Patch 8.2.5072
Problem: Using uninitialized value and freed memory in spell command.
Solution: Initialize "attr". Check for empty line early.
Files: src/spell.c, src/testdir/test_spell_utf8.vim
*** ../vim-8.2.5071/src/spell.c 2022-05-20 14:10:45.324929965 +0100
--- src/spell.c 2022-06-09 19:53:29.204112786 +0100
***************
*** 1275,1281 ****
char_u *line;
char_u *p;
char_u *endp;
! hlf_T attr;
int len;
#ifdef FEAT_SYN_HL
int has_syntax = syntax_present(wp);
--- 1275,1281 ----
char_u *line;
char_u *p;
char_u *endp;
! hlf_T attr = 0;
int len;
#ifdef FEAT_SYN_HL
int has_syntax = syntax_present(wp);
***************
*** 1308,1313 ****
--- 1308,1315 ----
while (!got_int)
{
+ int empty_line;
+
line = ml_get_buf(wp->w_buffer, lnum, FALSE);
len = (int)STRLEN(line);
***************
*** 1340,1346 ****
}
// Copy the line into "buf" and append the start of the next line if
! // possible.
STRCPY(buf, line);
if (lnum < wp->w_buffer->b_ml.ml_line_count)
spell_cat_line(buf + STRLEN(buf),
--- 1342,1350 ----
}
// Copy the line into "buf" and append the start of the next line if
! // possible. Note: this ml_get_buf() may make "line" invalid, check
! // for empty line first.
! empty_line = *skipwhite(line) == NUL;
STRCPY(buf, line);
if (lnum < wp->w_buffer->b_ml.ml_line_count)
spell_cat_line(buf + STRLEN(buf),
***************
*** 1487,1493 ****
--capcol;
// But after empty line check first word in next line
! if (*skipwhite(line) == NUL)
capcol = 0;
}
--- 1491,1497 ----
--capcol;
// But after empty line check first word in next line
! if (empty_line)
capcol = 0;
}
*** ../vim-8.2.5071/src/testdir/test_spell_utf8.vim 2022-05-23
12:01:10.937519982 +0100
--- src/testdir/test_spell_utf8.vim 2022-06-09 19:49:50.030340909 +0100
***************
*** 802,806 ****
--- 802,821 ----
call delete('Xtmpfile')
endfunc
+ func Test_check_empty_line()
+ " This was using freed memory
+ enew
+ spellgood! fl
+ norm z=
+ norm yy
+ sil! norm P]svc
+ norm P]s
+
+ " set 'encoding' to clear the wordt list
+ set enc=latin1
+ set enc=utf-8
+ bwipe!
+ endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
*** ../vim-8.2.5071/src/version.c 2022-06-09 14:50:05.597785001 +0100
--- src/version.c 2022-06-09 19:20:44.454738354 +0100
***************
*** 736,737 ****
--- 736,739 ----
{ /* Add new patch number below this line */
+ /**/
+ 5072,
/**/
--
Arthur pulls Pin out. The MONK blesses the grenade as ...
ARTHUR: (quietly) One, two, five ...
GALAHAD: Three, sir!
ARTHUR: Three.
"Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD
/// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/20220609185857.C12B51C291C%40moolenaar.net.
