Mercurial > vim

changeset 10974:7d735b86f764 v8.0.0376

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.0.0376: size computations in spell file reading are off commit https://github.com/vim/vim/commit/6d3c8586fc81b022e9f06c611b9926108fb878c7 Author: Bram Moolenaar <Bram@vim.org> Date: Sun Feb 26 15:27:23 2017 +0100 patch 8.0.0376: size computations in spell file reading are off Problem: Size computations in spell file reading are not exactly right. Solution: Make "len" a "long" and check with LONG_MAX.
author Christian Brabandt <cb@256bit.org>
date Sun, 26 Feb 2017 15:30:03 +0100
parents 00caec82ffc8
children 67a025a62042
files src/spellfile.c src/version.c
diffstat 2 files changed, 4 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/spellfile.c
+++ b/src/spellfile.c
@@ -1585,7 +1585,7 @@ spell_read_tree(
     int		prefixtree,	/* TRUE for the prefix tree */
     int		prefixcnt)	/* when "prefixtree" is TRUE: prefix count */
 {
-    int		len;
+    long	len;
     int		idx;
     char_u	*bp;
     idx_T	*ip;
@@ -1595,7 +1595,7 @@ spell_read_tree(
     len = get4c(fd);
     if (len < 0)
 	return SP_TRUNCERROR;
-    if (len >= 0x3ffffff)
+    if (len >= LONG_MAX / (long)sizeof(int))
 	/* Invalid length, multiply with sizeof(int) would overflow. */
 	return SP_FORMERROR;
     if (len > 0)
--- a/src/version.c
+++ b/src/version.c
@@ -765,6 +765,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    376,
+/**/
     375,
 /**/
     374,