summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/vim-CVE-2017-5953.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/vim-CVE-2017-5953.patch')
-rw-r--r--gnu/packages/patches/vim-CVE-2017-5953.patch32
1 files changed, 0 insertions, 32 deletions
diff --git a/gnu/packages/patches/vim-CVE-2017-5953.patch b/gnu/packages/patches/vim-CVE-2017-5953.patch
deleted file mode 100644
index 070f98c2cb..0000000000
--- a/gnu/packages/patches/vim-CVE-2017-5953.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Fix CVE-2017-5953:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953
-https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY
-
-This change is adapted from the upstream source repository:
-
-https://github.com/vim/vim/commit/6d3c8586fc81b022e9f06c611b9926108fb878c7
-
-diff --git a/src/spellfile.c b/src/spellfile.c
-index c7d87c6..00ef019 100644
---- a/src/spellfile.c
-+++ b/src/spellfile.c
-@@ -1585,7 +1585,7 @@ spell_read_tree(
- int prefixtree, /* TRUE for the prefix tree */
- int prefixcnt) /* when "prefixtree" is TRUE: prefix count */
- {
-- int len;
-+ long len;
- int idx;
- char_u *bp;
- idx_T *ip;
-@@ -1595,6 +1595,9 @@ spell_read_tree(
- len = get4c(fd);
- if (len < 0)
- return SP_TRUNCERROR;
-+ if (len >= LONG_MAX / (long)sizeof(int))
-+ /* Invalid length, multiply with sizeof(int) would overflow. */
-+ return SP_FORMERROR;
- if (len > 0)
- {
- /* Allocate the byte array. */
generated by cgit v1.2.3 (git 2.46.0) at 2024-08-02 23:48:07 +0000