diff options
author | Mingli Yu <mingli.yu@windriver.com> | 2021-11-17 17:18:24 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-11-24 21:12:46 +0000 |
commit | e2480fc60c49c28c32476c8f91478bab68a11724 (patch) | |
tree | e43af0c65924900c883ffe50a7b6b5ed82167f91 | |
parent | 4c5d6076492cebd5d56403e2f74dd51d58555e53 (diff) | |
download | poky-e2480fc60c49c28c32476c8f91478bab68a11724.tar.gz |
vim: fix CVE-2021-3875
Backport a patch to fix CVE-2021-3875.
(From OE-Core rev: de2493aac4f8ea9d8e4e59efa1359567fa186319)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-support/vim/files/CVE-2021-3875.patch | 37 | ||||
-rw-r--r-- | meta/recipes-support/vim/vim.inc | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-support/vim/files/CVE-2021-3875.patch b/meta/recipes-support/vim/files/CVE-2021-3875.patch new file mode 100644 index 0000000000..d62d875f8e --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2021-3875.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From 40aa9802ef56d3cdbe256b4c9e58049953051a2d Mon Sep 17 00:00:00 2001 | ||
2 | From: Bram Moolenaar <Bram@vim.org> | ||
3 | Date: Mon, 15 Nov 2021 14:34:50 +0800 | ||
4 | Subject: [PATCH] patch 8.2.3489: ml_get error after search with range | ||
5 | |||
6 | Problem: ml_get error after search with range. | ||
7 | Solution: Limit the line number to the buffer line count. | ||
8 | |||
9 | CVE: CVE-2021-3875 | ||
10 | |||
11 | Upstream-Status: Backport [https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f] | ||
12 | |||
13 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> | ||
14 | --- | ||
15 | src/ex_docmd.c | 6 ++++-- | ||
16 | 1 file changed, 4 insertions(+), 2 deletions(-) | ||
17 | |||
18 | diff --git a/src/ex_docmd.c b/src/ex_docmd.c | ||
19 | index fb07450f8..89d33ba90 100644 | ||
20 | --- a/src/ex_docmd.c | ||
21 | +++ b/src/ex_docmd.c | ||
22 | @@ -3586,8 +3586,10 @@ get_address( | ||
23 | |||
24 | // When '/' or '?' follows another address, start from | ||
25 | // there. | ||
26 | - if (lnum != MAXLNUM) | ||
27 | - curwin->w_cursor.lnum = lnum; | ||
28 | + if (lnum > 0 && lnum != MAXLNUM) | ||
29 | + curwin->w_cursor.lnum = | ||
30 | + lnum > curbuf->b_ml.ml_line_count | ||
31 | + ? curbuf->b_ml.ml_line_count : lnum; | ||
32 | |||
33 | // Start a forward search at the end of the line (unless | ||
34 | // before the first line). | ||
35 | -- | ||
36 | 2.17.1 | ||
37 | |||
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 1841498b74..65b0b2e330 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc | |||
@@ -22,6 +22,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ | |||
22 | file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \ | 22 | file://b7081e135a16091c93f6f5f7525a5c58fb7ca9f9.patch \ |
23 | file://CVE-2021-3903.patch \ | 23 | file://CVE-2021-3903.patch \ |
24 | file://CVE-2021-3872.patch \ | 24 | file://CVE-2021-3872.patch \ |
25 | file://CVE-2021-3875.patch \ | ||
25 | " | 26 | " |
26 | 27 | ||
27 | SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" | 28 | SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44" |