mirror of
https://github.com/neovim/neovim.git
synced 2025-02-25 18:55:25 -06:00
vim-patch:8.0.0376
Problem: Size computations in spell file reading are not exactly right.
Solution: Make "len" a "long" and check with LONG_MAX.
6d3c8586fc
This commit is contained in:
parent
b338bb9d6c
commit
4af6c60826
@ -223,6 +223,7 @@
|
||||
// few bytes as possible, see offset2bytes())
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdint.h>
|
||||
#include <wctype.h>
|
||||
|
||||
#include "nvim/vim.h"
|
||||
@ -1569,10 +1570,10 @@ spell_read_tree (
|
||||
|
||||
// The tree size was computed when writing the file, so that we can
|
||||
// allocate it as one long block. <nodecount>
|
||||
int len = get4c(fd);
|
||||
long len = get4c(fd);
|
||||
if (len < 0)
|
||||
return SP_TRUNCERROR;
|
||||
if (len >= 0x3ffffff) {
|
||||
if ((size_t)len >= SIZE_MAX / sizeof(int)) {
|
||||
// Invalid length, multiply with sizeof(int) would overflow.
|
||||
return SP_FORMERROR;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user