patch 8.0.0377: possible overflow when reading corrupted undo file Problem: Possible overflow when reading corrupted undo file. Solution: Check if allocated size is not too big. (King)

commit: 3eb1637b1bba19519885dd6d377bd5596e91d22c [log] [tgz]
author: Bram Moolenaar <Bram@vim.org> Sun Feb 26 18:11:36 2017 +0100
committer: Bram Moolenaar <Bram@vim.org> Sun Feb 26 18:11:36 2017 +0100
tree: 987e404cc32bf438d5e6c9939862c5cc7e0dddca
parent: 6d3c8586fc81b022e9f06c611b9926108fb878c7 [diff]
diff --git a/src/undo.c b/src/undo.c
index b69f318..ba7c0b8 100644
--- a/src/undo.c
+++ b/src/undo.c

@@ -1787,7 +1787,7 @@
     linenr_T	line_lnum;
     colnr_T	line_colnr;
     linenr_T	line_count;
-    int		num_head = 0;
+    long	num_head = 0;
     long	old_header_seq, new_header_seq, cur_header_seq;
     long	seq_last, seq_cur;
     long	last_save_nr = 0;
@@ -1974,7 +1974,8 @@
      * When there are no headers uhp_table is NULL. */
     if (num_head > 0)
     {
-	uhp_table = (u_header_T **)U_ALLOC_LINE(
+	if (num_head < LONG_MAX / (long)sizeof(u_header_T *))
+	    uhp_table = (u_header_T **)U_ALLOC_LINE(
 					     num_head * sizeof(u_header_T *));
 	if (uhp_table == NULL)
 	    goto error;

diff --git a/src/version.c b/src/version.c
index 8d14541..c79020b 100644
--- a/src/version.c
+++ b/src/version.c

@@ -765,6 +765,8 @@
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    377,
+/**/
     376,
 /**/
     375,
commit	3eb1637b1bba19519885dd6d377bd5596e91d22c	[log] [tgz]
author	Bram Moolenaar <Bram@vim.org>	Sun Feb 26 18:11:36 2017 +0100
committer	Bram Moolenaar <Bram@vim.org>	Sun Feb 26 18:11:36 2017 +0100
tree	987e404cc32bf438d5e6c9939862c5cc7e0dddca
parent	6d3c8586fc81b022e9f06c611b9926108fb878c7 [diff]