From 56f2db562ddc6c69026d55360f0cfaacd8adc26a Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sun, 11 Jun 2017 23:09:15 +0200
Subject: patch 8.0.0636: when reading the undo file fails may use
 uninitialized data

Problem:    When reading the undo file fails may use uninitialized data.
Solution:   Always clear the buffer on failure.
---
 src/undo.c    | 19 ++++++++++++-------
 src/version.c |  2 ++
 2 files changed, 14 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/undo.c b/src/undo.c
index 82c66b6ef..aeca25f00 100644
--- a/src/undo.c
+++ b/src/undo.c
@@ -1063,6 +1063,8 @@ undo_read_time(bufinfo_T *bi)
     static int
 undo_read(bufinfo_T *bi, char_u *buffer, size_t size)
 {
+    int retval = OK;
+
 #ifdef FEAT_CRYPT
     if (bi->bi_buffer != NULL)
     {
@@ -1078,10 +1080,8 @@ undo_read(bufinfo_T *bi, char_u *buffer, size_t size)
 		n = fread(bi->bi_buffer, 1, (size_t)CRYPT_BUF_SIZE, bi->bi_fp);
 		if (n == 0)
 		{
-		    /* Error may be checked for only later.  Fill with zeros,
-		     * so that the reader won't use garbage. */
-		    vim_memset(p, 0, size_todo);
-		    return FAIL;
+		    retval = FAIL;
+		    break;
 		}
 		bi->bi_avail = n;
 		bi->bi_used = 0;
@@ -1095,12 +1095,17 @@ undo_read(bufinfo_T *bi, char_u *buffer, size_t size)
 	    size_todo -= (int)n;
 	    p += n;
 	}
-	return OK;
     }
+    else
 #endif
     if (fread(buffer, (size_t)size, 1, bi->bi_fp) != 1)
-	return FAIL;
-    return OK;
+	retval = FAIL;
+
+    if (retval == FAIL)
+	/* Error may be checked for only later.  Fill with zeros,
+	 * so that the reader won't use garbage. */
+	vim_memset(buffer, 0, size);
+    return retval;
 }
 
 /*
diff --git a/src/version.c b/src/version.c
index cac2c876d..6d33f125d 100644
--- a/src/version.c
+++ b/src/version.c
@@ -764,6 +764,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    636,
 /**/
     635,
 /**/
-- 
cgit v1.2.1