new file mode 100644
@@ -0,0 +1,93 @@
+From 6258e29cbdc55c9496baa23462ef77d79a4e08cf Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Sun, 17 Apr 2022 15:06:35 +0100
+Subject: [PATCH] patch 8.2.4774: crash when using a number for lambda name
+
+Problem: Crash when using a number for lambda name.
+Solution: Check the type of the lambda reference.
+
+Upstream-Status: Backport [https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca]
+CVE-2022-1420
+
+Signed-off-by: Rahul Chauhan <rahulchauhankitps@gmail.com>
+---
+ src/errors.h | 4 ++++
+ src/eval.c | 16 ++++++++++------
+ src/testdir/test_lambda.vim | 4 ++++
+ src/version.c | 2 ++
+ 4 files changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/src/errors.h b/src/errors.h
+index 951acabb2..96bba755b 100644
+--- a/src/errors.h
++++ b/src/errors.h
+@@ -3256,3 +3256,7 @@ EXTERN char e_compiling_closure_without_context_str[]
+ EXTERN char e_using_type_not_in_script_context_str[]
+ INIT(= N_("E1272: Using type not in a script context: %s"));
+ #endif
++#ifdef FEAT_EVAL
++EXTERN char e_string_or_function_required_for_arrow_parens_expr[]
++ INIT(= N_("E1275: String or function required for ->(expr)"));
++#endif
+diff --git a/src/eval.c b/src/eval.c
+index 2cde64216..5d208a378 100644
+--- a/src/eval.c
++++ b/src/eval.c
+@@ -4094,19 +4094,23 @@ eval_lambda(
+ ++*arg;
+ ret = eval1(arg, rettv, evalarg);
+ *arg = skipwhite_and_linebreak(*arg, evalarg);
+- if (**arg == ')')
++ if (**arg != ')')
+ {
+- ++*arg;
++ emsg(_(e_missing_closing_paren));
++ return FAIL;
+ }
+- else
++ if (rettv->v_type != VAR_STRING && rettv->v_type != VAR_FUNC
++ && rettv->v_type != VAR_PARTIAL)
+ {
+- emsg(_(e_missing_closing_paren));
+- ret = FAIL;
++ emsg(_(e_string_or_function_required_for_arrow_parens_expr));
++ return FAIL;
+ }
++ ++*arg;
+ }
+ if (ret != OK)
+ return FAIL;
+- else if (**arg != '(')
++
++ if (**arg != '(')
+ {
+ if (verbose)
+ {
+diff --git a/src/testdir/test_lambda.vim b/src/testdir/test_lambda.vim
+index e6dcb6774..8d06e5973 100644
+--- a/src/testdir/test_lambda.vim
++++ b/src/testdir/test_lambda.vim
+@@ -66,6 +66,10 @@ function Test_lambda_fails()
+ echo assert_fails('echo 10->{a -> a + 2}', 'E107:')
+
+ call assert_fails('eval 0->(', "E110: Missing ')'")
++ call assert_fails('eval 0->(3)()', "E1275:")
++ call assert_fails('eval 0->([3])()', "E1275:")
++ call assert_fails('eval 0->({"a": 3})()', "E1275:")
++ call assert_fails('eval 0->(xxx)()', "E121:")
+ endfunc
+
+ func Test_not_lamda()
+diff --git a/src/version.c b/src/version.c
+index 38c3e69b6..c7516e3a5 100644
+--- a/src/version.c
++++ b/src/version.c
+@@ -750,6 +750,8 @@ static char *(features[]) =
+
+ static int included_patches[] =
+ { /* Add new patch number below this line */
++/**/
++ 4774,
+ /**/
+ 4763,
+ /**/
@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://no-path-adjust.patch \
file://racefix.patch \
file://CVE-2022-1381.patch \
+ file://CVE-2022-1420.patch \
"
PV .= ".4681"
CVE: CVE-2022-1420 Signed-off-by: Rahul Chauhan <rahulchauhankitps@gmail.com> --- .../vim/files/CVE-2022-1420.patch | 93 +++++++++++++++++++ meta/recipes-support/vim/vim.inc | 1 + 2 files changed, 94 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2022-1420.patch