From 821b8a94bf6a33da86d2e1f956c068d2b6270e40 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Wed, 17 Aug 2022 20:41:53 +0000
Subject: Wed Aug 17 20:41:53 UTC 2022

patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz:  Rebuilt.
  Fix use after free, out-of-bounds read, and heap based buffer overflow.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
  (* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz:  Rebuilt.
---
 patches/source/vim/CVE-2022-2819.patch | 40 ++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 patches/source/vim/CVE-2022-2819.patch

(limited to 'patches/source/vim/CVE-2022-2819.patch')

diff --git a/patches/source/vim/CVE-2022-2819.patch b/patches/source/vim/CVE-2022-2819.patch
new file mode 100644
index 000000000..59c25d8c3
--- /dev/null
+++ b/patches/source/vim/CVE-2022-2819.patch
@@ -0,0 +1,40 @@
+From d1d8f6bacb489036d0fd479c9dd3c0102c988889 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Sun, 14 Aug 2022 21:28:32 +0100
+Subject: [PATCH] patch 9.0.0211: invalid memory access when compiling :lockvar
+
+Problem:    Invalid memory access when compiling :lockvar.
+Solution:   Don't read past the end of the line.
+---
+
+diff --git a/src/vim9cmds.c b/src/vim9cmds.c
+index ad32c32ff7cb..35a382138bf3 100644
+--- a/src/vim9cmds.c
++++ b/src/vim9cmds.c
+@@ -188,10 +188,17 @@ compile_lock_unlock(
+     size_t	len;
+     char_u	*buf;
+     isntype_T	isn = ISN_EXEC;
++    char	*cmd = eap->cmdidx == CMD_lockvar ? "lockvar" : "unlockvar";
+ 
+     if (cctx->ctx_skip == SKIP_YES)
+ 	return OK;
+ 
++    if (*p == NUL)
++    {
++	semsg(_(e_argument_required_for_str), cmd);
++	return FAIL;
++    }
++
+     // Cannot use :lockvar and :unlockvar on local variables.
+     if (p[1] != ':')
+     {
+@@ -223,8 +230,6 @@ compile_lock_unlock(
+ 	ret = FAIL;
+     else
+     {
+-	char *cmd = eap->cmdidx == CMD_lockvar ? "lockvar" : "unlockvar";
+-
+ 	if (deep < 0)
+ 	    vim_snprintf((char *)buf, len, "%s! %s", cmd, p);
+ 	else
-- 
cgit v1.2.3-65-gdbad