thac0/vim
1
0
Fork 0
forked from aniani/vim
Code Activity

patch 8.0.1470: integer overflow when using regexp pattern

Browse Source 
Problem:    Integer overflow when using regexp pattern. (geeknik)
Solution:   Use a long instead of int. (Christian Brabandt, closes #2251)
This commit is contained in:
Bram Moolenaar
2018-02-04 18:22:46 +01:00
parent 2374faae11
commit 2c7b906afb
2 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/regexp_nfa.c
View File

@@ -1600,7 +1600,7 @@ nfa_regatom(void)
default: default:
{ {
int n = 0; long n = 0;
int cmp = c; int cmp = c;
if (c == '<' || c == '>') if (c == '<' || c == '>')
@@ -1628,7 +1628,14 @@ nfa_regatom(void)
/* \%{n}v \%{n}<v \%{n}>v */ /* \%{n}v \%{n}<v \%{n}>v */
EMIT(cmp == '<' ? NFA_VCOL_LT : EMIT(cmp == '<' ? NFA_VCOL_LT :
cmp == '>' ? NFA_VCOL_GT : NFA_VCOL); cmp == '>' ? NFA_VCOL_GT : NFA_VCOL);
EMIT(n); #if VIM_SIZEOF_INT < VIM_SIZEOF_LONG
if (n > INT_MAX)
{
EMSG(_("E951: \\% value too large"));
return FAIL;
}
#endif
EMIT((int)n);
break; break;
} }
else if (c == '\'' && n == 0) else if (c == '\'' && n == 0)

2
src/version.c
View File

@@ -771,6 +771,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
1470,
/**/ /**/
1469, 1469,
/**/ /**/