patch 8.0.1470: integer overflow when using regexp pattern

Problem: Integer overflow when using regexp pattern. (geeknik) Solution: Use a long instead of int. (Christian Brabandt, closes #2251)
2018-02-04 18:22:46 +01:00
parent 2374faae11
commit 2c7b906afb
2 changed files with 19 additions and 10 deletions
--- a/src/regexp_nfa.c
+++ b/src/regexp_nfa.c
@@ -1600,7 +1600,7 @@ nfa_regatom(void)

 		default:
 		    {
-			int	n = 0;
+			long	n = 0;
 			int	cmp = c;

 			if (c == '<' || c == '>')
@@ -1628,7 +1628,14 @@ nfa_regatom(void)
 				/* \%{n}v  \%{n}<v  \%{n}>v  */
 				EMIT(cmp == '<' ? NFA_VCOL_LT :
 				     cmp == '>' ? NFA_VCOL_GT : NFA_VCOL);
-			    EMIT(n);
+#if VIM_SIZEOF_INT < VIM_SIZEOF_LONG
+			    if (n > INT_MAX)
+			    {
+				EMSG(_("E951: \\% value too large"));
+				return FAIL;
+			    }
+#endif
+			    EMIT((int)n);
 			    break;
 			}
 			else if (c == '\'' && n == 0)
--- a/src/version.c
+++ b/src/version.c
@@ -771,6 +771,8 @@ static char *(features[]) =

 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1470,
 /**/
    1469,
 /**/