Mercurial > vim
comparison src/misc1.c @ 33782:15593f77c5c2 v9.0.2111
patch 9.0.2111: [security]: overflow in get_number
Commit: https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968
Author: Christian Brabandt <cb@256bit.org>
Date: Tue Nov 14 21:58:26 2023 +0100
patch 9.0.2111: [security]: overflow in get_number
Problem: [security]: overflow in get_number
Solution: Return 0 when the count gets too large
[security]: overflow in get_number
When using the z= command, we may overflow the count with values larger
than MAX_INT. So verify that we do not overflow and in case when an
overflow is detected, simply return 0
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Thu, 16 Nov 2023 22:15:14 +0100 |
parents | 351d2bbfe921 |
children | 370543108ba1 |
comparison
equal
deleted
inserted
replaced
33781:c9ecc3bdb3e3 | 33782:15593f77c5c2 |
---|---|
973 { | 973 { |
974 windgoto(msg_row, msg_col); | 974 windgoto(msg_row, msg_col); |
975 c = safe_vgetc(); | 975 c = safe_vgetc(); |
976 if (VIM_ISDIGIT(c)) | 976 if (VIM_ISDIGIT(c)) |
977 { | 977 { |
978 if (n > INT_MAX / 10) | |
979 return 0; | |
978 n = n * 10 + c - '0'; | 980 n = n * 10 + c - '0'; |
979 msg_putchar(c); | 981 msg_putchar(c); |
980 ++typed; | 982 ++typed; |
981 } | 983 } |
982 else if (c == K_DEL || c == K_KDEL || c == K_BS || c == Ctrl_H) | 984 else if (c == K_DEL || c == K_KDEL || c == K_BS || c == Ctrl_H) |