thac0/vim
1
0
Fork 0
forked from aniani/vim
Code Activity

patch 8.2.3659: integer overflow with large line number

Browse Source 
Problem:    Integer overflow with large line number.
Solution:   Check for overflow. (closes #9202)
This commit is contained in:
Bram Moolenaar
2021-11-24 12:17:53 +00:00
parent 48608b4a4b
commit 03725c5795
6 changed files with 65 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/ex_docmd.c
View File

@@ -4380,7 +4380,14 @@ get_address(
if (!VIM_ISDIGIT(*cmd)) // '+' is '+1', but '+0' is not '+1'
n = 1;
else
{
n = getdigits(&cmd);
if (n == MAXLNUM)
{
emsg(_(e_line_number_out_of_range));
goto error;
}
}
if (addr_type == ADDR_TABS_RELATIVE)
{
@@ -4398,13 +4405,20 @@ get_address(
// Relative line addressing, need to adjust for folded lines
// now, but only do it after the first address.
if (addr_type == ADDR_LINES && (i == '-' || i == '+')
&& address_count >= 2)
&& address_count >= 2)
(void)hasFolding(lnum, NULL, &lnum);
#endif
if (i == '-')
lnum -= n;
else
{
if (n >= LONG_MAX - lnum)
{
emsg(_(e_line_number_out_of_range));
goto error;
}
lnum += n;
}
}
}
} while (*cmd == '/' || *cmd == '?');