File CVE-2017-6350.patch of Package vim
Index: vim74/src/undo.c
===================================================================
--- vim74.orig/src/undo.c
+++ vim74/src/undo.c
@@ -1151,7 +1151,7 @@ unserialize_uep(fp, error, file_name)
{
int i;
u_entry_T *uep;
- char_u **array;
+ char_u **array = NULL;
char_u *line;
int line_len;
@@ -1168,7 +1168,8 @@ unserialize_uep(fp, error, file_name)
uep->ue_size = get4c(fp);
if (uep->ue_size > 0)
{
- array = (char_u **)U_ALLOC_LINE(sizeof(char_u *) * uep->ue_size);
+ if (uep->ue_size < LONG_MAX / (int)sizeof(char_u *))
+ array = (char_u **)U_ALLOC_LINE(sizeof(char_u *) * uep->ue_size);
if (array == NULL)
{
*error = TRUE;
@@ -1176,8 +1177,6 @@ unserialize_uep(fp, error, file_name)
}
vim_memset(array, 0, sizeof(char_u *) * uep->ue_size);
}
- else
- array = NULL;
uep->ue_array = array;
for (i = 0; i < uep->ue_size; ++i)