master

分支 (21)

标签 (16)

管理

管理

master

openEuler-22.03-LTS-SP3

openEuler-20.03-LTS-SP4

openEuler-20.03-LTS-SP1

openEuler-22.03-LTS-Next

openEuler-22.03-LTS-SP1

openEuler-22.03-LTS

openEuler-22.03-LTS-SP2

openEuler-20.03-LTS-SP3

openEuler-23.09

openEuler-23.03

openEuler-22.09

sync-pr325-master-to-openEuler-22.09

openEuler-21.09

openEuler-20.03-LTS-SP2

openEuler-20.03-LTS

openEuler-20.03-LTS-Next

openEuler-21.03

openEuler-20.09

openEuler1.0-base

openEuler-23.09-rc5

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

vim
/
backport-CVE-2023-1264.patch

From 7ac5023a5f1a37baafbe1043645f97ba3443d9f6 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 7 Mar 2023 21:05:04 +0000
Subject: [PATCH] patch 9.0.1392: using NULL pointer with nested :open command

Problem:    Using NULL pointer with nested :open command.
Solution:   Check that ccline.cmdbuff is not NULL.
---
 src/getchar.c                | 17 ++++++++++-------
 src/testdir/term_util.vim    |  5 +++++
 src/testdir/test_ex_mode.vim | 22 ++++++++++++++++++++++
 3 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/src/getchar.c b/src/getchar.c
index 6645be8a0ebd..dac57eb26c61 100644
--- a/src/getchar.c
+++ b/src/getchar.c
@@ -3019,7 +3019,7 @@ check_end_reg_executing(int advance)
     static int
 vgetorpeek(int advance)
 {
-    int		c, c1;
+    int		c;
     int		timedout = FALSE;	// waited for more than 1 second
 					// for mapping to complete
     int		mapdepth = 0;		// check for recursive mapping
@@ -3386,7 +3386,7 @@ vgetorpeek(int advance)
 #ifdef FEAT_CMDL_INFO
 		showcmd_idx = 0;
 #endif
-		c1 = 0;
+		int showing_partial = FALSE;
 		if (typebuf.tb_len > 0 && advance && !exmode_active)
 		{
 		    if (((State & (MODE_NORMAL | MODE_INSERT))
@@ -3401,7 +3401,7 @@ vgetorpeek(int advance)
 			    edit_putchar(typebuf.tb_buf[typebuf.tb_off
 						+ typebuf.tb_len - 1], FALSE);
 			    setcursor(); // put cursor back where it belongs
-			    c1 = 1;
+			    showing_partial = TRUE;
 			}
 #ifdef FEAT_CMDL_INFO
 			// need to use the col and row from above here
@@ -3420,8 +3420,10 @@ vgetorpeek(int advance)
 #endif
 		    }

-		    // this looks nice when typing a dead character map
+		    // This looks nice when typing a dead character map.
+		    // There is no actual command line for get_number().
 		    if ((State & MODE_CMDLINE)
+                            && get_cmdline_info()->cmdbuff != NULL
 #if defined(FEAT_CRYPT) || defined(FEAT_EVAL)
 			    && cmdline_star == 0
 #endif
@@ -3430,7 +3432,7 @@ vgetorpeek(int advance)
 		    {
 			putcmdline(typebuf.tb_buf[typebuf.tb_off
 						+ typebuf.tb_len - 1], FALSE);
-			c1 = 1;
+			showing_partial = TRUE;
 		    }
 		}

@@ -3466,11 +3468,12 @@ vgetorpeek(int advance)
 		if (showcmd_idx != 0)
 		    pop_showcmd();
 #endif
-		if (c1 == 1)
+                if (showing_partial)
 		{
 		    if (State & MODE_INSERT)
 			edit_unputchar();
-		    if (State & MODE_CMDLINE)
+		    if ((State & MODE_CMDLINE)
+					&& get_cmdline_info()->cmdbuff != NULL)
 			unputcmdline();
 		    else
 			setcursor();	// put cursor back where it belongs
diff --git a/src/testdir/term_util.vim b/src/testdir/term_util.vim
index 0f0373184505..88e2b33d083b 100644
--- a/src/testdir/term_util.vim
+++ b/src/testdir/term_util.vim
@@ -55,6 +55,7 @@ endfunc
 " "cols" - width of the terminal window (max. 78)
 " "statusoff" - number of lines the status is offset from default
 " "wait_for_ruler" - if zero then don't wait for ruler to show
+" "no_clean" - if non-zero then remove "--clean" from the command
 func RunVimInTerminal(arguments, options)
   " If Vim doesn't exit a swap file remains, causing other tests to fail.
   " Remove it here.
@@ -91,6 +92,10 @@ func RunVimInTerminal(arguments, options)

   let cmd = GetVimCommandCleanTerm() .. reset_u7 .. a:arguments

+  if get(a:options, 'no_clean', 0)
+    let cmd = substitute(cmd, '--clean', '', '')
+  endif
+
   let options = #{curwin: 1}
   if &termwinsize == ''
     let options.term_rows = rows
diff --git a/src/testdir/test_ex_mode.vim b/src/testdir/test_ex_mode.vim
index a6602227638a..d03ec8f2d81d 100644
--- a/src/testdir/test_ex_mode.vim
+++ b/src/testdir/test_ex_mode.vim
@@ -134,6 +134,28 @@ func Test_open_command_flush_line()
   bwipe!
 endfunc

+" FIXME: this doesn't fail without the fix but hangs
+func Skip_Test_open_command_state()
+  " Tricky script that failed because State was not set properly
+  let lines =<< trim END
+      !ls
+      0scìi
+      so! Xsourced
+      set t_û0=0
+      v/-/o
+  END
+  call writefile(lines, 'XopenScript', '')
+
+  let sourced = ["!f\u0083\x02\<Esc>z=0"]
+  call writefile(sourced, 'Xsourced', 'b')
+
+  CheckRunVimInTerminal
+  let buf = RunVimInTerminal('-u NONE -i NONE -n -m -X -Z -e -s -S XopenScript -c qa!', #{rows: 6, wait_for_ruler: 0, no_clean: 1})
+  sleep 3
+
+  call StopVimInTerminal(buf)
+endfunc
+
 " Test for :g/pat/visual to run vi commands in Ex mode
 " This used to hang Vim before 8.2.0274.
 func Test_Ex_global()