From 9403a2168db82b7de80f792984084bb3f00e2263 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 13 Feb 2019 18:35:06 +0100
Subject: patch 8.1.0908: can't handle large value for %{nr}v in regexp

Problem:    Can't handle large value for %{nr}v in regexp. (Kuang-che Wu)
Solution:   Give an error if the value is too large. (closes #3948)
---
 src/regexp_nfa.c | 9 ++++++---
 src/version.c    | 2 ++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c
index 18bc8d9a6..3e2ef93fa 100644
--- a/src/regexp_nfa.c
+++ b/src/regexp_nfa.c
@@ -1550,6 +1550,8 @@ nfa_regatom(void)
 			}
 			if (c == 'l' || c == 'c' || c == 'v')
 			{
+			    int limit = INT_MAX;
+
 			    if (c == 'l')
 			    {
 				/* \%{n}l  \%{n}<l  \%{n}>l  */
@@ -1563,16 +1565,17 @@ nfa_regatom(void)
 				EMIT(cmp == '<' ? NFA_COL_LT :
 				     cmp == '>' ? NFA_COL_GT : NFA_COL);
 			    else
+			    {
 				/* \%{n}v  \%{n}<v  \%{n}>v  */
 				EMIT(cmp == '<' ? NFA_VCOL_LT :
 				     cmp == '>' ? NFA_VCOL_GT : NFA_VCOL);
-#if VIM_SIZEOF_INT < VIM_SIZEOF_LONG
-			    if (n > INT_MAX)
+				limit = INT_MAX / MB_MAXBYTES;
+			    }
+			    if (n >= limit)
 			    {
 				emsg(_("E951: \\% value too large"));
 				return FAIL;
 			    }
-#endif
 			    EMIT((int)n);
 			    break;
 			}
diff --git a/src/version.c b/src/version.c
index a66e8b6ad..a6d7addc6 100644
--- a/src/version.c
+++ b/src/version.c
@@ -783,6 +783,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    908,
 /**/
     907,
 /**/
-- 
cgit v1.2.1