patch 8.2.1169: write NUL past allocated space using corrupted spell filev8.2.1169

Problem: Write NUL past allocated space using corrupted spell file. (Markus Vervier) Solution: Init "c" every time.
author: Bram Moolenaar <Bram@vim.org> 2020-07-10 20:03:03 +0200
committer: Bram Moolenaar <Bram@vim.org> 2020-07-10 20:03:03 +0200
commit: 97d2f34c8763ab3a46c9f43284cc17bad3cf9568 (patch)
tree: 1cb1f977901b0198046c501eb4b6b88b7ccb3d47 /src/spellfile.c
parent: 92053ce59ecf93838f4d6e3019eef1bc47be4184 (diff)
download: vim-git-97d2f34c8763ab3a46c9f43284cc17bad3cf9568.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/spellfile.c b/src/spellfile.c
index fc365e2a0..8a029dc71 100644
--- a/src/spellfile.c
+++ b/src/spellfile.c
@@ -993,7 +993,6 @@ read_sal_section(FILE *fd, slang_T *slang)
     salitem_T	*smp;
     int		ccnt;
     char_u	*p;
-    int		c = NUL;
 
     slang->sl_sofo = FALSE;
 
@@ -1017,6 +1016,8 @@ read_sal_section(FILE *fd, slang_T *slang)
     // <sal> : <salfromlen> <salfrom> <saltolen> <salto>
     for (; gap->ga_len < cnt; ++gap->ga_len)
     {
+	int	c = NUL;
+
 	smp = &((salitem_T *)gap->ga_data)[gap->ga_len];
 	ccnt = getc(fd);			// <salfromlen>
 	if (ccnt < 0)
author	Bram Moolenaar <Bram@vim.org>	2020-07-10 20:03:03 +0200
committer	Bram Moolenaar <Bram@vim.org>	2020-07-10 20:03:03 +0200
commit	97d2f34c8763ab3a46c9f43284cc17bad3cf9568 (patch)
tree	1cb1f977901b0198046c501eb4b6b88b7ccb3d47 /src/spellfile.c
parent	92053ce59ecf93838f4d6e3019eef1bc47be4184 (diff)
download	vim-git-97d2f34c8763ab3a46c9f43284cc17bad3cf9568.tar.gz