Mercurial > vim
comparison src/getchar.c @ 26125:18114bb393e0 v8.2.3595
patch 8.2.3595: check for signed overflow might not work everywhere
Commit: https://github.com/vim/vim/commit/0d5a12ea041c112b06b1aafde38846ae4cff8f4c
Author: Bram Moolenaar <Bram@vim.org>
Date: Sun Nov 14 14:05:18 2021 +0000
patch 8.2.3595: check for signed overflow might not work everywhere
Problem: Check for signed overflow might not work everywhere.
Solution: Limit to 32 bit int. (closes https://github.com/vim/vim/issues/9043, closes https://github.com/vim/vim/issues/9067)
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Sun, 14 Nov 2021 15:15:03 +0100 |
parents | a63676a1da2b |
children | 7d66d585bffa |
comparison
equal
deleted
inserted
replaced
26124:dec03accc688 | 26125:18114bb393e0 |
---|---|
999 typebuf.tb_off = (typebuf.tb_buflen - addlen - 3 * (MAXMAPLEN + 4)) / 2; | 999 typebuf.tb_off = (typebuf.tb_buflen - addlen - 3 * (MAXMAPLEN + 4)) / 2; |
1000 mch_memmove(typebuf.tb_buf + typebuf.tb_off, str, (size_t)addlen); | 1000 mch_memmove(typebuf.tb_buf + typebuf.tb_off, str, (size_t)addlen); |
1001 } | 1001 } |
1002 else | 1002 else |
1003 { | 1003 { |
1004 int extra; | |
1005 | |
1004 /* | 1006 /* |
1005 * Need to allocate a new buffer. | 1007 * Need to allocate a new buffer. |
1006 * In typebuf.tb_buf there must always be room for 3 * (MAXMAPLEN + 4) | 1008 * In typebuf.tb_buf there must always be room for 3 * (MAXMAPLEN + 4) |
1007 * characters. We add some extra room to avoid having to allocate too | 1009 * characters. We add some extra room to avoid having to allocate too |
1008 * often. | 1010 * often. |
1009 */ | 1011 */ |
1010 newoff = MAXMAPLEN + 4; | 1012 newoff = MAXMAPLEN + 4; |
1011 newlen = typebuf.tb_len + addlen + newoff + 4 * (MAXMAPLEN + 4); | 1013 extra = addlen + newoff + 4 * (MAXMAPLEN + 4); |
1012 if (newlen < 0) // string is getting too long | 1014 if (typebuf.tb_len > 2147483647 - extra) |
1013 { | 1015 { |
1016 // string is getting too long for a 32 bit int | |
1014 emsg(_(e_toocompl)); // also calls flush_buffers | 1017 emsg(_(e_toocompl)); // also calls flush_buffers |
1015 setcursor(); | 1018 setcursor(); |
1016 return FAIL; | 1019 return FAIL; |
1017 } | 1020 } |
1021 newlen = typebuf.tb_len + extra; | |
1018 s1 = alloc(newlen); | 1022 s1 = alloc(newlen); |
1019 if (s1 == NULL) // out of memory | 1023 if (s1 == NULL) // out of memory |
1020 return FAIL; | 1024 return FAIL; |
1021 s2 = alloc(newlen); | 1025 s2 = alloc(newlen); |
1022 if (s2 == NULL) // out of memory | 1026 if (s2 == NULL) // out of memory |