Mercurial > vim
diff src/spellfile.c @ 29357:f4ff490d51a7 v9.0.0021
patch 9.0.0021: invalid memory access when adding word to spell word list
Commit: https://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774
Author: Bram Moolenaar <Bram@vim.org>
Date: Fri Jul 1 22:26:20 2022 +0100
patch 9.0.0021: invalid memory access when adding word to spell word list
Problem: Invalid memory access when adding word with a control character to
the internal spell word list.
Solution: Disallow adding a word with control characters or a trailing
slash.
| author | Bram Moolenaar <Bram@vim.org> |
|---|---|
| date | Fri, 01 Jul 2022 23:30:02 +0200 |
| parents | a161c262e947 |
| children | 61796d98c856 |
line wrap: on
line diff
--- a/src/spellfile.c +++ b/src/spellfile.c @@ -4367,6 +4367,23 @@ wordtree_alloc(spellinfo_T *spin) } /* + * Return TRUE if "word" contains valid word characters. + * Control characters and trailing '/' are invalid. Space is OK. + */ + static int +valid_spell_word(char_u *word) +{ + char_u *p; + + if (enc_utf8 && !utf_valid_string(word, NULL)) + return FALSE; + for (p = word; *p != NUL; p += mb_ptr2len(p)) + if (*p < ' ' || (p[0] == '/' && p[1] == NUL)) + return FALSE; + return TRUE; +} + +/* * Store a word in the tree(s). * Always store it in the case-folded tree. For a keep-case word this is * useful when the word can also be used with all caps (no WF_FIXCAP flag) and @@ -4391,7 +4408,7 @@ store_word( char_u *p; // Avoid adding illegal bytes to the word tree. - if (enc_utf8 && !utf_valid_string(word, NULL)) + if (!valid_spell_word(word)) return FAIL; (void)spell_casefold(curwin, word, len, foldword, MAXWLEN); @@ -6194,7 +6211,7 @@ spell_add_word( int i; char_u *spf; - if (enc_utf8 && !utf_valid_string(word, NULL)) + if (!valid_spell_word(word)) { emsg(_(e_illegal_character_in_word)); return;