| Patrick Williams | 93c203f | 2021-10-06 16:15:23 -0500 | [diff] [blame^] | 1 | From eb41373c8c88b0789e5cf04669d6116f9a199264 Mon Sep 17 00:00:00 2001 |
| 2 | From: Minjae Kim <flowergom@gmail.com> |
| 3 | Date: Sun, 26 Sep 2021 23:48:00 +0000 |
| 4 | Subject: [PATCH] patch 8.2.3409: reading beyond end of line with invalid utf-8 |
| 5 | character |
| 6 | |
| 7 | Problem: Reading beyond end of line with invalid utf-8 character. |
| 8 | Solution: Check for NUL when advancing. |
| 9 | |
| 10 | Upstream-Status: Accepted [https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f] |
| 11 | CVE: CVE-2021-3778 |
| 12 | Signed-off-by: Minjae Kim <flowergom@gmail.com> |
| 13 | --- |
| 14 | src/regexp_nfa.c | 3 ++- |
| 15 | src/testdir/test_regexp_utf8.vim | 7 +++++++ |
| 16 | 2 files changed, 9 insertions(+), 1 deletion(-) |
| 17 | |
| 18 | Index: git/src/regexp_nfa.c |
| 19 | =================================================================== |
| 20 | --- git.orig/src/regexp_nfa.c |
| 21 | +++ git/src/regexp_nfa.c |
| 22 | @@ -5455,7 +5455,8 @@ find_match_text(colnr_T startcol, int re |
| 23 | match = FALSE; |
| 24 | break; |
| 25 | } |
| 26 | - len2 += MB_CHAR2LEN(c2); |
| 27 | + len2 += enc_utf8 ? utf_ptr2len(rex.line + col + len2) |
| 28 | + : MB_CHAR2LEN(c2); |
| 29 | } |
| 30 | if (match |
| 31 | // check that no composing char follows |
| 32 | Index: git/src/testdir/test_regexp_utf8.vim |
| 33 | =================================================================== |
| 34 | --- git.orig/src/testdir/test_regexp_utf8.vim |
| 35 | +++ git/src/testdir/test_regexp_utf8.vim |
| 36 | @@ -215,3 +215,10 @@ func Test_optmatch_toolong() |
| 37 | set re=0 |
| 38 | endfunc |
| 39 | |
| 40 | +func Test_match_invalid_byte() |
| 41 | + call writefile(0z630a.765d30aa0a.2e0a.790a.4030, 'Xinvalid') |
| 42 | + new |
| 43 | + source Xinvalid |
| 44 | + bwipe! |
| 45 | + call delete('Xinvalid') |
| 46 | +endfunc |