From 4af6c60826b4cb939fd9b7fe67a0b03e86d72bfc Mon Sep 17 00:00:00 2001
From: James McCoy <jamessan@jamessan.com>
Date: Sun, 9 Apr 2017 00:46:52 -0400
Subject: vim-patch:8.0.0376

Problem:    Size computations in spell file reading are not exactly right.
Solution:   Make "len" a "long" and check with LONG_MAX.

https://github.com/vim/vim/commit/6d3c8586fc81b022e9f06c611b9926108fb878c7
---
 src/nvim/spellfile.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/nvim/spellfile.c b/src/nvim/spellfile.c
index 81000b95f5..a6cee59795 100644
--- a/src/nvim/spellfile.c
+++ b/src/nvim/spellfile.c
@@ -223,6 +223,7 @@
 //                          few bytes as possible, see offset2bytes())
 
 #include <stdio.h>
+#include <stdint.h>
 #include <wctype.h>
 
 #include "nvim/vim.h"
@@ -1569,10 +1570,10 @@ spell_read_tree (
 
   // The tree size was computed when writing the file, so that we can
   // allocate it as one long block. <nodecount>
-  int len = get4c(fd);
+  long len = get4c(fd);
   if (len < 0)
     return SP_TRUNCERROR;
-  if (len >= 0x3ffffff) {
+  if ((size_t)len >= SIZE_MAX / sizeof(int)) {
     // Invalid length, multiply with sizeof(int) would overflow.
     return SP_FORMERROR;
   }
-- 
cgit