Patch 9.0.0021
Problem: Invalid memory access when adding word with a control character to
the internal spell word list.
Solution: Disallow adding a word with control characters or a trailing
slash.
Files: src/spellfile.c, src/testdir/test_spell.vim
*** ../vim-9.0.0020/src/spellfile.c 2022-05-08 22:17:57.000000000 +0100
--- src/spellfile.c 2022-07-01 22:24:54.847885846 +0100
***************
*** 4367,4372 ****
--- 4367,4389 ----
}
/*
+ * Return TRUE if "word" contains valid word characters.
+ * Control characters and trailing '/' are invalid. Space is OK.
+ */
+ static int
+ valid_spell_word(char_u *word)
+ {
+ char_u *p;
+
+ if (enc_utf8 && !utf_valid_string(word, NULL))
+ return FALSE;
+ for (p = word; *p != NUL; p += mb_ptr2len(p))
+ if (*p < ' ' || (p[0] == '/' && p[1] == NUL))
+ return FALSE;
+ return TRUE;
+ }
+
+ /*
* Store a word in the tree(s).
* Always store it in the case-folded tree. For a keep-case word this is
* useful when the word can also be used with all caps (no WF_FIXCAP flag) and
***************
*** 4391,4397 ****
char_u *p;
// Avoid adding illegal bytes to the word tree.
! if (enc_utf8 && !utf_valid_string(word, NULL))
return FAIL;
(void)spell_casefold(curwin, word, len, foldword, MAXWLEN);
--- 4408,4414 ----
char_u *p;
// Avoid adding illegal bytes to the word tree.
! if (!valid_spell_word(word))
return FAIL;
(void)spell_casefold(curwin, word, len, foldword, MAXWLEN);
***************
*** 6194,6200 ****
int i;
char_u *spf;
! if (enc_utf8 && !utf_valid_string(word, NULL))
{
emsg(_(e_illegal_character_in_word));
return;
--- 6211,6217 ----
int i;
char_u *spf;
! if (!valid_spell_word(word))
{
emsg(_(e_illegal_character_in_word));
return;
*** ../vim-9.0.0020/src/testdir/test_spell.vim 2022-06-18 14:05:09.000000000
+0100
--- src/testdir/test_spell.vim 2022-07-01 22:06:55.820111846 +0100
***************
*** 854,859 ****
--- 854,874 ----
bwipe!
endfunc
+ func Test_spell_good_word_invalid()
+ " This was adding a word with a 0x02 byte, which causes havoc.
+ enew
+ norm o0
+ sil! norm rzzWs00 /
+ 2
+ sil! norm VzGprzzW
+ sil! norm z=
+
+ bwipe!
+ " clear the internal word list
+ set enc=latin1
+ set enc=utf-8
+ endfunc
+
func LoadAffAndDic(aff_contents, dic_contents)
set enc=latin1
set spellfile=
*** ../vim-9.0.0020/src/version.c 2022-07-01 19:58:27.161837285 +0100
--- src/version.c 2022-07-01 22:08:30.044140558 +0100
***************
*** 737,738 ****
--- 737,740 ----
{ /* Add new patch number below this line */
+ /**/
+ 21,
/**/
--
hundred-and-one symptoms of being an internet addict:
37. You start looking for hot HTML addresses in public restrooms.
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/20220701212655.892151C091A%40moolenaar.net.
