Patched CVE-2023-5441 for vim (microsoft#6411)

SPECS/vim/CVE-2023-5441.patch

@@ -0,0 +1,85 @@
+From ece857e7dfa769703cfb5c024ffee8eada47b784 Mon Sep 17 00:00:00 2001
+From: Mykhailo Bykhovtsev <[email protected]>
+Date: Thu, 12 Oct 2023 11:06:53 -0700
+Subject: [PATCH] patched CVE-2023-5441
+
+---
+ src/gui.c                         | 4 ++++
+ src/testdir/crash/crash_scrollbar | 2 ++
+ src/testdir/test_crash.vim        | 7 +++++++
+ src/version.c                     | 2 ++
+ 4 files changed, 15 insertions(+)
+ create mode 100644 src/testdir/crash/crash_scrollbar
+
+diff --git a/src/gui.c b/src/gui.c
+index 1f546b2..6b7758c 100644
+--- a/src/gui.c
++++ b/src/gui.c
+@@ -4397,6 +4397,7 @@ gui_do_scrollbar(
+  * Scroll a window according to the values set in the globals
+  * "current_scrollbar" and "scrollbar_value".
+  * Return TRUE if the cursor in the current window moved or FALSE otherwise.
++ * may eventually cause a redraw using updateWindow
+  */
+     int
+ gui_do_scroll(void)
+@@ -4416,6 +4417,9 @@ gui_do_scroll(void)
+     if (wp == NULL)
+ 	// Couldn't find window
+ 	return FALSE;
++	// don't redraw, LineOffset and similar are not valid!
++	if (exmode_active)
++		return FALSE;
+
+     /*
+      * Compute number of lines to scroll.  If zero, nothing to do.
+diff --git a/src/testdir/crash/crash_scrollbar b/src/testdir/crash/crash_scrollbar
+new file mode 100644
+index 0000000..2ed6a11
+--- /dev/null
++++ b/src/testdir/crash/crash_scrollbar
+@@ -0,0 +1,2 @@
++" this goes to insert mode and presses key k_VerScrollbar which may cause a redraw in exmode, which used ot crash Vim
++norm o��X
+\ No newline at end of file
+diff --git a/src/testdir/test_crash.vim b/src/testdir/test_crash.vim
+index 5c83e3a..9a80340 100644
+--- a/src/testdir/test_crash.vim
++++ b/src/testdir/test_crash.vim
+@@ -72,6 +72,12 @@ func Test_crash1()
+     \ '  || echo "crash 8: [OK]" >> X_crash1_result.txt' .. "\<cr>")
+   call TermWait(buf, 3000)
+
++  let file = 'crash/crash_scrollbar'
++  let args = printf(cmn_args, vim, file)
++  call term_sendkeys(buf, args ..
++    \ '  && echo "crash 9: [OK]" >> X_crash1_result.txt' .. "\<cr>")
++  call TermWait(buf, 1000)
++
+   " clean up
+   exe buf .. "bw!"
+
+@@ -86,6 +92,7 @@ func Test_crash1()
+       \ 'crash 6: [OK]',
+       \ 'crash 7: [OK]',
+       \ 'crash 8: [OK]',
++      \ 'crash 9: [OK]',
+       \ ]
+
+   call assert_equal(expected, getline(1, '$'))
+diff --git a/src/version.c b/src/version.c
+index aaa50da..a609937 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -699,6 +699,8 @@ static char *(features[]) =
+
+ static int included_patches[] =
+ {   /* Add new patch number below this line */
++/**/
++    1992,
+ /**/
+     1897,
+ /**/
+-- 
+2.38.0.windows.1
+

SPECS/vim/vim.spec

@@ -2,14 +2,15 @@
 Summary:        Text editor
 Name:           vim
 Version:        9.0.1897
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        Vim
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Applications/Editors
 URL:            https://www.vim.org
 Source0:        https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Patch0:         CVE-2023-5344.patch
+Patch1:         CVE-2023-5441.patch
 BuildRequires:  ncurses-devel
 BuildRequires:  python3-devel
 Requires(post): sed
@@ -198,6 +199,9 @@ fi
 %{_bindir}/vimdiff
 
 %changelog
+* Wed Oct 11 2023 Mykhailo Bykhovtsev <[email protected]> - 9.0.1897-3
+- Patch CVE-2023-5441
+
 * Mon Oct 09 2023 Mitch Zhu <[email protected]> - 9.0.1897-2
 - Patch CVE-2023-5344