Mercurial > vim

comparison src/spellfile.c @ 10974:7d735b86f764 v8.0.0376

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.0.0376: size computations in spell file reading are off commit https://github.com/vim/vim/commit/6d3c8586fc81b022e9f06c611b9926108fb878c7 Author: Bram Moolenaar <Bram@vim.org> Date: Sun Feb 26 15:27:23 2017 +0100 patch 8.0.0376: size computations in spell file reading are off Problem: Size computations in spell file reading are not exactly right. Solution: Make "len" a "long" and check with LONG_MAX.
author Christian Brabandt <cb@256bit.org>
date Sun, 26 Feb 2017 15:30:03 +0100
parents 1a18c0f93ffa
children 506f5d8b7d8b
comparison
equal deleted inserted replaced
10973:00caec82ffc8 10974:7d735b86f764
1583 char_u **bytsp, 1583 char_u **bytsp,
1584 idx_T **idxsp, 1584 idx_T **idxsp,
1585 int prefixtree, /* TRUE for the prefix tree */ 1585 int prefixtree, /* TRUE for the prefix tree */
1586 int prefixcnt) /* when "prefixtree" is TRUE: prefix count */ 1586 int prefixcnt) /* when "prefixtree" is TRUE: prefix count */
1587 { 1587 {
1588 int len; 1588 long len;
1589 int idx; 1589 int idx;
1590 char_u *bp; 1590 char_u *bp;
1591 idx_T *ip; 1591 idx_T *ip;
1592 1592
1593 /* The tree size was computed when writing the file, so that we can 1593 /* The tree size was computed when writing the file, so that we can
1594 * allocate it as one long block. <nodecount> */ 1594 * allocate it as one long block. <nodecount> */
1595 len = get4c(fd); 1595 len = get4c(fd);
1596 if (len < 0) 1596 if (len < 0)
1597 return SP_TRUNCERROR; 1597 return SP_TRUNCERROR;
1598 if (len >= 0x3ffffff) 1598 if (len >= LONG_MAX / (long)sizeof(int))
1599 /* Invalid length, multiply with sizeof(int) would overflow. */ 1599 /* Invalid length, multiply with sizeof(int) would overflow. */
1600 return SP_FORMERROR; 1600 return SP_FORMERROR;
1601 if (len > 0) 1601 if (len > 0)
1602 { 1602 {
1603 /* Allocate the byte array. */ 1603 /* Allocate the byte array. */