File vim-8.0.1568-CVE-2022-0351.patch of Package vim.23083

--- vim-8.0.1568.orig/src/globals.h     2022-02-03 20:50:13.625648944 +0200
+++ vim-8.0.1568/src/globals.h  2022-02-08 10:26:34.620681172 +0200
@@ -1596,6 +1596,8 @@
 EXTERN char need_key_msg[] INIT(= N_("Need encryption key for \"%s\""));
 #endif

+EXTERN char e_expression_too_recursive_str[] INIT(= N_("E1169: Expression too recursive: %s"));
+
 /*
  * Comms. with the session manager (XSMP)
  */

--- vim-8.0.1568.orig/src/eval.c	2022-02-03 20:50:13.621648993 +0200
+++ vim-8.0.1568/src/eval.c	2022-02-08 10:38:58.369085071 +0200
@@ -3996,6 +3996,7 @@
     char_u	*start_leader, *end_leader;
     int		ret = OK;
     char_u	*alias;
+    static	int recurse = 0;
 
     /*
      * Initialise variable so that clear_tv() can't mistake this for a
@@ -4011,6 +4012,15 @@
 	*arg = skipwhite(*arg + 1);
     end_leader = *arg;
 
+    // Limit recursion to 1000 levels.  At least at 10000 we run out of stack
+    // and crash.
+    if (recurse == 1000)
+    {
+        EMSG(_(e_expression_too_recursive_str));
+        return FAIL;
+    }
+    ++recurse;
+
     switch (**arg)
     {
     /*
@@ -4285,6 +4295,7 @@
 	}
     }
 
+    --recurse;
     return ret;
 }
Places

File vim-8.0.1568-CVE-2022-0351.patch of Package vim.23083

Places
