Mercurial > vim

diff src/spellsuggest.c @ 29536:6d93f09815c1 v9.0.0109

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.0109: writing over the end of a buffer on stack Commit: https://github.com/vim/vim/commit/1eead4cf1daf87ee41aeb4de3b3e38708417f9d5 Author: Bram Moolenaar <Bram@vim.org> Date: Sat Jul 30 11:39:57 2022 +0100 patch 9.0.0109: writing over the end of a buffer on stack Problem: Writing over the end of a buffer on stack when making list of spell suggestions. Solution: Make sure suggested word is not too long. (closes #10812)
author Bram Moolenaar <Bram@vim.org>
date Sat, 30 Jul 2022 12:45:02 +0200
parents b8dc0a76911e
children c7983f593fa7
line wrap: on
line diff
--- a/src/spellsuggest.c
+++ b/src/spellsuggest.c
@@ -592,15 +592,17 @@ spell_suggest(int count)
 	msg_scroll = TRUE;
 	for (i = 0; i < sug.su_ga.ga_len; ++i)
 	{
+	    int el;
+
 	    stp = &SUG(sug.su_ga, i);
 
 	    // The suggested word may replace only part of the bad word, add
-	    // the not replaced part.
+	    // the not replaced part.  But only when it's not getting too long.
 	    vim_strncpy(wcopy, stp->st_word, MAXWLEN);
-	    if (sug.su_badlen > stp->st_orglen)
+	    el = sug.su_badlen - stp->st_orglen;
+	    if (el > 0 && stp->st_wordlen + el <= MAXWLEN)
 		vim_strncpy(wcopy + stp->st_wordlen,
-					       sug.su_badptr + stp->st_orglen,
-					      sug.su_badlen - stp->st_orglen);
+					   sug.su_badptr + stp->st_orglen, el);
 	    vim_snprintf((char *)IObuff, IOSIZE, "%2d", i + 1);
 #ifdef FEAT_RIGHTLEFT
 	    if (cmdmsg_rl)