changeset 25589:50f8204eb8f7 v8.2.3331

patch 8.2.3331: Coverity warns for using value without boundary check Commit: https://github.com/vim/vim/commit/ed7cb2df35244e40e5c4df06169b50e705427576 Author: Bram Moolenaar <Bram@vim.org> Date: Wed Aug 11 17:13:54 2021 +0200 patch 8.2.3331: Coverity warns for using value without boundary check Problem: Coverity warns for using value without boundary check. Solution: Add a boundary check.
author Bram Moolenaar <Bram@vim.org>
date Wed, 11 Aug 2021 17:15:05 +0200
parents 807673e369d6
children db8dfe879ef8
files src/version.c src/viminfo.c
diffstat 2 files changed, 6 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/version.c
+++ b/src/version.c
@@ -756,6 +756,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    3331,
+/**/
     3330,
 /**/
     3329,
--- a/src/viminfo.c
+++ b/src/viminfo.c
@@ -253,17 +253,18 @@ viminfo_readstring(
     int		off,		    // offset for virp->vir_line
     int		convert UNUSED)	    // convert the string
 {
-    char_u	*retval;
+    char_u	*retval = NULL;
     char_u	*s, *d;
     long	len;
 
     if (virp->vir_line[off] == Ctrl_V && vim_isdigit(virp->vir_line[off + 1]))
     {
 	len = atol((char *)virp->vir_line + off + 1);
-	retval = lalloc(len, TRUE);
+	if (len > 0 && len < 1000000)
+	    retval = lalloc(len, TRUE);
 	if (retval == NULL)
 	{
-	    // Line too long?  File messed up?  Skip next line.
+	    // Invalid length, line too long, out of memory?  Skip next line.
 	    (void)vim_fgets(virp->vir_line, 10, virp->vir_fd);
 	    return NULL;
 	}