diff options
author | Bram Moolenaar <Bram@vim.org> | 2021-11-14 14:05:18 +0000 |
---|---|---|
committer | Bram Moolenaar <Bram@vim.org> | 2021-11-14 14:05:18 +0000 |
commit | 0d5a12ea041c112b06b1aafde38846ae4cff8f4c (patch) | |
tree | dfc55d3a4574280cef85e78e13404641ec514148 | |
parent | 786e05beb5bf4a50cffacd0968f1409aa6af3c6b (diff) | |
download | vim-git-0d5a12ea041c112b06b1aafde38846ae4cff8f4c.tar.gz |
patch 8.2.3595: check for signed overflow might not work everywherev8.2.3595
Problem: Check for signed overflow might not work everywhere.
Solution: Limit to 32 bit int. (closes #9043, closes #9067)
-rw-r--r-- | src/getchar.c | 8 | ||||
-rw-r--r-- | src/version.c | 2 |
2 files changed, 8 insertions, 2 deletions
diff --git a/src/getchar.c b/src/getchar.c index f2f38853b..a6644d8ef 100644 --- a/src/getchar.c +++ b/src/getchar.c @@ -1001,6 +1001,8 @@ ins_typebuf( } else { + int extra; + /* * Need to allocate a new buffer. * In typebuf.tb_buf there must always be room for 3 * (MAXMAPLEN + 4) @@ -1008,13 +1010,15 @@ ins_typebuf( * often. */ newoff = MAXMAPLEN + 4; - newlen = typebuf.tb_len + addlen + newoff + 4 * (MAXMAPLEN + 4); - if (newlen < 0) // string is getting too long + extra = addlen + newoff + 4 * (MAXMAPLEN + 4); + if (typebuf.tb_len > 2147483647 - extra) { + // string is getting too long for a 32 bit int emsg(_(e_toocompl)); // also calls flush_buffers setcursor(); return FAIL; } + newlen = typebuf.tb_len + extra; s1 = alloc(newlen); if (s1 == NULL) // out of memory return FAIL; diff --git a/src/version.c b/src/version.c index 0374843d9..19014e67a 100644 --- a/src/version.c +++ b/src/version.c @@ -758,6 +758,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 3595, +/**/ 3594, /**/ 3593, |