Patch 8.0.0377

Bram Moolenaar Sun, 26 Feb 2017 09:12:06 -0800

Patch 8.0.0377
Problem:    Possible overflow when reading corrupted undo file.
Solution:   Check if allocated size is not too big. (King)
Files:      src/undo.c



*** ../vim-8.0.0376/src/undo.c  2017-01-17 22:09:41.310252893 +0100
--- src/undo.c  2017-02-26 18:10:43.165993259 +0100
***************
*** 1787,1793 ****
      linenr_T  line_lnum;
      colnr_T   line_colnr;
      linenr_T  line_count;
!     int               num_head = 0;
      long      old_header_seq, new_header_seq, cur_header_seq;
      long      seq_last, seq_cur;
      long      last_save_nr = 0;
--- 1787,1793 ----
      linenr_T  line_lnum;
      colnr_T   line_colnr;
      linenr_T  line_count;
!     long      num_head = 0;
      long      old_header_seq, new_header_seq, cur_header_seq;
      long      seq_last, seq_cur;
      long      last_save_nr = 0;
***************
*** 1974,1980 ****
       * When there are no headers uhp_table is NULL. */
      if (num_head > 0)
      {
!       uhp_table = (u_header_T **)U_ALLOC_LINE(
                                             num_head * sizeof(u_header_T *));
        if (uhp_table == NULL)
            goto error;
--- 1974,1981 ----
       * When there are no headers uhp_table is NULL. */
      if (num_head > 0)
      {
!       if (num_head < LONG_MAX / (long)sizeof(u_header_T *))
!           uhp_table = (u_header_T **)U_ALLOC_LINE(
                                             num_head * sizeof(u_header_T *));
        if (uhp_table == NULL)
            goto error;
*** ../vim-8.0.0376/src/version.c       2017-02-26 15:27:18.463432807 +0100
--- src/version.c       2017-02-26 18:10:54.129917726 +0100
***************
*** 766,767 ****
--- 766,769 ----
  {   /* Add new patch number below this line */
+ /**/
+     377,
  /**/

-- 
How To Keep A Healthy Level Of Insanity:
5. Put decaf in the coffee maker for 3 weeks. Once everyone has gotten
   over their caffeine addictions, switch to espresso.

 /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Patch 8.0.0377

Raspunde prin e-mail lui