blob: 8672367ab91857a0388a66ab6b758c986ba25a74 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
From ad7f7a3f81077ddfac451acd33ca049b9f2a5178 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 17 Nov 2021 11:22:21 +0800
Subject: [PATCH] patch 8.2.3582: reading uninitialized memory when giving
spell suggestions
Problem: Reading uninitialized memory when giving spell suggestions.
Solution: Check that preword is not empty.
CVE: CVE-2021-3928
Upstream-Status: Backport [https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
src/spellsuggest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/spellsuggest.c b/src/spellsuggest.c
index 9d6df7930..88307b203 100644
--- a/src/spellsuggest.c
+++ b/src/spellsuggest.c
@@ -1600,7 +1600,7 @@ suggest_trie_walk(
// char, e.g., "thes," -> "these".
p = fword + sp->ts_fidx;
MB_PTR_BACK(fword, p);
- if (!spell_iswordp(p, curwin))
+ if (!spell_iswordp(p, curwin) && *preword != NUL)
{
p = preword + STRLEN(preword);
MB_PTR_BACK(preword, p);
--
2.17.1
|