Patch 8.2.4247

[Bram Moolenaar]

Patch 8.2.4247
Problem: Stack corruption when looking for spell suggestions.
Solution: Prevent the depth increased too much. Add a five second time
limit to finding suggestions.
Files: src/spellsuggest.c, src/testdir/test_spell.vim


*** ../vim-8.2.4246/src/spellsuggest.c 2022-01-08 16:19:18.509639849 +0000
--- src/spellsuggest.c 2022-01-29 10:47:58.041686386 +0000
***************
*** 1205,1211 ****

// Check the maximum score, if we go over it we won't try this change.
#define TRY_DEEPER(su, stack, depth, add) \
! (stack[depth].ts_score + (add) < su->su_maxscore)

/*
* Try finding suggestions by adding/removing/swapping letters.
--- 1205,1211 ----

// Check the maximum score, if we go over it we won't try this change.
#define TRY_DEEPER(su, stack, depth, add) \
! (depth < MAXWLEN && stack[depth].ts_score + (add) < su->su_maxscore)

/*
* Try finding suggestions by adding/removing/swapping letters.
***************
*** 1277,1282 ****
--- 1277,1285 ----
char_u changename[MAXWLEN][80];
#endif
int breakcheckcount = 1000;
+ #ifdef FEAT_RELTIME
+ proftime_T time_limit;
+ #endif
int compound_ok;

// Go through the whole case-fold tree, try changes at each node.
***************
*** 1321,1326 ****
--- 1324,1334 ----
sp->ts_state = STATE_START;
}
}
+ #ifdef FEAT_RELTIME
+ // The loop may take an indefinite amount of time. Break out after five
+ // sectonds. TODO: add an option for the time limit.
+ profile_setlimit(5000, &time_limit);
+ #endif

// Loop to find all suggestions. At each round we either:
// - For the current state try one operation, advance "ts_curi",
***************
*** 1355,1361 ****

// At end of a prefix or at start of prefixtree: check for
// following word.
! if (byts[arridx] == 0 || n == (int)STATE_NOPREFIX)
{
// Set su->su_badflags to the caps type at this position.
// Use the caps type until here for the prefix itself.
--- 1363,1370 ----

// At end of a prefix or at start of prefixtree: check for
// following word.
! if (depth < MAXWLEN
! && (byts[arridx] == 0 || n == (int)STATE_NOPREFIX))
{
// Set su->su_badflags to the caps type at this position.
// Use the caps type until here for the prefix itself.
***************
*** 2649,2654 ****
--- 2658,2667 ----
{
ui_breakcheck();
breakcheckcount = 1000;
+ #ifdef FEAT_RELTIME
+ if (profile_passed_limit(&time_limit))
+ got_int = TRUE;
+ #endif
}
}
}
*** ../vim-8.2.4246/src/testdir/test_spell.vim 2021-12-05 13:21:14.646456572 +0000
--- src/testdir/test_spell.vim 2022-01-29 10:49:06.160557178 +0000
***************
*** 773,778 ****
--- 773,786 ----
set nospell
endfunc

+ func Test_spellsuggest_too_deep()
+ " This was incrementing "depth" over MAXWLEN.
+ new
+ norm s000G00ý000000000000
+ sil norm ..vzG................vvzG0 v z=
+ bwipe!
+ endfunc
+
func LoadAffAndDic(aff_contents, dic_contents)
set enc=latin1
set spellfile=
*** ../vim-8.2.4246/src/version.c 2022-01-28 21:00:47.663144715 +0000
--- src/version.c 2022-01-29 10:49:42.907948039 +0000
***************
*** 752,753 ****
--- 752,755 ----
{ /* Add new patch number below this line */
+ /**/
+ 4247,
/**/

--
FIRST SOLDIER: So they wouldn't be able to bring a coconut back anyway.
SECOND SOLDIER: Wait a minute! Suppose two swallows carried it together?
FIRST SOLDIER: No, they'd have to have it on a line.
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///