mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-30 06:58:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:8.0.0376

Browse Source 
Problem:    Size computations in spell file reading are not exactly right.
Solution:   Make "len" a "long" and check with LONG_MAX.

6d3c8586fc
This commit is contained in:
James McCoy
2017-04-09 00:46:52 -04:00
parent b338bb9d6c
commit 4af6c60826
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/nvim/spellfile.c
View File

@@ -223,6 +223,7 @@
// few bytes as possible, see offset2bytes()) // few bytes as possible, see offset2bytes())
#include <stdio.h> #include <stdio.h>
#include <stdint.h>
#include <wctype.h> #include <wctype.h>
#include "nvim/vim.h" #include "nvim/vim.h"
@@ -1569,10 +1570,10 @@ spell_read_tree (
// The tree size was computed when writing the file, so that we can // The tree size was computed when writing the file, so that we can
// allocate it as one long block. <nodecount> // allocate it as one long block. <nodecount>
int len = get4c(fd); long len = get4c(fd);
if (len < 0) if (len < 0)
return SP_TRUNCERROR; return SP_TRUNCERROR;
if (len >= 0x3ffffff) { if ((size_t)len >= SIZE_MAX / sizeof(int)) {
// Invalid length, multiply with sizeof(int) would overflow. // Invalid length, multiply with sizeof(int) would overflow.
return SP_FORMERROR; return SP_FORMERROR;
} }