Blob Blame History Raw
diff -up vim80/src/globals.h.cve1621 vim80/src/globals.h
--- vim80/src/globals.h.cve1621	2022-05-24 12:46:44.883952323 +0200
+++ vim80/src/globals.h	2022-05-24 12:47:30.534183523 +0200
@@ -1657,6 +1657,11 @@ EXTERN int *eval_lavars_used INIT(= NULL
 EXTERN int ctrl_break_was_pressed INIT(= FALSE);
 #endif
 
+#ifdef FEAT_SPELL
+EXTERN char e_illegal_character_in_word[]
+	INIT(= N_("E1280: Illegal character in word"));
+#endif
+
 /*
  * Optional Farsi support.  Include it here, so EXTERN and INIT are defined.
  */
diff -up vim80/src/mbyte.c.cve1621 vim80/src/mbyte.c
--- vim80/src/mbyte.c.cve1621	2018-04-09 14:55:56.000000000 +0200
+++ vim80/src/mbyte.c	2022-05-24 12:22:13.166893098 +0200
@@ -4034,7 +4034,7 @@ theend:
     convert_setup(&vimconv, NULL, NULL);
 }
 
-#if defined(FEAT_GUI_GTK) || defined(PROTO)
+#if defined(FEAT_GUI_GTK) || defined(FEAT_SPELL) || defined(PROTO)
 /*
  * Return TRUE if string "s" is a valid utf-8 string.
  * When "end" is NULL stop at the first NUL.
diff -up vim80/src/spellfile.c.cve1621 vim80/src/spellfile.c
--- vim80/src/spellfile.c.cve1621	2022-05-24 12:22:13.167893104 +0200
+++ vim80/src/spellfile.c	2022-05-24 12:49:55.816919350 +0200
@@ -4441,6 +4441,10 @@ store_word(
     int		res = OK;
     char_u	*p;
 
+    // Avoid adding illegal bytes to the word tree.
+    if (enc_utf8 && !utf_valid_string(word, NULL))
+	return FAIL;
+
     (void)spell_casefold(word, len, foldword, MAXWLEN);
     for (p = pfxlist; res == OK; ++p)
     {
@@ -6251,6 +6255,12 @@ spell_add_word(
     int		i;
     char_u	*spf;
 
+    if (enc_utf8 && !utf_valid_string(word, NULL))
+    {
+	emsg(_(e_illegal_character_in_word));
+	return;
+    }
+
     if (idx == 0)	    /* use internal wordlist */
     {
 	if (int_wordlist == NULL)