aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-10-02 05:04:20 -04:00
Code Activity

patch 9.0.2110: [security]: overflow in ex address parsing

Browse Source 
Problem:  [security]: overflow in ex address parsing
Solution: Verify that lnum is positive, before substracting from
          LONG_MAX

[security]: overflow in ex address parsing

When parsing relative ex addresses one may unintentionally cause an
overflow (because LONG_MAX - lnum will overflow for negative addresses).

So verify that lnum is actually positive before doing the overflow
check.

Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Christian Brabandt
2023-11-14 21:33:29 +01:00
parent 58f9befca1
commit 060623e4a3
3 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/ex_docmd.c
View File

@@ -4644,7 +4644,7 @@ get_address(
lnum -= n;
else
{
if (n >= LONG_MAX - lnum)
if (lnum >= 0 && n >= LONG_MAX - lnum)
{
emsg(_(e_line_number_out_of_range));
goto error;