mirror of
https://git.yoctoproject.org/poky
synced 2026-03-17 20:59:42 +01:00
vim: fix CVE-2021-4069
Use After Free in vim/vim
Upstream-Status: Backport [e031fe90cf]
CVE: CVE-2021-4069
(From OE-Core rev: 9db3b4ac4018bcaedb995bc77a9e675c2bca468f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Minjae Kim
committed by
Richard Purdie
Richard Purdie
parent
bd07080415
commit
9564dc31cb
43
meta/recipes-support/vim/files/CVE-2021-4069.patch
Normal file
43
meta/recipes-support/vim/files/CVE-2021-4069.patch
Normal file
@@ -0,0 +1,43 @@
|
||||
From cd2422ee2dab3f33b2dbd1271e17cdaf8762b6d1 Mon Sep 17 00:00:00 2001
|
||||
From: Minjae Kim <flowergom@gmail.com>
|
||||
Date: Fri, 17 Dec 2021 20:32:02 -0800
|
||||
Subject: [PATCH] using freed memory in open command
|
||||
|
||||
Problem: Using freed memory in open command.
|
||||
Solution: Make a copy of the current line.
|
||||
|
||||
Upstream-Status: Backported [https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9]
|
||||
CVE: CVE-2021-4069
|
||||
Signed-off-by: Minjae Kim <flowergom@gmail.com>
|
||||
---
|
||||
src/ex_docmd.c | 10 +++++++---
|
||||
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/ex_docmd.c b/src/ex_docmd.c
|
||||
index 59e245bee..ccd9e8bed 100644
|
||||
--- a/src/ex_docmd.c
|
||||
+++ b/src/ex_docmd.c
|
||||
@@ -6029,13 +6029,17 @@ ex_open(exarg_T *eap)
|
||||
regmatch.regprog = vim_regcomp(eap->arg, p_magic ? RE_MAGIC : 0);
|
||||
if (regmatch.regprog != NULL)
|
||||
{
|
||||
+ // make a copy of the line, when searching for a mark it might be
|
||||
+ // flushed
|
||||
+ char_u *line = vim_strsave(ml_get_curline());
|
||||
+
|
||||
regmatch.rm_ic = p_ic;
|
||||
- p = ml_get_curline();
|
||||
- if (vim_regexec(®match, p, (colnr_T)0))
|
||||
- curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - p);
|
||||
+ if (vim_regexec(®match, line, (colnr_T)0))
|
||||
+ curwin->w_cursor.col = (colnr_T)(regmatch.startp[0] - line);
|
||||
else
|
||||
emsg(_(e_nomatch));
|
||||
vim_regfree(regmatch.regprog);
|
||||
+ vim_free(line);
|
||||
}
|
||||
// Move to the NUL, ignore any other arguments.
|
||||
eap->arg += STRLEN(eap->arg);
|
||||
--
|
||||
2.25.1
|
||||
|
||||
@@ -26,6 +26,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
|
||||
file://0001-patch-8.2.3581-reading-character-past-end-of-line.patch \
|
||||
file://0002-patch-8.2.3582-reading-uninitialized-memory-when-giv.patch \
|
||||
file://0002-patch-8.2.3611-crash-when-using-CTRL-W-f-without-fin.patch \
|
||||
file://CVE-2021-4069.patch \
|
||||
"
|
||||
|
||||
SRCREV = "98056533b96b6b5d8849641de93185dd7bcadc44"
|
||||
|
||||
Reference in New Issue
Block a user