summaryrefslogtreecommitdiff
path: root/src/viminfo.c
diff options
context:
space:
mode:
authorBram Moolenaar <Bram@vim.org>2021-08-11 17:13:54 +0200
committerBram Moolenaar <Bram@vim.org>2021-08-11 17:13:54 +0200
commited7cb2df35244e40e5c4df06169b50e705427576 (patch)
tree5ae3031062ca05358fb1736f1d7d09dad0631202 /src/viminfo.c
parent7deb4115ef72c0468cd6f9cc5f036d5c405641d4 (diff)
downloadvim-git-ed7cb2df35244e40e5c4df06169b50e705427576.tar.gz
patch 8.2.3331: Coverity warns for using value without boundary checkv8.2.3331
Problem: Coverity warns for using value without boundary check. Solution: Add a boundary check.
Diffstat (limited to 'src/viminfo.c')
-rw-r--r--src/viminfo.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/viminfo.c b/src/viminfo.c
index 1d3bac15e..530346f40 100644
--- a/src/viminfo.c
+++ b/src/viminfo.c
@@ -253,17 +253,18 @@ viminfo_readstring(
int off, // offset for virp->vir_line
int convert UNUSED) // convert the string
{
- char_u *retval;
+ char_u *retval = NULL;
char_u *s, *d;
long len;
if (virp->vir_line[off] == Ctrl_V && vim_isdigit(virp->vir_line[off + 1]))
{
len = atol((char *)virp->vir_line + off + 1);
- retval = lalloc(len, TRUE);
+ if (len > 0 && len < 1000000)
+ retval = lalloc(len, TRUE);
if (retval == NULL)
{
- // Line too long? File messed up? Skip next line.
+ // Invalid length, line too long, out of memory? Skip next line.
(void)vim_fgets(virp->vir_line, 10, virp->vir_fd);
return NULL;
}
View Lorry Controller Status