gnu: vim: Use upstream fix for CVE-2017-5953.
* gnu/packages/patches/vim-CVE-2017-5953.patch: Adjust to match upstream changes.
This commit is contained in:
parent
2f1d20a8d4
commit
ffa771d2b4
|
@ -3,20 +3,28 @@ Fix CVE-2017-5953:
|
|||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953
|
||||
https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY
|
||||
|
||||
Patch adapted from upstream commit, correcting the transcription error
|
||||
in the bounds check:
|
||||
This change is adapted from the upstream source repository:
|
||||
|
||||
https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
|
||||
https://github.com/vim/vim/commit/6d3c8586fc81b022e9f06c611b9926108fb878c7
|
||||
|
||||
diff --git a/src/spellfile.c b/src/spellfile.c
|
||||
index c7d87c6..8b1a3a6 100644
|
||||
index c7d87c6..00ef019 100644
|
||||
--- a/src/spellfile.c
|
||||
+++ b/src/spellfile.c
|
||||
@@ -1585,7 +1585,7 @@ spell_read_tree(
|
||||
int prefixtree, /* TRUE for the prefix tree */
|
||||
int prefixcnt) /* when "prefixtree" is TRUE: prefix count */
|
||||
{
|
||||
- int len;
|
||||
+ long len;
|
||||
int idx;
|
||||
char_u *bp;
|
||||
idx_T *ip;
|
||||
@@ -1595,6 +1595,9 @@ spell_read_tree(
|
||||
len = get4c(fd);
|
||||
if (len < 0)
|
||||
return SP_TRUNCERROR;
|
||||
+ if (len >= 0x3fffffff)
|
||||
+ if (len >= LONG_MAX / (long)sizeof(int))
|
||||
+ /* Invalid length, multiply with sizeof(int) would overflow. */
|
||||
+ return SP_FORMERROR;
|
||||
if (len > 0)
|
||||
|
|
Loading…
Reference in New Issue