packages/vim
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vim/backport-CVE-2022-2344.patch

49 lines
1.4 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From baefde14550231f6468ac2ed2ed495bc381c0c92 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Thu, 7 Jul 2022 19:59:49 +0100
Subject: [PATCH] patch 9.0.0046: reading past end of completion with duplicate
match
Problem: Reading past end of completion with duplicate match.
Solution: Check string length
---
src/insexpand.c | 3 ++-
src/testdir/test_ins_complete.vim | 10 ++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/insexpand.c b/src/insexpand.c
index bf98cee..50e0579 100644
--- a/src/insexpand.c
+++ b/src/insexpand.c
@@ -597,7 +597,8 @@ ins_compl_add(
{
if ( !(match->cp_flags & CP_ORIGINAL_TEXT)
&& STRNCMP(match->cp_str, str, len) == 0
- && match->cp_str[len] == NUL)
+ && ((int)STRLEN(match->cp_str) <= len
+ || match->cp_str[len] == NUL))
return NOTDONE;
match = match->cp_next;
} while (match != NULL && match != compl_first_match);
diff --git a/src/testdir/test_ins_complete.vim b/src/testdir/test_ins_complete.vim
index e48a72c..8f584d3 100644
--- a/src/testdir/test_ins_complete.vim
+++ b/src/testdir/test_ins_complete.vim
@@ -380,3 +380,13 @@ func Test_ins_completeslash()
set completeslash=
endfunc
+func Test_ins_complete_add()
+ " this was reading past the end of allocated memory
+ new
+ norm o
+ norm 7o€€
+ sil! norm o
+
+ bwipe!
+endfunc
+
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink