From 91b9ad7d8294532939db51db1045605abfff49c2 Mon Sep 17 00:00:00 2001
From: ZyX <kp-pav@yandex.ru>
Date: Tue, 4 Jul 2017 15:41:59 +0300
Subject: shada: Make sure that code does not attempt to read too long items

Fixes #6957
---
 src/nvim/shada.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/nvim/shada.c b/src/nvim/shada.c
index 4788b1e7d0..728a3f65be 100644
--- a/src/nvim/shada.c
+++ b/src/nvim/shada.c
@@ -3413,7 +3413,15 @@ shada_read_next_item_start:
     return mru_ret;
   }
 
-  const size_t length = (size_t) length_u64;
+  if (length_u64 > PTRDIFF_MAX) {
+    emsgf(_(RCERR "Error while reading ShaDa file: "
+            "there is an item at position %" PRIu64 " "
+            "that is stated to be too long"),
+          initial_fpos);
+    return kSDReadStatusNotShaDa;
+  }
+
+  const size_t length = (size_t)length_u64;
   entry->timestamp = (Timestamp) timestamp_u64;
 
   if (type_u64 == 0) {
-- 
cgit 


From 63f72ac27c54d63fee049e45a5518d2d07fd379b Mon Sep 17 00:00:00 2001
From: ZyX <kp-pav@yandex.ru>
Date: Tue, 4 Jul 2017 17:47:45 +0300
Subject: shada: Fix linter error

---
 src/nvim/shada.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/nvim/shada.c b/src/nvim/shada.c
index 728a3f65be..736d6bf162 100644
--- a/src/nvim/shada.c
+++ b/src/nvim/shada.c
@@ -3422,7 +3422,7 @@ shada_read_next_item_start:
   }
 
   const size_t length = (size_t)length_u64;
-  entry->timestamp = (Timestamp) timestamp_u64;
+  entry->timestamp = (Timestamp)timestamp_u64;
 
   if (type_u64 == 0) {
     // kSDItemUnknown cannot possibly pass that far because it is -1 and that
-- 
cgit