File CVE-2017-6350.patch of Package vim

Index: vim74/src/undo.c
===================================================================
--- vim74.orig/src/undo.c
+++ vim74/src/undo.c
@@ -1151,7 +1151,7 @@ unserialize_uep(fp, error, file_name)
 {
     int		i;
     u_entry_T	*uep;
-    char_u	**array;
+    char_u	**array = NULL;
     char_u	*line;
     int		line_len;
 
@@ -1168,7 +1168,8 @@ unserialize_uep(fp, error, file_name)
     uep->ue_size = get4c(fp);
     if (uep->ue_size > 0)
     {
-	array = (char_u **)U_ALLOC_LINE(sizeof(char_u *) * uep->ue_size);
+    if (uep->ue_size < LONG_MAX / (int)sizeof(char_u *))
+        array = (char_u **)U_ALLOC_LINE(sizeof(char_u *) * uep->ue_size);
 	if (array == NULL)
 	{
 	    *error = TRUE;
@@ -1176,8 +1177,6 @@ unserialize_uep(fp, error, file_name)
 	}
 	vim_memset(array, 0, sizeof(char_u *) * uep->ue_size);
     }
-    else
-	array = NULL;
     uep->ue_array = array;
 
     for (i = 0; i < uep->ue_size; ++i)
openSUSE Build Service is sponsored by