CVE: CVE-2022-1420 Signed-off-by: Rahul Chauhan <rahulchauhanki...@gmail.com> --- .../vim/files/CVE-2022-1420.patch | 93 +++++++++++++++++++ meta/recipes-support/vim/vim.inc | 1 + 2 files changed, 94 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2022-1420.patch
diff --git a/meta/recipes-support/vim/files/CVE-2022-1420.patch b/meta/recipes-support/vim/files/CVE-2022-1420.patch new file mode 100644 index 0000000000..2c2e09a9d2 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2022-1420.patch @@ -0,0 +1,93 @@ +From 6258e29cbdc55c9496baa23462ef77d79a4e08cf Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <b...@vim.org> +Date: Sun, 17 Apr 2022 15:06:35 +0100 +Subject: [PATCH] patch 8.2.4774: crash when using a number for lambda name + +Problem: Crash when using a number for lambda name. +Solution: Check the type of the lambda reference. + +Upstream-Status: Backport [https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca] +CVE-2022-1420 + +Signed-off-by: Rahul Chauhan <rahulchauhanki...@gmail.com> +--- + src/errors.h | 4 ++++ + src/eval.c | 16 ++++++++++------ + src/testdir/test_lambda.vim | 4 ++++ + src/version.c | 2 ++ + 4 files changed, 20 insertions(+), 6 deletions(-) + +diff --git a/src/errors.h b/src/errors.h +index 951acabb2..96bba755b 100644 +--- a/src/errors.h ++++ b/src/errors.h +@@ -3256,3 +3256,7 @@ EXTERN char e_compiling_closure_without_context_str[] + EXTERN char e_using_type_not_in_script_context_str[] + INIT(= N_("E1272: Using type not in a script context: %s")); + #endif ++#ifdef FEAT_EVAL ++EXTERN char e_string_or_function_required_for_arrow_parens_expr[] ++ INIT(= N_("E1275: String or function required for ->(expr)")); ++#endif +diff --git a/src/eval.c b/src/eval.c +index 2cde64216..5d208a378 100644 +--- a/src/eval.c ++++ b/src/eval.c +@@ -4094,19 +4094,23 @@ eval_lambda( + ++*arg; + ret = eval1(arg, rettv, evalarg); + *arg = skipwhite_and_linebreak(*arg, evalarg); +- if (**arg == ')') ++ if (**arg != ')') + { +- ++*arg; ++ emsg(_(e_missing_closing_paren)); ++ return FAIL; + } +- else ++ if (rettv->v_type != VAR_STRING && rettv->v_type != VAR_FUNC ++ && rettv->v_type != VAR_PARTIAL) + { +- emsg(_(e_missing_closing_paren)); +- ret = FAIL; ++ emsg(_(e_string_or_function_required_for_arrow_parens_expr)); ++ return FAIL; + } ++ ++*arg; + } + if (ret != OK) + return FAIL; +- else if (**arg != '(') ++ ++ if (**arg != '(') + { + if (verbose) + { +diff --git a/src/testdir/test_lambda.vim b/src/testdir/test_lambda.vim +index e6dcb6774..8d06e5973 100644 +--- a/src/testdir/test_lambda.vim ++++ b/src/testdir/test_lambda.vim +@@ -66,6 +66,10 @@ function Test_lambda_fails() + echo assert_fails('echo 10->{a -> a + 2}', 'E107:') + + call assert_fails('eval 0->(', "E110: Missing ')'") ++ call assert_fails('eval 0->(3)()', "E1275:") ++ call assert_fails('eval 0->([3])()', "E1275:") ++ call assert_fails('eval 0->({"a": 3})()', "E1275:") ++ call assert_fails('eval 0->(xxx)()', "E121:") + endfunc + + func Test_not_lamda() +diff --git a/src/version.c b/src/version.c +index 38c3e69b6..c7516e3a5 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -750,6 +750,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 4774, + /**/ + 4763, + /**/ diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index c78e53007e..05891b07df 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ file://racefix.patch \ file://CVE-2022-1381.patch \ + file://CVE-2022-1420.patch \ " PV .= ".4681" -- 2.17.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#165166): https://lists.openembedded.org/g/openembedded-core/message/165166 Mute This Topic: https://lists.openembedded.org/mt/90834054/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
