Upstream-Status: Backport from 'https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c' CVE: CVE-2023-0049
Signed-off-by: Ashish Sharma <[email protected]> --- .../vim/files/CVE-2023-0049.patch | 62 +++++++++++++++++++ meta/recipes-support/vim/vim.inc | 1 + 2 files changed, 63 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2023-0049.patch diff --git a/meta/recipes-support/vim/files/CVE-2023-0049.patch b/meta/recipes-support/vim/files/CVE-2023-0049.patch new file mode 100644 index 00000000000..d8155f5fabb --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2023-0049.patch @@ -0,0 +1,62 @@ +From 7b17eb4b063a234376c1ec909ee293e42cff290c Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <[email protected]> +Date: Wed, 4 Jan 2023 14:31:49 +0000 +Subject: [PATCH] patch 9.0.1143: invalid memory access with bad 'statusline' + value + +Problem: Invalid memory access with bad 'statusline' value. +Solution: Avoid going over the NUL at the end. + +Upstream-Status: Backport from 'https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c' +CVE: CVE-2023-0049 +Signed-off-by: Ashish Sharma <[email protected]> +--- + src/buffer.c | 2 ++ + src/testdir/test_statusline.vim | 7 +++++++ + src/version.c | 2 ++ + 3 files changed, 11 insertions(+) + +diff --git a/src/buffer.c b/src/buffer.c +index 98568987894e..40168226160c 100644 +--- a/src/buffer.c ++++ b/src/buffer.c +@@ -4617,6 +4617,8 @@ build_stl_str_hl( + #endif + if (vim_strchr(STL_ALL, *s) == NULL) + { ++ if (*s == NUL) // can happen with "%0" ++ break; + s++; + continue; + } +diff --git a/src/testdir/test_statusline.vim b/src/testdir/test_statusline.vim +index a829597655bf..23613bfed37b 100644 +--- a/src/testdir/test_statusline.vim ++++ b/src/testdir/test_statusline.vim +@@ -440,6 +440,13 @@ func Test_statusline() + set splitbelow& + endfunc + ++func Test_statusline_trailing_percent_zero() ++ " this was causing illegal memory access ++ set laststatus=2 stl=%!%0 ++ call assert_fails('redraw', 'E15: Invalid expression: "%0"') ++ set laststatus& stl& ++endfunc ++ + func Test_statusline_visual() + func CallWordcount() + call wordcount() +diff --git a/src/version.c b/src/version.c +index df02bb87b87d..4ccbd537abe3 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -695,6 +695,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 1143, + /**/ + 1142, + /**/ diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index d86841efaa8..81c07bfefa8 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -18,6 +18,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://vim-add-knob-whether-elf.h-are-checked.patch \ file://0001-src-Makefile-improve-reproducibility.patch \ file://no-path-adjust.patch \ + file://CVE-2023-0049.patch \ " PV .= ".0947" -- 2.35.5
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#175718): https://lists.openembedded.org/g/openembedded-core/message/175718 Mute This Topic: https://lists.openembedded.org/mt/96180104/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
