diff options
| author | Jan Edmund Lazo <jan.lazo@mail.utoronto.ca> | 2018-06-19 20:29:52 -0400 |
|---|---|---|
| committer | Justin M. Keyes <justinkz@gmail.com> | 2018-06-20 02:29:51 +0200 |
| commit | 6e55c5997e03a757526048d9e677f45820accc3f (patch) | |
| tree | d55c9865a9d9608e39551e26ebd18151b2f46041 /src | |
| parent | 6294a807d3e22757d37c21341b1bd73241249403 (diff) | |
| download | rneovim-6e55c5997e03a757526048d9e677f45820accc3f.tar.gz rneovim-6e55c5997e03a757526048d9e677f45820accc3f.tar.bz2 rneovim-6e55c5997e03a757526048d9e677f45820accc3f.zip | |
vim-patch:8.0.0636: when reading the undo file fails may use uninitialized data (#8599)
Problem: When reading the undo file fails may use uninitialized data.
Solution: Always clear the buffer on failure.
https://github.com/vim/vim/commit/56f2db562ddc6c69026d55360f0cfaacd8adc26a
Diffstat (limited to 'src')
| -rw-r--r-- | src/nvim/undo.c | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/src/nvim/undo.c b/src/nvim/undo.c index 3025e01439..a6a3b2cc5f 100644 --- a/src/nvim/undo.c +++ b/src/nvim/undo.c @@ -1635,7 +1635,13 @@ static time_t undo_read_time(bufinfo_T *bi) static bool undo_read(bufinfo_T *bi, uint8_t *buffer, size_t size) FUNC_ATTR_NONNULL_ARG(1) { - return fread(buffer, size, 1, bi->bi_fp) == 1; + const bool retval = fread(buffer, size, 1, bi->bi_fp) == 1; + if (!retval) { + // Error may be checked for only later. Fill with zeros, + // so that the reader won't use garbage. + memset(buffer, 0, size); + } + return retval; } /// Reads a string of length "len" from "bi->bi_fd" and appends a zero to it. @@ -2441,9 +2447,9 @@ static void u_undo_end( /* * u_sync: stop adding to the current entry list */ -void -u_sync ( - int force /* Also sync when no_u_sync is set. */ +void +u_sync( + int force // Also sync when no_u_sync is set. ) { /* Skip it when already synced or syncing is disabled. */ @@ -2715,11 +2721,11 @@ static void u_getbot(void) /* * Free one header "uhp" and its entry list and adjust the pointers. */ -static void -u_freeheader ( +static void +u_freeheader( buf_T *buf, u_header_T *uhp, - u_header_T **uhpp /* if not NULL reset when freeing this header */ + u_header_T **uhpp // if not NULL reset when freeing this header ) { u_header_T *uhap; @@ -2751,11 +2757,11 @@ u_freeheader ( /* * Free an alternate branch and any following alternate branches. */ -static void -u_freebranch ( +static void +u_freebranch( buf_T *buf, u_header_T *uhp, - u_header_T **uhpp /* if not NULL reset when freeing this header */ + u_header_T **uhpp // if not NULL reset when freeing this header ) { u_header_T *tofree, *next; @@ -2785,11 +2791,11 @@ u_freebranch ( * Free all the undo entries for one header and the header itself. * This means that "uhp" is invalid when returning. */ -static void -u_freeentries ( +static void +u_freeentries( buf_T *buf, u_header_T *uhp, - u_header_T **uhpp /* if not NULL reset when freeing this header */ + u_header_T **uhpp // if not NULL reset when freeing this header ) { u_entry_T *uep, *nuep; |