mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-25 04:28:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:9.0.0021: invalid memory access when adding word to spell word list

Browse Source 
Problem:    Invalid memory access when adding word with a control character to
            the internal spell word list.
Solution:   Disallow adding a word with control characters or a trailing
            slash.
5e59ea54c0
This commit is contained in:
zeertzjq
2022-07-02 06:37:28 +08:00
parent 0b15c01912
commit 998a96803b
2 changed files with 32 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/nvim/spellfile.c
View File

@@ -3904,6 +3904,21 @@ static wordnode_T *wordtree_alloc(spellinfo_T *spin)
return (wordnode_T *)getroom(spin, sizeof(wordnode_T), true); return (wordnode_T *)getroom(spin, sizeof(wordnode_T), true);
} }
/// Return true if "word" contains valid word characters.
/// Control characters and trailing '/' are invalid. Space is OK.
static bool valid_spell_word(const char_u *word)
{
if (!utf_valid_string(word, NULL)) {
return false;
}
for (const char_u *p = word; *p != NUL; p += utfc_ptr2len((const char *)p)) {
if (*p < ' ' || (p[0] == '/' && p[1] == NUL)) {
return false;
}
}
return true;
}
/// Store a word in the tree(s). /// Store a word in the tree(s).
/// Always store it in the case-folded tree. For a keep-case word this is /// Always store it in the case-folded tree. For a keep-case word this is
/// useful when the word can also be used with all caps (no WF_FIXCAP flag) and /// useful when the word can also be used with all caps (no WF_FIXCAP flag) and
@@ -3925,7 +3940,7 @@ static int store_word(spellinfo_T *spin, char_u *word, int flags, int region, co
int res = OK; int res = OK;
// Avoid adding illegal bytes to the word tree. // Avoid adding illegal bytes to the word tree.
if (!utf_valid_string(word, NULL)) { if (!valid_spell_word(word)) {
return FAIL; return FAIL;
} }
@@ -5522,7 +5537,7 @@ void spell_add_word(char_u *word, int len, SpellAddType what, int idx, bool undo
int i; int i;
char_u *spf; char_u *spf;
if (!utf_valid_string(word, NULL)) { if (!valid_spell_word(word)) {
emsg(_(e_illegal_character_in_word)); emsg(_(e_illegal_character_in_word));
return; return;
} }

15
src/nvim/testdir/test_spell.vim
View File

@@ -699,6 +699,21 @@ func Test_spellsuggest_too_deep()
bwipe! bwipe!
endfunc endfunc
func Test_spell_good_word_invalid()
" This was adding a word with a 0x02 byte, which causes havoc.
enew
norm o0
sil! norm rzzWs00/
2
sil! norm VzGprzzW
sil! norm z=
bwipe!
" clear the internal word list
" set enc=latin1
set enc=utf-8
endfunc
func LoadAffAndDic(aff_contents, dic_contents) func LoadAffAndDic(aff_contents, dic_contents)
throw 'skipped: Nvim does not support enc=latin1' throw 'skipped: Nvim does not support enc=latin1'
set enc=latin1 set enc=latin1