patch 8.2.3331: Coverity warns for using value without boundary check

Problem:    Coverity warns for using value without boundary check.
Solution:   Add a boundary check.

diff --git a/src/version.c b/src/version.c
index 2b8b5081075868ef5263f20174b6d9096b7535a3..213086728a7958b7b8adc6ea2fb161970deba935 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -755,6 +755,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    3331,
 /**/
     3330,
 /**/

diff --git a/src/viminfo.c b/src/viminfo.c
index 1d3bac15e9ce20d0ffb91114f9137f73b6363e95..530346f404c8400eebc728fae8c5f47961ac26f7 100644 (file)
--- a/src/viminfo.c
+++ b/src/viminfo.c
@@ -253,17 +253,18 @@ viminfo_readstring(
     int                off,                // offset for virp->vir_line
     int                convert UNUSED)     // convert the string
 {
-    char_u     *retval;
+    char_u     *retval = NULL;
     char_u     *s, *d;
     long       len;
 
     if (virp->vir_line[off] == Ctrl_V && vim_isdigit(virp->vir_line[off + 1]))
     {
        len = atol((char *)virp->vir_line + off + 1);
-       retval = lalloc(len, TRUE);
+       if (len > 0 && len < 1000000)
+           retval = lalloc(len, TRUE);
        if (retval == NULL)
        {
-           // Line too long?  File messed up?  Skip next line.
+           // Invalid length, line too long, out of memory?  Skip next line.
            (void)vim_fgets(virp->vir_line, 10, virp->vir_fd);
            return NULL;
        }