patches/source/vim/CVE-2022-2816.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

From dbdd16b62560413abcc3c8e893cc3010ccf31666 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sun, 14 Aug 2022 21:46:07 +0100
Subject: [PATCH] patch 9.0.0212: invalid memory access when compiling :unlet

Problem:    Invalid memory access when compiling :unlet.
Solution:   Don't read past the end of the line.
---

diff --git a/src/vim9cmds.c b/src/vim9cmds.c
index 35a382138bf3..93032d6bf154 100644
--- a/src/vim9cmds.c
+++ b/src/vim9cmds.c
@@ -92,6 +92,12 @@ free_locals(cctx_T *cctx)
     int
 check_vim9_unlet(char_u *name)
 {
+    if (*name == NUL)
+    {
+	semsg(_(e_argument_required_for_str), "unlet");
+	return FAIL;
+    }
+
     if (name[1] != ':' || vim_strchr((char_u *)"gwtb", *name) == NULL)
     {
 	// "unlet s:var" is allowed in legacy script.