]>
Commit | Line | Data |
---|---|---|
851a5d69 | 1 | From 6d351cec5b97cb72b226d03bd727e453a235ed8d Mon Sep 17 00:00:00 2001 |
d7fac573 MK |
2 | From: Minjae Kim <flowergom@gmail.com> |
3 | Date: Sun, 26 Sep 2021 23:48:00 +0000 | |
4 | Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8 | |
5 | character | |
6 | ||
7 | Problem: Reading beyond end of line with invalid utf-8 character. | |
8 | Solution: Check for NUL when advancing. | |
9 | ||
10 | Upstream-Status: Accepted [https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f] | |
11 | CVE: CVE-2021-3778 | |
12 | Signed-off-by: Minjae Kim <flowergom@gmail.com> | |
851a5d69 | 13 | |
d7fac573 MK |
14 | --- |
15 | src/regexp_nfa.c | 3 ++- | |
16 | src/testdir/test_regexp_utf8.vim | 7 +++++++ | |
851a5d69 RB |
17 | src/version.c | 2 ++ |
18 | 3 files changed, 11 insertions(+), 1 deletion(-) | |
d7fac573 | 19 | |
851a5d69 RB |
20 | diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c |
21 | index fb512f961..ace83a1a3 100644 | |
22 | --- a/src/regexp_nfa.c | |
23 | +++ b/src/regexp_nfa.c | |
24 | @@ -5455,7 +5455,8 @@ find_match_text(colnr_T startcol, int regstart, char_u *match_text) | |
d7fac573 MK |
25 | match = FALSE; |
26 | break; | |
27 | } | |
28 | - len2 += MB_CHAR2LEN(c2); | |
29 | + len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2) | |
30 | + : MB_CHAR2LEN(c2); | |
31 | } | |
32 | if (match | |
33 | // check that no composing char follows | |
851a5d69 RB |
34 | diff --git a/src/testdir/test_regexp_utf8.vim b/src/testdir/test_regexp_utf8.vim |
35 | index 19ff882be..e0665818b 100644 | |
36 | --- a/src/testdir/test_regexp_utf8.vim | |
37 | +++ b/src/testdir/test_regexp_utf8.vim | |
d7fac573 MK |
38 | @@ -215,3 +215,10 @@ func Test_optmatch_toolong() |
39 | set re=0 | |
40 | endfunc | |
41 | ||
42 | +func Test_match_invalid_byte() | |
43 | + call writefile(0z630a.765d30aa0a.2e0a.790a.4030, 'Xinvalid') | |
44 | + new | |
45 | + source Xinvalid | |
46 | + bwipe! | |
47 | + call delete('Xinvalid') | |
48 | +endfunc | |
851a5d69 RB |
49 | diff --git a/src/version.c b/src/version.c |
50 | index 8912f6215..85bdfc601 100644 | |
51 | --- a/src/version.c | |
52 | +++ b/src/version.c | |
53 | @@ -742,6 +742,8 @@ static char *(features[]) = | |
54 | ||
55 | static int included_patches[] = | |
56 | { /* Add new patch number below this line */ | |
57 | +/**/ | |
58 | + 3409, | |
59 | /**/ | |
60 | 3402, | |
61 | /**/ |