diff --git a/backport-CVE-2021-3984.patch b/backport-CVE-2021-3984.patch new file mode 100644 index 0000000000000000000000000000000000000000..cf8fd05237085a77f8a077f8d826bf5da7e90a3a --- /dev/null +++ b/backport-CVE-2021-3984.patch @@ -0,0 +1,64 @@ +From 2de9b7c7c8791da8853a9a7ca9c467867465b655 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar +Date: Fri, 19 Nov 2021 19:41:13 +0000 +Subject: [PATCH] patch 8.2.3625: illegal memory access when C-indenting + +Problem: Illegal memory access when C-indenting. +Solution: Also set the cursor column. +--- + src/cindent.c | 10 +++++----- + src/testdir/test_cindent.vim | 12 ++++++++++++ + 2 files changed, 17 insertions(+), 5 deletions(-) + +diff --git a/src/cindent.c b/src/cindent.c +index c7caed6..28d1558 100644 +--- a/src/cindent.c ++++ b/src/cindent.c +@@ -1635,10 +1635,10 @@ get_baseclass_amount(int col) + static pos_T * + find_start_brace(void) // XXX + { +- pos_T cursor_save; +- pos_T *trypos; +- pos_T *pos; +- static pos_T pos_copy; ++ pos_T cursor_save; ++ pos_T *trypos; ++ pos_T *pos; ++ static pos_T pos_copy; + + cursor_save = curwin->w_cursor; + while ((trypos = findmatchlimit(NULL, '{', FM_BLOCKSTOP, 0)) != NULL) +@@ -1652,7 +1652,7 @@ find_start_brace(void) // XXX + && (pos = ind_find_start_CORS(NULL)) == NULL) // XXX + break; + if (pos != NULL) +- curwin->w_cursor.lnum = pos->lnum; ++ curwin->w_cursor = *pos; + } + curwin->w_cursor = cursor_save; + return trypos; +diff --git a/src/testdir/test_cindent.vim b/src/testdir/test_cindent.vim +index 2cb3f24..2a87460 100644 +--- a/src/testdir/test_cindent.vim ++++ b/src/testdir/test_cindent.vim +@@ -5251,4 +5251,16 @@ func Test_cindent_56() + enew! | close + endfunc + ++func Test_find_brace_backwards() ++ " this was looking beyond the end of the line ++ new ++ norm R/* ++ norm o0{ ++ norm o// ++ norm V{= ++ call assert_equal(['/*', ' 0{', '//'], getline(1, 3)) ++ bwipe! ++endfunc ++ ++ + " vim: shiftwidth=2 sts=2 expandtab +-- +1.8.3.1 + diff --git a/vim.spec b/vim.spec index ab1fbe382b84ab05f576423a78c8487fd90ee2e9..963bd979ef15b6395fc2fd781a99112411b02d5c 100644 --- a/vim.spec +++ b/vim.spec @@ -12,7 +12,7 @@ Name: vim Epoch: 2 Version: 8.2 -Release: 15 +Release: 16 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim and MIT URL: http://www.vim.org @@ -49,6 +49,7 @@ Patch6011: backport-CVE-2021-3973.patch Patch6012: backport-CVE-2021-3974.patch Patch6013: backport-find-test-fails.patch Patch6014: backport-no-early-check-if-find-and-sfind-have-an-argument.patch +Patch6015: backport-CVE-2021-3984.patch Patch9000: bugfix-rm-modify-info-version.patch @@ -437,6 +438,12 @@ popd %{_mandir}/man1/evim.* %changelog +* Sat Dec 04 2021 shixuantong - 2:8.2-16 +- Type:CVE +- ID:CVE-2021-3984 +- SUG:NA +- DESC:fix CVE-2021-3984 + * Wed Dec 01 2021 ExtinctFire - 2:8.2-15 - Type:CVE - ID:CVE-2021-3973 CVE-2021-3974