Mercurial > vim
comparison src/undo.c @ 11506:7140ff4857eb v8.0.0636
patch 8.0.0636: when reading the undo file fails may use uninitialized data
commit https://github.com/vim/vim/commit/56f2db562ddc6c69026d55360f0cfaacd8adc26a
Author: Bram Moolenaar <Bram@vim.org>
Date: Sun Jun 11 23:09:15 2017 +0200
patch 8.0.0636: when reading the undo file fails may use uninitialized data
Problem: When reading the undo file fails may use uninitialized data.
Solution: Always clear the buffer on failure.
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Sun, 11 Jun 2017 23:15:03 +0200 |
parents | 501f46f7644c |
children | f080b225a2a4 |
comparison
equal
deleted
inserted
replaced
11505:50d0acf50b18 | 11506:7140ff4857eb |
---|---|
1061 * Return OK or FAIL. | 1061 * Return OK or FAIL. |
1062 */ | 1062 */ |
1063 static int | 1063 static int |
1064 undo_read(bufinfo_T *bi, char_u *buffer, size_t size) | 1064 undo_read(bufinfo_T *bi, char_u *buffer, size_t size) |
1065 { | 1065 { |
1066 int retval = OK; | |
1067 | |
1066 #ifdef FEAT_CRYPT | 1068 #ifdef FEAT_CRYPT |
1067 if (bi->bi_buffer != NULL) | 1069 if (bi->bi_buffer != NULL) |
1068 { | 1070 { |
1069 int size_todo = (int)size; | 1071 int size_todo = (int)size; |
1070 char_u *p = buffer; | 1072 char_u *p = buffer; |
1076 if (bi->bi_used >= bi->bi_avail) | 1078 if (bi->bi_used >= bi->bi_avail) |
1077 { | 1079 { |
1078 n = fread(bi->bi_buffer, 1, (size_t)CRYPT_BUF_SIZE, bi->bi_fp); | 1080 n = fread(bi->bi_buffer, 1, (size_t)CRYPT_BUF_SIZE, bi->bi_fp); |
1079 if (n == 0) | 1081 if (n == 0) |
1080 { | 1082 { |
1081 /* Error may be checked for only later. Fill with zeros, | 1083 retval = FAIL; |
1082 * so that the reader won't use garbage. */ | 1084 break; |
1083 vim_memset(p, 0, size_todo); | |
1084 return FAIL; | |
1085 } | 1085 } |
1086 bi->bi_avail = n; | 1086 bi->bi_avail = n; |
1087 bi->bi_used = 0; | 1087 bi->bi_used = 0; |
1088 crypt_decode_inplace(bi->bi_state, bi->bi_buffer, bi->bi_avail); | 1088 crypt_decode_inplace(bi->bi_state, bi->bi_buffer, bi->bi_avail); |
1089 } | 1089 } |
1093 mch_memmove(p, bi->bi_buffer + bi->bi_used, n); | 1093 mch_memmove(p, bi->bi_buffer + bi->bi_used, n); |
1094 bi->bi_used += n; | 1094 bi->bi_used += n; |
1095 size_todo -= (int)n; | 1095 size_todo -= (int)n; |
1096 p += n; | 1096 p += n; |
1097 } | 1097 } |
1098 return OK; | 1098 } |
1099 } | 1099 else |
1100 #endif | 1100 #endif |
1101 if (fread(buffer, (size_t)size, 1, bi->bi_fp) != 1) | 1101 if (fread(buffer, (size_t)size, 1, bi->bi_fp) != 1) |
1102 return FAIL; | 1102 retval = FAIL; |
1103 return OK; | 1103 |
1104 if (retval == FAIL) | |
1105 /* Error may be checked for only later. Fill with zeros, | |
1106 * so that the reader won't use garbage. */ | |
1107 vim_memset(buffer, 0, size); | |
1108 return retval; | |
1104 } | 1109 } |
1105 | 1110 |
1106 /* | 1111 /* |
1107 * Read a string of length "len" from "bi->bi_fd". | 1112 * Read a string of length "len" from "bi->bi_fd". |
1108 * "len" can be zero to allocate an empty line. | 1113 * "len" can be zero to allocate an empty line. |