diff -up vim80/src/globals.h.cve1621 vim80/src/globals.h
--- vim80/src/globals.h.cve1621 2022-05-24 12:46:44.883952323 +0200
+++ vim80/src/globals.h 2022-05-24 12:47:30.534183523 +0200
@@ -1657,6 +1657,11 @@ EXTERN int *eval_lavars_used INIT(= NULL
EXTERN int ctrl_break_was_pressed INIT(= FALSE);
#endif
+#ifdef FEAT_SPELL
+EXTERN char e_illegal_character_in_word[]
+ INIT(= N_("E1280: Illegal character in word"));
+#endif
+
/*
* Optional Farsi support. Include it here, so EXTERN and INIT are defined.
*/
diff -up vim80/src/mbyte.c.cve1621 vim80/src/mbyte.c
--- vim80/src/mbyte.c.cve1621 2018-04-09 14:55:56.000000000 +0200
+++ vim80/src/mbyte.c 2022-05-24 12:22:13.166893098 +0200
@@ -4034,7 +4034,7 @@ theend:
convert_setup(&vimconv, NULL, NULL);
}
-#if defined(FEAT_GUI_GTK) || defined(PROTO)
+#if defined(FEAT_GUI_GTK) || defined(FEAT_SPELL) || defined(PROTO)
/*
* Return TRUE if string "s" is a valid utf-8 string.
* When "end" is NULL stop at the first NUL.
diff -up vim80/src/spellfile.c.cve1621 vim80/src/spellfile.c
--- vim80/src/spellfile.c.cve1621 2022-05-24 12:22:13.167893104 +0200
+++ vim80/src/spellfile.c 2022-05-24 12:49:55.816919350 +0200
@@ -4441,6 +4441,10 @@ store_word(
int res = OK;
char_u *p;
+ // Avoid adding illegal bytes to the word tree.
+ if (enc_utf8 && !utf_valid_string(word, NULL))
+ return FAIL;
+
(void)spell_casefold(word, len, foldword, MAXWLEN);
for (p = pfxlist; res == OK; ++p)
{
@@ -6251,6 +6255,12 @@ spell_add_word(
int i;
char_u *spf;
+ if (enc_utf8 && !utf_valid_string(word, NULL))
+ {
+ emsg(_(e_illegal_character_in_word));
+ return;
+ }
+
if (idx == 0) /* use internal wordlist */
{
if (int_wordlist == NULL)