Problem: [security]: prevent overflow in indenting
Solution: use long long and remove cast to (int)
The shiftwidth option values are defined as being long. However, when
calculating the actual amount of indent, we cast down to (int), which
may cause the shiftwidth value to become negative and later it may even
cause Vim to try to allocate a huge amount of memory.
We already use long and long long variable types to calculate the indent
(and detect possible overflows), so the cast to (int) seems superfluous
and can be safely removed. So let's just remove the (int) cast and
calculate the indent using longs.
Additionally, the 'shiftwidth' option value is also used when determining
the actual 'cino' options. There it can again cause another overflow, so
make sure it is safe in parse_cino() as well.
fixes: #13554closes: #13555
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: Coverity warns for another overflow in shift_line()
Solution: Test for INT_MAX after the if condition, cast integer values
to (long long) before multiplying.
Signed-off-by: Christian Brabandt <cb@256bit.org>
Signed-off-by: Michael Henry <vim@drmikehenry.com>
Signed-off-by: Ernie Rael <errael@raelity.com>
Problem: [security]: overflow in shift_line
Solution: allow a max indent of INT_MAX
[security]: overflow in shift_line
When shifting lines in operator pending mode and using a very large
value, we may overflow the size of integer. Fix this by using a long
variable, testing if the result would be larger than INT_MAX and if so,
indent by INT_MAX value.
Special case: We cannot use long here, since on 32bit architectures (or
on Windows?), it typically cannot take larger values than a plain int,
so we have to use long long count, decide whether the resulting
multiplication of the shiftwidth value * amount is larger than INT_MAX
and if so, we will store INT_MAX as possible larges value in the long
long count variable.
Then we can safely cast it back to int when calling the functions to set
the indent (set_indent() or change_indent()). So this should be safe.
Add a test that when using a huge value in operator pending mode for
shifting, we will shift by INT_MAX
closes: #13535
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: TextChangedI may not always trigger
Solution: trigger it in more cases: for insert/
append/change operations, and when
opening a new line,
fixes: #13367closes: #13375
Signed-off-by: Christian Brabandt <cb@256bit.org>
Signed-off-by: Evgeni Chasnovski <evgeni.chasnovski@gmail.com>
Problem: potential buffer overflow in PBYTE macro
Solution: Check returned memline length
closes: #13083
the PBYTE macro is used to put byte c at a position lp of the returned
memline. However, in case of unexpected errors ml_get_buf() may return
either "???" or an empty line in which case it is quite likely that we
are causing a buffer overrun.
Therefore, switch the macro PBYTE (which is only used in ops.c anyhow)
to a function, that verifies that we will only try to access within the
given length of the buffer.
Also, since the macro is only used in ops.c, move the definition from
macros.h to ops.c
Signed-off-by: Christian Brabandt <cb@256bit.org>
Problem: The did_set_string_option function is too long.
Solution: Split off functionality to individual functions. (Yegappan
Lakshmanan, Lewis Russell, closes#11904)
Problem: Solution for "!!sort" in closed fold is not optimal.
Solution: Use a different range instead of the subtle difference in handling
a range with an offset. (issue #11487)
Problem: Cursor in wrong position with Visual substitute.
Solution: When restoring 'linebreak' mark the virtual column as invalid.
(closes#11309, closes#11311)
Problem: The command line takes up space even when not used.
Solution: Allow for 'cmdheight' to be set to zero. (Shougo Matsushita,
closes#10675, closes#940)
Problem: Reproducing memory access errors can be difficult.
Solution: When testing, copy each line to allocated memory, so that valgrind
can detect accessing memory before and/or after it. Fix uncovered
problems.
Problem: smart/C/lisp indenting is optional, which makes the code more
complex, while it only reduces the executable size a bit.
Solution: Graduate FEAT_CINDENT, FEAT_SMARTINDENT and FEAT_LISP.
Problem: Cannot change the register used for Select mode delete.
Solution: Make CTRL-R set the register to be used when deleting text for
Select mode. (Shougo Matsushita, closes#9531)
Problem: If 'operatorfunc' invokes an operator the remembered Visual mode
may be changed. (Naohiro Ono)
Solution: Save and restore the information for redoing the Visual area.
(closes#9455)
