Patch 8.0.0378
Problem: Another possible overflow when reading corrupted undo file.
Solution: Check if allocated size is not too big. (King)
Files: src/undo.c
*** ../vim-8.0.0377/src/undo.c 2017-02-26 18:11:32.741651768 +0100
--- src/undo.c 2017-02-26 18:15:58.615822683 +0100
***************
*** 1385,1391 ****
{
int i;
u_entry_T *uep;
! char_u **array;
char_u *line;
int line_len;
--- 1385,1391 ----
{
int i;
u_entry_T *uep;
! char_u **array = NULL;
char_u *line;
int line_len;
***************
*** 1402,1408 ****
uep->ue_size = undo_read_4c(bi);
if (uep->ue_size > 0)
{
! array = (char_u **)U_ALLOC_LINE(sizeof(char_u *) * uep->ue_size);
if (array == NULL)
{
*error = TRUE;
--- 1402,1409 ----
uep->ue_size = undo_read_4c(bi);
if (uep->ue_size > 0)
{
! if (uep->ue_size < LONG_MAX / (int)sizeof(char_u *))
! array = (char_u **)U_ALLOC_LINE(sizeof(char_u *) * uep->ue_size);
if (array == NULL)
{
*error = TRUE;
***************
*** 1410,1417 ****
}
vim_memset(array, 0, sizeof(char_u *) * uep->ue_size);
}
- else
- array = NULL;
uep->ue_array = array;
for (i = 0; i < uep->ue_size; ++i)
--- 1411,1416 ----
*** ../vim-8.0.0377/src/version.c 2017-02-26 18:11:32.741651768 +0100
--- src/version.c 2017-02-26 18:16:39.331542915 +0100
***************
*** 766,767 ****
--- 766,769 ----
{ /* Add new patch number below this line */
+ /**/
+ 378,
/**/
--
How To Keep A Healthy Level Of Insanity:
6. In the memo field of all your checks, write "for sexual favors".
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
