aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-10-02 05:04:20 -04:00
Code Activity

patch 8.0.0322: possible overflow with corrupted spell file

Browse Source 
Problem:    Possible overflow with spell file where the tree length is
            corrupted.
Solution:   Check for an invalid length (suggested by shqking)
This commit is contained in:
Bram Moolenaar
2017-02-09 21:07:12 +01:00
parent 8cc2a9c062
commit 399c297aa9
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/spellfile.c
View File

@@ -1595,6 +1595,9 @@ spell_read_tree(
len = get4c(fd); len = get4c(fd);
if (len < 0) if (len < 0)
return SP_TRUNCERROR; return SP_TRUNCERROR;
if (len >= 0x3ffffff)
/* Invalid length, multiply with sizeof(int) would overflow. */
return SP_FORMERROR;
if (len > 0) if (len > 0)
{ {
/* Allocate the byte array. */ /* Allocate the byte array. */

2
src/version.c
View File

@@ -764,6 +764,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
322,
/**/ /**/
321, 321,
/**/ /**/