Mercurial > vim

comparison src/misc1.c @ 33782:15593f77c5c2 v9.0.2111

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.2111: [security]: overflow in get_number Commit: https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 Author: Christian Brabandt <cb@256bit.org> Date: Tue Nov 14 21:58:26 2023 +0100 patch 9.0.2111: [security]: overflow in get_number Problem: [security]: overflow in get_number Solution: Return 0 when the count gets too large [security]: overflow in get_number When using the z= command, we may overflow the count with values larger than MAX_INT. So verify that we do not overflow and in case when an overflow is detected, simply return 0 Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Thu, 16 Nov 2023 22:15:14 +0100
parents 351d2bbfe921
children 370543108ba1
comparison
equal deleted inserted replaced
33781:c9ecc3bdb3e3 33782:15593f77c5c2
973 { 973 {
974 windgoto(msg_row, msg_col); 974 windgoto(msg_row, msg_col);
975 c = safe_vgetc(); 975 c = safe_vgetc();
976 if (VIM_ISDIGIT(c)) 976 if (VIM_ISDIGIT(c))
977 { 977 {
978 if (n > INT_MAX / 10)
979 return 0;
978 n = n * 10 + c - '0'; 980 n = n * 10 + c - '0';
979 msg_putchar(c); 981 msg_putchar(c);
980 ++typed; 982 ++typed;
981 } 983 }
982 else if (c == K_DEL || c == K_KDEL || c == K_BS || c == Ctrl_H) 984 else if (c == K_DEL || c == K_KDEL || c == K_BS || c == Ctrl_H)