Mercurial > vim
comparison src/spellfile.c @ 29357:f4ff490d51a7 v9.0.0021
patch 9.0.0021: invalid memory access when adding word to spell word list
Commit: https://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774
Author: Bram Moolenaar <Bram@vim.org>
Date: Fri Jul 1 22:26:20 2022 +0100
patch 9.0.0021: invalid memory access when adding word to spell word list
Problem: Invalid memory access when adding word with a control character to
the internal spell word list.
Solution: Disallow adding a word with control characters or a trailing
slash.
| author | Bram Moolenaar <Bram@vim.org> |
|---|---|
| date | Fri, 01 Jul 2022 23:30:02 +0200 |
| parents | a161c262e947 |
| children | 61796d98c856 |
comparison
equal
deleted
inserted
replaced
| 29356:6dadd92ee4ae | 29357:f4ff490d51a7 |
|---|---|
| 4365 { | 4365 { |
| 4366 return (wordnode_T *)getroom(spin, sizeof(wordnode_T), TRUE); | 4366 return (wordnode_T *)getroom(spin, sizeof(wordnode_T), TRUE); |
| 4367 } | 4367 } |
| 4368 | 4368 |
| 4369 /* | 4369 /* |
| 4370 * Return TRUE if "word" contains valid word characters. | |
| 4371 * Control characters and trailing '/' are invalid. Space is OK. | |
| 4372 */ | |
| 4373 static int | |
| 4374 valid_spell_word(char_u *word) | |
| 4375 { | |
| 4376 char_u *p; | |
| 4377 | |
| 4378 if (enc_utf8 && !utf_valid_string(word, NULL)) | |
| 4379 return FALSE; | |
| 4380 for (p = word; *p != NUL; p += mb_ptr2len(p)) | |
| 4381 if (*p < ' ' || (p[0] == '/' && p[1] == NUL)) | |
| 4382 return FALSE; | |
| 4383 return TRUE; | |
| 4384 } | |
| 4385 | |
| 4386 /* | |
| 4370 * Store a word in the tree(s). | 4387 * Store a word in the tree(s). |
| 4371 * Always store it in the case-folded tree. For a keep-case word this is | 4388 * Always store it in the case-folded tree. For a keep-case word this is |
| 4372 * useful when the word can also be used with all caps (no WF_FIXCAP flag) and | 4389 * useful when the word can also be used with all caps (no WF_FIXCAP flag) and |
| 4373 * used to find suggestions. | 4390 * used to find suggestions. |
| 4374 * For a keep-case word also store it in the keep-case tree. | 4391 * For a keep-case word also store it in the keep-case tree. |
| 4389 char_u foldword[MAXWLEN]; | 4406 char_u foldword[MAXWLEN]; |
| 4390 int res = OK; | 4407 int res = OK; |
| 4391 char_u *p; | 4408 char_u *p; |
| 4392 | 4409 |
| 4393 // Avoid adding illegal bytes to the word tree. | 4410 // Avoid adding illegal bytes to the word tree. |
| 4394 if (enc_utf8 && !utf_valid_string(word, NULL)) | 4411 if (!valid_spell_word(word)) |
| 4395 return FAIL; | 4412 return FAIL; |
| 4396 | 4413 |
| 4397 (void)spell_casefold(curwin, word, len, foldword, MAXWLEN); | 4414 (void)spell_casefold(curwin, word, len, foldword, MAXWLEN); |
| 4398 for (p = pfxlist; res == OK; ++p) | 4415 for (p = pfxlist; res == OK; ++p) |
| 4399 { | 4416 { |
| 6192 char_u line[MAXWLEN * 2]; | 6209 char_u line[MAXWLEN * 2]; |
| 6193 long fpos, fpos_next = 0; | 6210 long fpos, fpos_next = 0; |
| 6194 int i; | 6211 int i; |
| 6195 char_u *spf; | 6212 char_u *spf; |
| 6196 | 6213 |
| 6197 if (enc_utf8 && !utf_valid_string(word, NULL)) | 6214 if (!valid_spell_word(word)) |
| 6198 { | 6215 { |
| 6199 emsg(_(e_illegal_character_in_word)); | 6216 emsg(_(e_illegal_character_in_word)); |
| 6200 return; | 6217 return; |
| 6201 } | 6218 } |
| 6202 | 6219 |