# HG changeset patch # User Christian Brabandt # Date 1497215703 -7200 # Node ID 7140ff4857eb8a124f6879ca2cc65a90b29189fe # Parent 50d0acf50b180d56370574c507ffe830d3dc09d5 patch 8.0.0636: when reading the undo file fails may use uninitialized data commit https://github.com/vim/vim/commit/56f2db562ddc6c69026d55360f0cfaacd8adc26a Author: Bram Moolenaar Date: Sun Jun 11 23:09:15 2017 +0200 patch 8.0.0636: when reading the undo file fails may use uninitialized data Problem: When reading the undo file fails may use uninitialized data. Solution: Always clear the buffer on failure. diff --git a/src/undo.c b/src/undo.c --- a/src/undo.c +++ b/src/undo.c @@ -1063,6 +1063,8 @@ undo_read_time(bufinfo_T *bi) static int undo_read(bufinfo_T *bi, char_u *buffer, size_t size) { + int retval = OK; + #ifdef FEAT_CRYPT if (bi->bi_buffer != NULL) { @@ -1078,10 +1080,8 @@ undo_read(bufinfo_T *bi, char_u *buffer, n = fread(bi->bi_buffer, 1, (size_t)CRYPT_BUF_SIZE, bi->bi_fp); if (n == 0) { - /* Error may be checked for only later. Fill with zeros, - * so that the reader won't use garbage. */ - vim_memset(p, 0, size_todo); - return FAIL; + retval = FAIL; + break; } bi->bi_avail = n; bi->bi_used = 0; @@ -1095,12 +1095,17 @@ undo_read(bufinfo_T *bi, char_u *buffer, size_todo -= (int)n; p += n; } - return OK; } + else #endif if (fread(buffer, (size_t)size, 1, bi->bi_fp) != 1) - return FAIL; - return OK; + retval = FAIL; + + if (retval == FAIL) + /* Error may be checked for only later. Fill with zeros, + * so that the reader won't use garbage. */ + vim_memset(buffer, 0, size); + return retval; } /* diff --git a/src/version.c b/src/version.c --- a/src/version.c +++ b/src/version.c @@ -765,6 +765,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 636, +/**/ 635, /**/ 634,