thac0/vim
1
0
Fork 0
forked from aniani/vim
Code Activity

patch 8.0.1470: integer overflow when using regexp pattern

Browse Source 
Problem:    Integer overflow when using regexp pattern. (geeknik)
Solution:   Use a long instead of int. (Christian Brabandt, closes #2251)
This commit is contained in:
Bram Moolenaar
2018-02-04 18:22:46 +01:00
parent 2374faae11
commit 2c7b906afb
2 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/regexp_nfa.c
View File

@@ -1600,7 +1600,7 @@ nfa_regatom(void)
default: default:
{ {
int n = 0; long n = 0;
int cmp = c; int cmp = c;
if (c == '<' || c == '>') if (c == '<' || c == '>')
@@ -1628,7 +1628,14 @@ nfa_regatom(void)
/* \%{n}v \%{n}<v \%{n}>v */ /* \%{n}v \%{n}<v \%{n}>v */
EMIT(cmp == '<' ? NFA_VCOL_LT : EMIT(cmp == '<' ? NFA_VCOL_LT :
cmp == '>' ? NFA_VCOL_GT : NFA_VCOL); cmp == '>' ? NFA_VCOL_GT : NFA_VCOL);
EMIT(n); #if VIM_SIZEOF_INT < VIM_SIZEOF_LONG
if (n > INT_MAX)
{
EMSG(_("E951: \\% value too large"));
return FAIL;
}
#endif
EMIT((int)n);
break; break;
} }
else if (c == '\'' && n == 0) else if (c == '\'' && n == 0)
@@ -3970,7 +3977,7 @@ static int nfa_match;
#ifdef FEAT_RELTIME #ifdef FEAT_RELTIME
static proftime_T *nfa_time_limit; static proftime_T *nfa_time_limit;
static int *nfa_timed_out; static int *nfa_timed_out;
static int nfa_time_count; static int nfa_time_count;
#endif #endif
static void copy_pim(nfa_pim_T *to, nfa_pim_T *from); static void copy_pim(nfa_pim_T *to, nfa_pim_T *from);
@@ -4068,10 +4075,10 @@ copy_ze_off(regsub_T *to, regsub_T *from)
if (REG_MULTI) if (REG_MULTI)
{ {
if (from->list.multi[0].end_lnum >= 0) if (from->list.multi[0].end_lnum >= 0)
{ {
to->list.multi[0].end_lnum = from->list.multi[0].end_lnum; to->list.multi[0].end_lnum = from->list.multi[0].end_lnum;
to->list.multi[0].end_col = from->list.multi[0].end_col; to->list.multi[0].end_col = from->list.multi[0].end_col;
} }
} }
else else
{ {
@@ -5124,9 +5131,9 @@ recursive_regmatch(
} }
if (state->c == NFA_START_INVISIBLE_BEFORE if (state->c == NFA_START_INVISIBLE_BEFORE
|| state->c == NFA_START_INVISIBLE_BEFORE_FIRST || state->c == NFA_START_INVISIBLE_BEFORE_FIRST
|| state->c == NFA_START_INVISIBLE_BEFORE_NEG || state->c == NFA_START_INVISIBLE_BEFORE_NEG
|| state->c == NFA_START_INVISIBLE_BEFORE_NEG_FIRST) || state->c == NFA_START_INVISIBLE_BEFORE_NEG_FIRST)
{ {
/* The recursive match must end at the current position. When "pim" is /* The recursive match must end at the current position. When "pim" is
* not NULL it specifies the current position. */ * not NULL it specifies the current position. */
@@ -6302,7 +6309,7 @@ nfa_regmatch(
} }
} }
else if (state->c < 0 ? check_char_class(state->c, curc) else if (state->c < 0 ? check_char_class(state->c, curc)
: (curc == state->c : (curc == state->c
|| (rex.reg_ic && MB_TOLOWER(curc) || (rex.reg_ic && MB_TOLOWER(curc)
== MB_TOLOWER(state->c)))) == MB_TOLOWER(state->c))))
{ {
@@ -6863,7 +6870,7 @@ nfa_regmatch(
&& (REG_MULTI && (REG_MULTI
? (reglnum < nfa_endp->se_u.pos.lnum ? (reglnum < nfa_endp->se_u.pos.lnum
|| (reglnum == nfa_endp->se_u.pos.lnum || (reglnum == nfa_endp->se_u.pos.lnum
&& (int)(reginput - regline) && (int)(reginput - regline)
< nfa_endp->se_u.pos.col)) < nfa_endp->se_u.pos.col))
: reginput < nfa_endp->se_u.ptr)))) : reginput < nfa_endp->se_u.ptr))))
{ {

2
src/version.c
View File

@@ -771,6 +771,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
1470,
/**/ /**/
1469, 1469,
/**/ /**/