d23513ecc8 Mon Sep 17 00:00:00 2001
From: ut001695 <zhangkea@uniontech.com>
Date: Fri, 17 Nov 2023 14:01:12 +0800
Subject: [PATCH] fix:CVE-2023-48235

---
 backport-CVE-2023-48235.patch | 54 +++++++++++++++++++++++++++++++++++
 vim.spec                      |  9 +++++-
 2 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-48235.patch

diff --git a/backport-CVE-2023-48235.patch b/backport-CVE-2023-48235.patch
new file mode 100644
index 0000000..e5da54d
--- /dev/null
+++ b/backport-CVE-2023-48235.patch
@@ -0,0 +1,54 @@
+From 9a4e6805a43ef295f71a94971ccc79fa48eb3100 Mon Sep 17 00:00:00 2001
+From: root <root@localhost.localdomain>
+Date: Fri, 17 Nov 2023 13:52:58 +0800
+Subject: [PATCH] CVE-2023-48235
+
+---
+ src/ex_docmd.c             | 2 +-
+ src/testdir/test_excmd.vim | 5 ++++-
+ src/version.c              | 2 ++
+ 3 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/ex_docmd.c b/src/ex_docmd.c
+index e8e41ad..559dc1b 100644
+--- a/src/ex_docmd.c
++++ b/src/ex_docmd.c
+@@ -4603,7 +4603,7 @@ get_address(
+ 		    lnum -= n;
+ 		else
+ 		{
+-		    if (n >= LONG_MAX - lnum)
++		    if (lnum >= 0 && n >= LONG_MAX - lnum)
+ 		    {
+ 			emsg(_(e_line_number_out_of_range));
+ 			goto error;
+diff --git a/src/testdir/test_excmd.vim b/src/testdir/test_excmd.vim
+index f55e6a5..d6f3a37 100644
+--- a/src/testdir/test_excmd.vim
++++ b/src/testdir/test_excmd.vim
+@@ -725,5 +725,8 @@ func Test_using_zero_in_range()
+   bwipe!
+ endfunc
+ 
+-
++" catch address lines overflow
++func Test_ex_address_range_overflow()
++  call assert_fails(':--+foobar', 'E492:')
++endfunc
+ " vim: shiftwidth=2 sts=2 expandtab
+diff --git a/src/version.c b/src/version.c
+index 5e21279..6cf6862 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -735,6 +735,8 @@ static char *(features[]) =
+ 
+ static int included_patches[] =
+ {   /* Add new patch number below this line */
++/**/
++    2110,
+ /**/
+     0
+ };
+-- 
+2.27.0
+
diff --git a/vim.spec b/vim.spec
index 997f6a8..843525a 100644
--- a/vim.spec
+++ b/vim.spec
@@ -12,7 +12,7 @@
 Name:           vim
 Epoch:          2
 Version:        9.0
-Release:        40
+Release:        41
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@@ -115,6 +115,7 @@ Patch6084:      backport-CVE-2023-46246.patch
 Patch6085:      backport-patch-improve-the-error-detection.patch
 
 Patch9000:      bugfix-rm-modify-info-version.patch
+Patch9001:      backport-CVE-2023-48235.patch
 
 BuildRequires:  autoconf python3-devel ncurses-devel gettext perl-devel perl-generators gcc
 BuildRequires:  perl(ExtUtils::Embed) perl(ExtUtils::ParseXS) libacl-devel gpm-devel file
@@ -520,6 +521,12 @@ LC_ALL=en_US.UTF-8 make -j1 test
 %{_mandir}/man1/evim.*
 
 %changelog
+* Fri Nov 17 2023 zhangkea <zhangkea@uniontech.com> - 2:9.0-41
+- Type:CVE
+- ID:CVE-2023-48235
+- SUG:NA
+- DESC:fix CVE-2023-48235
+
 * Mon Nov 06 2023 wangjiang <wangjiang37@h-partners.com> - 2:9.0-40
 - Type:bugfix
 - ID:NA
-- 
Gitee