Mercurial > vim
changeset 21236:32f85b7d6504 v8.2.1169
patch 8.2.1169: write NUL past allocated space using corrupted spell file
Commit: https://github.com/vim/vim/commit/97d2f34c8763ab3a46c9f43284cc17bad3cf9568
Author: Bram Moolenaar <Bram@vim.org>
Date: Fri Jul 10 20:03:03 2020 +0200
patch 8.2.1169: write NUL past allocated space using corrupted spell file
Problem: Write NUL past allocated space using corrupted spell file.
(Markus Vervier)
Solution: Init "c" every time.
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Fri, 10 Jul 2020 20:15:09 +0200 |
parents | 68b1451b39d5 |
children | d1413829fbc3 |
files | src/spellfile.c src/version.c |
diffstat | 2 files changed, 4 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/spellfile.c +++ b/src/spellfile.c @@ -993,7 +993,6 @@ read_sal_section(FILE *fd, slang_T *slan salitem_T *smp; int ccnt; char_u *p; - int c = NUL; slang->sl_sofo = FALSE; @@ -1017,6 +1016,8 @@ read_sal_section(FILE *fd, slang_T *slan // <sal> : <salfromlen> <salfrom> <saltolen> <salto> for (; gap->ga_len < cnt; ++gap->ga_len) { + int c = NUL; + smp = &((salitem_T *)gap->ga_data)[gap->ga_len]; ccnt = getc(fd); // <salfromlen> if (ccnt < 0)