Mercurial > vim
changeset 25589:50f8204eb8f7 v8.2.3331
patch 8.2.3331: Coverity warns for using value without boundary check
Commit: https://github.com/vim/vim/commit/ed7cb2df35244e40e5c4df06169b50e705427576
Author: Bram Moolenaar <Bram@vim.org>
Date: Wed Aug 11 17:13:54 2021 +0200
patch 8.2.3331: Coverity warns for using value without boundary check
Problem: Coverity warns for using value without boundary check.
Solution: Add a boundary check.
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Wed, 11 Aug 2021 17:15:05 +0200 |
parents | 807673e369d6 |
children | db8dfe879ef8 |
files | src/version.c src/viminfo.c |
diffstat | 2 files changed, 6 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/version.c +++ b/src/version.c @@ -756,6 +756,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 3331, +/**/ 3330, /**/ 3329,
--- a/src/viminfo.c +++ b/src/viminfo.c @@ -253,17 +253,18 @@ viminfo_readstring( int off, // offset for virp->vir_line int convert UNUSED) // convert the string { - char_u *retval; + char_u *retval = NULL; char_u *s, *d; long len; if (virp->vir_line[off] == Ctrl_V && vim_isdigit(virp->vir_line[off + 1])) { len = atol((char *)virp->vir_line + off + 1); - retval = lalloc(len, TRUE); + if (len > 0 && len < 1000000) + retval = lalloc(len, TRUE); if (retval == NULL) { - // Line too long? File messed up? Skip next line. + // Invalid length, line too long, out of memory? Skip next line. (void)vim_fgets(virp->vir_line, 10, virp->vir_fd); return NULL; }