Patch 8.2.5072

9 views

Skip to first unread message

Bram Moolenaar

unread,

Jun 9, 2022, 2:59:02 PM6/9/22

to vim...@googlegroups.com

Patch 8.2.5072
Problem: Using uninitialized value and freed memory in spell command.
Solution: Initialize "attr". Check for empty line early.
Files: src/spell.c, src/testdir/test_spell_utf8.vim

*** ../vim-8.2.5071/src/spell.c 2022-05-20 14:10:45.324929965 +0100
--- src/spell.c 2022-06-09 19:53:29.204112786 +0100
***************
*** 1275,1281 ****
char_u *line;
char_u *p;
char_u *endp;
! hlf_T attr;
int len;
#ifdef FEAT_SYN_HL
int has_syntax = syntax_present(wp);
--- 1275,1281 ----
char_u *line;
char_u *p;
char_u *endp;
! hlf_T attr = 0;
int len;
#ifdef FEAT_SYN_HL
int has_syntax = syntax_present(wp);
***************
*** 1308,1313 ****
--- 1308,1315 ----

while (!got_int)
{
+ int empty_line;
+
line = ml_get_buf(wp->w_buffer, lnum, FALSE);

len = (int)STRLEN(line);
***************
*** 1340,1346 ****
}

// Copy the line into "buf" and append the start of the next line if
! // possible.
STRCPY(buf, line);
if (lnum < wp->w_buffer->b_ml.ml_line_count)
spell_cat_line(buf + STRLEN(buf),
--- 1342,1350 ----
}

// Copy the line into "buf" and append the start of the next line if
! // possible. Note: this ml_get_buf() may make "line" invalid, check
! // for empty line first.
! empty_line = *skipwhite(line) == NUL;
STRCPY(buf, line);
if (lnum < wp->w_buffer->b_ml.ml_line_count)
spell_cat_line(buf + STRLEN(buf),
***************
*** 1487,1493 ****
--capcol;

// But after empty line check first word in next line
! if (*skipwhite(line) == NUL)
capcol = 0;
}

--- 1491,1497 ----
--capcol;

// But after empty line check first word in next line
! if (empty_line)
capcol = 0;
}

*** ../vim-8.2.5071/src/testdir/test_spell_utf8.vim 2022-05-23 12:01:10.937519982 +0100
--- src/testdir/test_spell_utf8.vim 2022-06-09 19:49:50.030340909 +0100
***************
*** 802,806 ****
--- 802,821 ----
call delete('Xtmpfile')
endfunc

+ func Test_check_empty_line()
+ " This was using freed memory
+ enew
+ spellgood! ﬂ
+ norm z=
+ norm yy
+ sil! norm P]svc
+ norm P]s
+
+ " set 'encoding' to clear the wordt list
+ set enc=latin1
+ set enc=utf-8
+ bwipe!
+ endfunc
+

" vim: shiftwidth=2 sts=2 expandtab
*** ../vim-8.2.5071/src/version.c 2022-06-09 14:50:05.597785001 +0100
--- src/version.c 2022-06-09 19:20:44.454738354 +0100
***************
*** 736,737 ****
--- 736,739 ----
{ /* Add new patch number below this line */
+ /**/
+ 5072,
/**/

--
Arthur pulls Pin out. The MONK blesses the grenade as ...
ARTHUR: (quietly) One, two, five ...
GALAHAD: Three, sir!
ARTHUR: Three.
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///

Reply all

Reply to author

Forward

0 new messages