Problem: spell_read_aff() uses sprintf() into a fixed-size stack buffer
without bounds checking. store_aff_word() uses STRCAT() to
append attacker-controlled strings into newword[MAXWLEN] without
checking remaining space. Both are reachable via :mkspell with
crafted .aff/.dic files (xinyi234)
Solution: Replace sprintf() with vim_snprintf() in spell_read_aff().
Replace STRCAT() with STRNCAT() with explicit remaining-space
calculation in store_aff_word().
closes: vim/vim#1994407faa961a0
Co-authored-by: Christian Brabandt <cb@256bit.org>
Problem:
First rtp directory is unpredictable and not in line with XDG
base spec.
Solution:
Use stdpath('data')/spell as directory if 'spellfile' is not set.
Co-authored-by: zeertzjq <zeertzjq@outlook.com>
Co-authored-by: Justin M. Keyes <justinkz@gmail.com>
Problem: E1510 may happen when formatting a message
(after 9.1.0181).
Solution: Only give E1510 when using typval. (zeertzjq)
closes: vim/vim#153910dff31576a
Problem: Too many delete() calls in tests.
Solution: Use deferred delete where possible.
56564964e6
This includes all changes expect changes in test_startup.vim.
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: Spellfile code not completely tested.
Solution: Add a few more test cases. (Yegappan Lakshmanan, closesvim/vim#6929)
96fdf4348a
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: Spellfile code not completely tested.
Solution: Add a few more test cases. (Yegappan Lakshmanan, closesvim/vim#6918)
64e2db6dc6
Fix incorrect spellfile message.
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: Crash when using ":mkspell" with an empty .dic file.
Solution: Check for an empty word tree.
6669de1b23
Co-authored-by: Bram Moolenaar <Bram@vim.org>
Problem: Not enough characters accepted for 'spellfile'.
Solution: Add vim_is_fname_char() and use it for 'spellfile'.
bc49c5f48f
Cherry-pick related doc update from Vim runtime.
Co-authored-by: Bram Moolenaar <Bram@vim.org>
