Mercurial > vim
changeset 10974:7d735b86f764 v8.0.0376
patch 8.0.0376: size computations in spell file reading are off
commit https://github.com/vim/vim/commit/6d3c8586fc81b022e9f06c611b9926108fb878c7
Author: Bram Moolenaar <Bram@vim.org>
Date: Sun Feb 26 15:27:23 2017 +0100
patch 8.0.0376: size computations in spell file reading are off
Problem: Size computations in spell file reading are not exactly right.
Solution: Make "len" a "long" and check with LONG_MAX.
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Sun, 26 Feb 2017 15:30:03 +0100 |
parents | 00caec82ffc8 |
children | 67a025a62042 |
files | src/spellfile.c src/version.c |
diffstat | 2 files changed, 4 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/spellfile.c +++ b/src/spellfile.c @@ -1585,7 +1585,7 @@ spell_read_tree( int prefixtree, /* TRUE for the prefix tree */ int prefixcnt) /* when "prefixtree" is TRUE: prefix count */ { - int len; + long len; int idx; char_u *bp; idx_T *ip; @@ -1595,7 +1595,7 @@ spell_read_tree( len = get4c(fd); if (len < 0) return SP_TRUNCERROR; - if (len >= 0x3ffffff) + if (len >= LONG_MAX / (long)sizeof(int)) /* Invalid length, multiply with sizeof(int) would overflow. */ return SP_FORMERROR; if (len > 0)