From 0c719448e209e2c2234fa84724e889833f08c32f Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Sat, 24 Aug 2024 08:14:16 +0800
Subject: [PATCH] fix CVE-2024-43790

---
 backport-CVE-2024-43790.patch | 31 +++++++++++++++++++++++++++++++
 vim.spec                      |  9 ++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-43790.patch

diff --git a/backport-CVE-2024-43790.patch b/backport-CVE-2024-43790.patch
new file mode 100644
index 0000000..bd98c1d
--- /dev/null
+++ b/backport-CVE-2024-43790.patch
@@ -0,0 +1,31 @@
+From cacb6693c10bb19f28a50eca47bc4bc33eccbae3 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Thu, 22 Aug 2024 21:40:14 +0200
+Subject: [PATCH] patch 9.1.0689: [security]: buffer-overflow in do_search()
+ with 'rightleft'
+
+Problem:  buffer-overflow in do_search() with 'rightleft'
+          (SuyueGuo)
+Solution: after reversing the text (which allocates a new buffer),
+          re-calculate the text length
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ src/search.c                            |   1 +
+ 1 files changed, 1 insertions(+)
+
+diff --git a/src/search.c b/src/search.c
+index 01c143f69bec7..e5936d8294129 100644
+--- a/src/search.c
++++ b/src/search.c
+@@ -1548,6 +1548,7 @@ do_search(
+ 			{
+ 			    vim_free(msgbuf);
+ 			    msgbuf = r;
++			    msgbuflen = STRLEN(msgbuf);
+ 			    // move reversed text to beginning of buffer
+ 			    while (*r != NUL && *r == ' ')
+ 				r++;
diff --git a/vim.spec b/vim.spec
index e6c6980..f7ee6a5 100644
--- a/vim.spec
+++ b/vim.spec
@@ -14,7 +14,7 @@
 Name:           vim
 Epoch:          2
 Version:        %{baseversion}.%{patchlevel}
-Release:        10
+Release:        11
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@@ -49,6 +49,7 @@ Patch6014:      backport-CVE-2024-41965.patch
 Patch6015:      backport-patch-9.1.0554-bw-leaves-jumplist-and-tagstack-data-.patch
 Patch6016:      backport-CVE-2024-41957.patch
 Patch6017:      backport-CVE-2024-43374.patch
+Patch6018:      backport-CVE-2024-43790.patch
 
 Patch9000:      bugfix-rm-modify-info-version.patch
 
@@ -456,6 +457,12 @@ LC_ALL=en_US.UTF-8 make -j1 test || echo "Warning: Please check tests."
 %{_mandir}/man1/evim.*
 
 %changelog
+* Sat Aug 24 2024 Funda Wang <fundawang@yeah.net> - 2:9.0.2092-11
+- Type:CVE
+- ID:CVE-2024-43790
+- SUG:NA
+- DESC:fix CVE-2024-43790
+
 * Wed Aug 21 2024 Funda Wang <fundawang@yeah.net> - 2:9.0.2092-10
 - Type:enhacement
 - ID:NA
-- 
Gitee