aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-09-24 03:44:06 -04:00
Code Activity

patch 8.0.0377: possible overflow when reading corrupted undo file

Browse Source 
Problem:    Possible overflow when reading corrupted undo file.
Solution:   Check if allocated size is not too big. (King)
This commit is contained in:
Bram Moolenaar
2017-02-26 18:11:36 +01:00
parent 6d3c8586fc
commit 3eb1637b1b
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/undo.c
View File

@@ -1787,7 +1787,7 @@ u_read_undo(char_u *name, char_u *hash, char_u *orig_name)
linenr_T line_lnum; linenr_T line_lnum;
colnr_T line_colnr; colnr_T line_colnr;
linenr_T line_count; linenr_T line_count;
int num_head = 0; long num_head = 0;
long old_header_seq, new_header_seq, cur_header_seq; long old_header_seq, new_header_seq, cur_header_seq;
long seq_last, seq_cur; long seq_last, seq_cur;
long last_save_nr = 0; long last_save_nr = 0;
@@ -1974,7 +1974,8 @@ u_read_undo(char_u *name, char_u *hash, char_u *orig_name)
* When there are no headers uhp_table is NULL. */ * When there are no headers uhp_table is NULL. */
if (num_head > 0) if (num_head > 0)
{ {
uhp_table = (u_header_T **)U_ALLOC_LINE( if (num_head < LONG_MAX / (long)sizeof(u_header_T *))
uhp_table = (u_header_T **)U_ALLOC_LINE(
num_head * sizeof(u_header_T *)); num_head * sizeof(u_header_T *));
if (uhp_table == NULL) if (uhp_table == NULL)
goto error; goto error;

2
src/version.c
View File

@@ -764,6 +764,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
377,
/**/ /**/
376, 376,
/**/ /**/