From bafb53604a5b03fdc319f49d5c45f71df16038c1 Mon Sep 17 00:00:00 2001 From: zeertzjq Date: Sun, 26 Jun 2022 20:09:36 +0800 Subject: vim-patch:8.2.3484: crash when going through spell suggestions Problem: Crash when going through spell suggestions. Solution: Limit the text length for finding suggestions to the original length. Do not update buffers when exiting. (closes vim/vim#8965) https://github.com/vim/vim/commit/e275ba4fc994474155fbafe8b87a6d3b477456ba --- src/nvim/spell.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/nvim/spell.c') diff --git a/src/nvim/spell.c b/src/nvim/spell.c index 8f84204481..f5b5fe9675 100644 --- a/src/nvim/spell.c +++ b/src/nvim/spell.c @@ -3663,6 +3663,12 @@ static void suggest_try_change(suginfo_T *su) p = su->su_badptr + su->su_badlen; (void)spell_casefold(curwin, p, (int)STRLEN(p), fword + n, MAXWLEN - n); + // Make sure the resulting text is not longer than the original text. + n = (int)STRLEN(su->su_badptr); + if (n < MAXWLEN) { + fword[n] = NUL; + } + for (int lpi = 0; lpi < curwin->w_s->b_langp.ga_len; ++lpi) { lp = LANGP_ENTRY(curwin->w_s->b_langp, lpi); -- cgit From 80af2c6055cbc393ee73a8a38cef1e498aaae41d Mon Sep 17 00:00:00 2001 From: zeertzjq Date: Mon, 23 May 2022 19:17:09 +0800 Subject: vim-patch:8.2.5007: spell suggestion may use uninitialized memory Problem: Spell suggestion may use uninitialized memory. (Zdenek Dohnal) Solution: Avoid going over the end of the word. https://github.com/vim/vim/commit/6d24b4ff69913270ce1e5267dd6bd8454f75e2b9 --- src/nvim/spell.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/nvim/spell.c') diff --git a/src/nvim/spell.c b/src/nvim/spell.c index f5b5fe9675..e597877a52 100644 --- a/src/nvim/spell.c +++ b/src/nvim/spell.c @@ -4381,7 +4381,9 @@ static void suggest_trie_walk(suginfo_T *su, langp_T *lp, char_u *fword, bool so #endif ++depth; sp = &stack[depth]; - ++sp->ts_fidx; + if (fword[sp->ts_fidx] != NUL) { + sp->ts_fidx++; + } tword[sp->ts_twordlen++] = c; sp->ts_arridx = idxs[arridx]; if (newscore == SCORE_SUBST) { -- cgit From f0d4007f620d0d1aa9f0f051d83030112c4c66f1 Mon Sep 17 00:00:00 2001 From: zeertzjq Date: Sat, 18 Jun 2022 21:12:14 +0800 Subject: vim-patch:8.2.5123: using invalid index when looking for spell suggestions Problem: Using invalid index when looking for spell suggestions. Solution: Do not decrement the index when it is zero. https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 --- src/nvim/spell.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/nvim/spell.c') diff --git a/src/nvim/spell.c b/src/nvim/spell.c index e597877a52..8ae846e074 100644 --- a/src/nvim/spell.c +++ b/src/nvim/spell.c @@ -4399,7 +4399,7 @@ static void suggest_trie_walk(suginfo_T *su, langp_T *lp, char_u *fword, bool so sp->ts_fcharstart = sp->ts_fidx - 1; sp->ts_isdiff = (newscore != 0) ? DIFF_YES : DIFF_NONE; - } else if (sp->ts_isdiff == DIFF_INSERT) { + } else if (sp->ts_isdiff == DIFF_INSERT && sp->ts_fidx > 0) { // When inserting trail bytes don't advance in the // bad word. sp->ts_fidx--; -- cgit