Mercurial > vim
changeset 29357:f4ff490d51a7 v9.0.0021
patch 9.0.0021: invalid memory access when adding word to spell word list
Commit: https://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774
Author: Bram Moolenaar <Bram@vim.org>
Date: Fri Jul 1 22:26:20 2022 +0100
patch 9.0.0021: invalid memory access when adding word to spell word list
Problem: Invalid memory access when adding word with a control character to
the internal spell word list.
Solution: Disallow adding a word with control characters or a trailing
slash.
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Fri, 01 Jul 2022 23:30:02 +0200 |
parents | 6dadd92ee4ae |
children | 16533485a2bb |
files | src/spellfile.c src/testdir/test_spell.vim src/version.c |
diffstat | 3 files changed, 36 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/spellfile.c +++ b/src/spellfile.c @@ -4367,6 +4367,23 @@ wordtree_alloc(spellinfo_T *spin) } /* + * Return TRUE if "word" contains valid word characters. + * Control characters and trailing '/' are invalid. Space is OK. + */ + static int +valid_spell_word(char_u *word) +{ + char_u *p; + + if (enc_utf8 && !utf_valid_string(word, NULL)) + return FALSE; + for (p = word; *p != NUL; p += mb_ptr2len(p)) + if (*p < ' ' || (p[0] == '/' && p[1] == NUL)) + return FALSE; + return TRUE; +} + +/* * Store a word in the tree(s). * Always store it in the case-folded tree. For a keep-case word this is * useful when the word can also be used with all caps (no WF_FIXCAP flag) and @@ -4391,7 +4408,7 @@ store_word( char_u *p; // Avoid adding illegal bytes to the word tree. - if (enc_utf8 && !utf_valid_string(word, NULL)) + if (!valid_spell_word(word)) return FAIL; (void)spell_casefold(curwin, word, len, foldword, MAXWLEN); @@ -6194,7 +6211,7 @@ spell_add_word( int i; char_u *spf; - if (enc_utf8 && !utf_valid_string(word, NULL)) + if (!valid_spell_word(word)) { emsg(_(e_illegal_character_in_word)); return;
--- a/src/testdir/test_spell.vim +++ b/src/testdir/test_spell.vim @@ -854,6 +854,21 @@ func Test_spellsuggest_too_deep() bwipe! endfunc +func Test_spell_good_word_invalid() + " This was adding a word with a 0x02 byte, which causes havoc. + enew + norm o0 + sil! norm rzzWs00/ + 2 + sil! norm VzGprzzW + sil! norm z= + + bwipe! + " clear the internal word list + set enc=latin1 + set enc=utf-8 +endfunc + func LoadAffAndDic(aff_contents, dic_contents) set enc=latin1 set spellfile=