Mercurial > vim
comparison src/undo.c @ 11506:7140ff4857eb v8.0.0636
patch 8.0.0636: when reading the undo file fails may use uninitialized data
commit https://github.com/vim/vim/commit/56f2db562ddc6c69026d55360f0cfaacd8adc26a
Author: Bram Moolenaar <Bram@vim.org>
Date: Sun Jun 11 23:09:15 2017 +0200
patch 8.0.0636: when reading the undo file fails may use uninitialized data
Problem: When reading the undo file fails may use uninitialized data.
Solution: Always clear the buffer on failure.
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Sun, 11 Jun 2017 23:15:03 +0200 |
| parents | 501f46f7644c |
| children | f080b225a2a4 |
comparison
equal
deleted
inserted
replaced
| 11505:50d0acf50b18 | 11506:7140ff4857eb |
|---|---|
| 1061 * Return OK or FAIL. | 1061 * Return OK or FAIL. |
| 1062 */ | 1062 */ |
| 1063 static int | 1063 static int |
| 1064 undo_read(bufinfo_T *bi, char_u *buffer, size_t size) | 1064 undo_read(bufinfo_T *bi, char_u *buffer, size_t size) |
| 1065 { | 1065 { |
| 1066 int retval = OK; | |
| 1067 | |
| 1066 #ifdef FEAT_CRYPT | 1068 #ifdef FEAT_CRYPT |
| 1067 if (bi->bi_buffer != NULL) | 1069 if (bi->bi_buffer != NULL) |
| 1068 { | 1070 { |
| 1069 int size_todo = (int)size; | 1071 int size_todo = (int)size; |
| 1070 char_u *p = buffer; | 1072 char_u *p = buffer; |
| 1076 if (bi->bi_used >= bi->bi_avail) | 1078 if (bi->bi_used >= bi->bi_avail) |
| 1077 { | 1079 { |
| 1078 n = fread(bi->bi_buffer, 1, (size_t)CRYPT_BUF_SIZE, bi->bi_fp); | 1080 n = fread(bi->bi_buffer, 1, (size_t)CRYPT_BUF_SIZE, bi->bi_fp); |
| 1079 if (n == 0) | 1081 if (n == 0) |
| 1080 { | 1082 { |
| 1081 /* Error may be checked for only later. Fill with zeros, | 1083 retval = FAIL; |
| 1082 * so that the reader won't use garbage. */ | 1084 break; |
| 1083 vim_memset(p, 0, size_todo); | |
| 1084 return FAIL; | |
| 1085 } | 1085 } |
| 1086 bi->bi_avail = n; | 1086 bi->bi_avail = n; |
| 1087 bi->bi_used = 0; | 1087 bi->bi_used = 0; |
| 1088 crypt_decode_inplace(bi->bi_state, bi->bi_buffer, bi->bi_avail); | 1088 crypt_decode_inplace(bi->bi_state, bi->bi_buffer, bi->bi_avail); |
| 1089 } | 1089 } |
| 1093 mch_memmove(p, bi->bi_buffer + bi->bi_used, n); | 1093 mch_memmove(p, bi->bi_buffer + bi->bi_used, n); |
| 1094 bi->bi_used += n; | 1094 bi->bi_used += n; |
| 1095 size_todo -= (int)n; | 1095 size_todo -= (int)n; |
| 1096 p += n; | 1096 p += n; |
| 1097 } | 1097 } |
| 1098 return OK; | 1098 } |
| 1099 } | 1099 else |
| 1100 #endif | 1100 #endif |
| 1101 if (fread(buffer, (size_t)size, 1, bi->bi_fp) != 1) | 1101 if (fread(buffer, (size_t)size, 1, bi->bi_fp) != 1) |
| 1102 return FAIL; | 1102 retval = FAIL; |
| 1103 return OK; | 1103 |
| 1104 if (retval == FAIL) | |
| 1105 /* Error may be checked for only later. Fill with zeros, | |
| 1106 * so that the reader won't use garbage. */ | |
| 1107 vim_memset(buffer, 0, size); | |
| 1108 return retval; | |
| 1104 } | 1109 } |
| 1105 | 1110 |
| 1106 /* | 1111 /* |
| 1107 * Read a string of length "len" from "bi->bi_fd". | 1112 * Read a string of length "len" from "bi->bi_fd". |
| 1108 * "len" can be zero to allocate an empty line. | 1113 * "len" can be zero to allocate an empty line. |