CVE: CVE-2021-3928 Upstream-Status: Backport Signed-off-by: Ross Burton From ade0f0481969f1453c60e7c8354b00dfe4238739 Mon Sep 17 00:00:00 2001 From: Bram Moolenaar Date: Thu, 4 Nov 2021 15:46:05 +0000 Subject: [PATCH] patch 8.2.3582: reading uninitialized memory when giving spell suggestions Problem: Reading uninitialized memory when giving spell suggestions. Solution: Check that preword is not empty. --- src/spellsuggest.c | 2 +- src/testdir/test_spell.vim | 8 ++++++++ src/version.c | 2 ++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/spellsuggest.c b/src/spellsuggest.c index 9d6df7930..8615d5280 100644 --- a/src/spellsuggest.c +++ b/src/spellsuggest.c @@ -1600,7 +1600,7 @@ suggest_trie_walk( // char, e.g., "thes," -> "these". p = fword + sp->ts_fidx; MB_PTR_BACK(fword, p); - if (!spell_iswordp(p, curwin)) + if (!spell_iswordp(p, curwin) && *preword != NUL) { p = preword + STRLEN(preword); MB_PTR_BACK(preword, p); diff --git a/src/testdir/test_spell.vim b/src/testdir/test_spell.vim index 79fb8927c..e435e9172 100644 --- a/src/testdir/test_spell.vim +++ b/src/testdir/test_spell.vim @@ -498,6 +498,14 @@ func Test_spell_screendump() call delete('XtestSpell') endfunc +func Test_spell_single_word() + new + silent! norm 0R00 + spell! ß + silent 0norm 0r$ Dvz= + bwipe! +endfunc + let g:test_data_aff1 = [ \"SET ISO8859-1", \"TRY esianrtolcdugmphbyfvkwjkqxz-\xEB\xE9\xE8\xEA\xEF\xEE\xE4\xE0\xE2\xF6\xFC\xFB'ESIANRTOLCDUGMPHBYFVKWJKQXZ", diff --git a/src/version.c b/src/version.c index df4ec9a47..e1bc0d09b 100644 --- a/src/version.c +++ b/src/version.c @@ -742,6 +742,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 3582, /**/ 3581, /**/