IntenseFinance/neovim
3
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-02-25 18:55:25 -06:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:9.0.0021: invalid memory access when adding word to spell word list

Browse Source 
Problem:    Invalid memory access when adding word with a control character to
            the internal spell word list.
Solution:   Disallow adding a word with control characters or a trailing
            slash.
5e59ea54c0
This commit is contained in:
zeertzjq 2022-07-02 06:37:28 +08:00
parent 0b15c01912
commit 998a96803b
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/nvim/spellfile.c
View File

@ -3904,6 +3904,21 @@ static wordnode_T *wordtree_alloc(spellinfo_T *spin)
return (wordnode_T *)getroom(spin, sizeof(wordnode_T), true);
}
/// Return true if "word" contains valid word characters.
/// Control characters and trailing '/' are invalid. Space is OK.
static bool valid_spell_word(const char_u *word)
{
if (!utf_valid_string(word, NULL)) {
return false;
}
for (const char_u *p = word; *p != NUL; p += utfc_ptr2len((const char *)p)) {
if (*p < ' ' || (p[0] == '/' && p[1] == NUL)) {
return false;
}
}
return true;
}
/// Store a word in the tree(s).
/// Always store it in the case-folded tree. For a keep-case word this is
/// useful when the word can also be used with all caps (no WF_FIXCAP flag) and
@ -3925,7 +3940,7 @@ static int store_word(spellinfo_T *spin, char_u *word, int flags, int region, co
int res = OK;
// Avoid adding illegal bytes to the word tree.
if (!utf_valid_string(word, NULL)) {
if (!valid_spell_word(word)) {
return FAIL;
}
@ -5522,7 +5537,7 @@ void spell_add_word(char_u *word, int len, SpellAddType what, int idx, bool undo
int i;
char_u *spf;
if (!utf_valid_string(word, NULL)) {
if (!valid_spell_word(word)) {
emsg(_(e_illegal_character_in_word));
return;
}

15
src/nvim/testdir/test_spell.vim
View File

@ -699,6 +699,21 @@ func Test_spellsuggest_too_deep()
bwipe!
endfunc
func Test_spell_good_word_invalid()
" This was adding a word with a 0x02 byte, which causes havoc.
enew
norm o0
sil! norm rzzWs00/
2
sil! norm VzGprzzW
sil! norm z=
bwipe!
" clear the internal word list
" set enc=latin1
set enc=utf-8
endfunc
func LoadAffAndDic(aff_contents, dic_contents)
throw 'skipped: Nvim does not support enc=latin1'
set enc=latin1