From 74a3a60b0f2a8923f54ba353b008c6cb8d906c85 Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Sat, 24 Aug 2024 08:27:56 +0800
Subject: [PATCH] fix CVE-2024-43790

---
 backport-CVE-2024-43790.patch | 31 +++++++++++++++++++++++++++++++
 vim.spec                      |  9 ++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-43790.patch

diff --git a/backport-CVE-2024-43790.patch b/backport-CVE-2024-43790.patch
new file mode 100644
index 0000000..bd98c1d
--- /dev/null
+++ b/backport-CVE-2024-43790.patch
@@ -0,0 +1,31 @@
+From cacb6693c10bb19f28a50eca47bc4bc33eccbae3 Mon Sep 17 00:00:00 2001
+From: Christian Brabandt <cb@256bit.org>
+Date: Thu, 22 Aug 2024 21:40:14 +0200
+Subject: [PATCH] patch 9.1.0689: [security]: buffer-overflow in do_search()
+ with 'rightleft'
+
+Problem:  buffer-overflow in do_search() with 'rightleft'
+          (SuyueGuo)
+Solution: after reversing the text (which allocates a new buffer),
+          re-calculate the text length
+
+Github Advisory:
+https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm
+
+Signed-off-by: Christian Brabandt <cb@256bit.org>
+---
+ src/search.c                            |   1 +
+ 1 files changed, 1 insertions(+)
+
+diff --git a/src/search.c b/src/search.c
+index 01c143f69bec7..e5936d8294129 100644
+--- a/src/search.c
++++ b/src/search.c
+@@ -1548,6 +1548,7 @@ do_search(
+ 			{
+ 			    vim_free(msgbuf);
+ 			    msgbuf = r;
++			    msgbuflen = STRLEN(msgbuf);
+ 			    // move reversed text to beginning of buffer
+ 			    while (*r != NUL && *r == ' ')
+ 				r++;
diff --git a/vim.spec b/vim.spec
index 815976a..30b8dbe 100644
--- a/vim.spec
+++ b/vim.spec
@@ -12,7 +12,7 @@
 Name:           vim
 Epoch:          2
 Version:        9.0
-Release:        26
+Release:        27
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@@ -125,6 +125,7 @@ Patch6095:      backport-CVE-2024-41965.patch
 Patch6096:      backport-patch-9.1.0554-bw-leaves-jumplist-and-tagstack-data-.patch
 Patch6097:      backport-CVE-2024-41957.patch
 Patch6098:      backport-CVE-2024-43374.patch
+Patch6099:      backport-CVE-2024-43790.patch
 
 Patch9000:      bugfix-rm-modify-info-version.patch
 Patch9001:      vim-Add-sw64-architecture.patch
@@ -535,6 +536,12 @@ LANG=en_US.UTF-8 make -j1 test
 %{_mandir}/man1/evim.*
 
 %changelog
+* Sat Aug 24 2024 Funda Wang <fundawang@yeah.net> - 2:9.0-27
+- Type:CVE
+- ID:CVE-2024-43790
+- SUG:NA
+- DESC:fix CVE-2024-43790
+
 * Wed Aug 21 2024 wangjiang <wangjiang37@h-partners.com> - 2:9.0-26
 - Type:enhacement
 - ID:NA
-- 
Gitee