summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBram Moolenaar <Bram@vim.org>2022-05-17 20:11:02 +0100
committerBram Moolenaar <Bram@vim.org>2022-05-17 20:11:02 +0100
commit51f0bfb88a3554ca2dde777d78a59880d1ee37a8 (patch)
tree5671a003b9dac08a40e60d042ba2903a0251dfec
parent4748c4bd64610cf943a431d215bb1aad51f8d0b4 (diff)
downloadvim-git-51f0bfb88a3554ca2dde777d78a59880d1ee37a8.tar.gz
patch 8.2.4975: recursive command line loop may cause a crashv8.2.4975
Problem: Recursive command line loop may cause a crash. Solution: Limit recursion of getcmdline().
Diffstat
-rw-r--r--src/ex_getln.c12
-rw-r--r--src/testdir/test_cmdline.vim12
-rw-r--r--src/version.c2
3 files changed, 26 insertions, 0 deletions
diff --git a/src/ex_getln.c b/src/ex_getln.c
index cbddfea00..6462b00f7 100644
--- a/src/ex_getln.c
+++ b/src/ex_getln.c
@@ -1581,6 +1581,7 @@ getcmdline_int(
int indent, // indent for inside conditionals
int clear_ccline) // clear ccline first
{
+ static int depth = 0; // call depth
int c;
int i;
int j;
@@ -1611,6 +1612,9 @@ getcmdline_int(
int cmdline_type;
int wild_type;
+ // one recursion level deeper
+ ++depth;
+
if (ccline.cmdbuff != NULL)
{
// Being called recursively. Since ccline is global, we need to save
@@ -1641,6 +1645,13 @@ getcmdline_int(
if (init_ccline(firstc, indent) != OK)
goto theend; // out of memory
+ if (depth == 50)
+ {
+ // Somehow got into a loop recursively calling getcmdline(), bail out.
+ emsg(_(e_command_too_recursive));
+ goto theend;
+ }
+
ExpandInit(&xpc);
ccline.xpc = &xpc;
@@ -2576,6 +2587,7 @@ theend:
{
char_u *p = ccline.cmdbuff;
+ --depth;
if (did_save_ccline)
restore_cmdline(&save_ccline);
else
diff --git a/src/testdir/test_cmdline.vim b/src/testdir/test_cmdline.vim
index e944f8d24..cc7fe54d6 100644
--- a/src/testdir/test_cmdline.vim
+++ b/src/testdir/test_cmdline.vim
@@ -3392,4 +3392,16 @@ func Test_screenpos_and_completion()
call feedkeys(":let a\<C-R>=Check_completion()\<CR>\<Esc>", "xt")
endfunc
+func Test_recursive_register()
+ let @= = ''
+ silent! ?e/
+ let caught = 'no'
+ try
+ normal //
+ catch /E169:/
+ let caught = 'yes'
+ endtry
+ call assert_equal('yes', caught)
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index 98bb40d11..8d901e4cc 100644
--- a/src/version.c
+++ b/src/version.c
@@ -747,6 +747,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 4975,
+/**/
4974,
/**/
4973,
View Lorry Controller Status