mirror of
https://git.yoctoproject.org/poky
synced 2026-04-24 03:32:13 +02:00
e2480fc60c
Backport a patch to fix CVE-2021-3875. (From OE-Core rev: de2493aac4f8ea9d8e4e59efa1359567fa186319) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
38 lines
1.1 KiB
Diff
38 lines
1.1 KiB
Diff
From 40aa9802ef56d3cdbe256b4c9e58049953051a2d Mon Sep 17 00:00:00 2001
|
|
From: Bram Moolenaar <Bram@vim.org>
|
|
Date: Mon, 15 Nov 2021 14:34:50 +0800
|
|
Subject: [PATCH] patch 8.2.3489: ml_get error after search with range
|
|
|
|
Problem: ml_get error after search with range.
|
|
Solution: Limit the line number to the buffer line count.
|
|
|
|
CVE: CVE-2021-3875
|
|
|
|
Upstream-Status: Backport [https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f]
|
|
|
|
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
|
|
---
|
|
src/ex_docmd.c | 6 ++++--
|
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/ex_docmd.c b/src/ex_docmd.c
|
|
index fb07450f8..89d33ba90 100644
|
|
--- a/src/ex_docmd.c
|
|
+++ b/src/ex_docmd.c
|
|
@@ -3586,8 +3586,10 @@ get_address(
|
|
|
|
// When '/' or '?' follows another address, start from
|
|
// there.
|
|
- if (lnum != MAXLNUM)
|
|
- curwin->w_cursor.lnum = lnum;
|
|
+ if (lnum > 0 && lnum != MAXLNUM)
|
|
+ curwin->w_cursor.lnum =
|
|
+ lnum > curbuf->b_ml.ml_line_count
|
|
+ ? curbuf->b_ml.ml_line_count : lnum;
|
|
|
|
// Start a forward search at the end of the line (unless
|
|
// before the first line).
|
|
--
|
|
2.17.1
|
|
|