Mercurial > vim

comparison src/getchar.c @ 26125:18114bb393e0 v8.2.3595

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.3595: check for signed overflow might not work everywhere Commit: https://github.com/vim/vim/commit/0d5a12ea041c112b06b1aafde38846ae4cff8f4c Author: Bram Moolenaar <Bram@vim.org> Date: Sun Nov 14 14:05:18 2021 +0000 patch 8.2.3595: check for signed overflow might not work everywhere Problem: Check for signed overflow might not work everywhere. Solution: Limit to 32 bit int. (closes https://github.com/vim/vim/issues/9043, closes https://github.com/vim/vim/issues/9067)
author Bram Moolenaar <Bram@vim.org>
date Sun, 14 Nov 2021 15:15:03 +0100
parents a63676a1da2b
children 7d66d585bffa
comparison
equal deleted inserted replaced
26124:dec03accc688 26125:18114bb393e0
999 typebuf.tb_off = (typebuf.tb_buflen - addlen - 3 * (MAXMAPLEN + 4)) / 2; 999 typebuf.tb_off = (typebuf.tb_buflen - addlen - 3 * (MAXMAPLEN + 4)) / 2;
1000 mch_memmove(typebuf.tb_buf + typebuf.tb_off, str, (size_t)addlen); 1000 mch_memmove(typebuf.tb_buf + typebuf.tb_off, str, (size_t)addlen);
1001 } 1001 }
1002 else 1002 else
1003 { 1003 {
1004 int extra;
1005
1004 /* 1006 /*
1005 * Need to allocate a new buffer. 1007 * Need to allocate a new buffer.
1006 * In typebuf.tb_buf there must always be room for 3 * (MAXMAPLEN + 4) 1008 * In typebuf.tb_buf there must always be room for 3 * (MAXMAPLEN + 4)
1007 * characters. We add some extra room to avoid having to allocate too 1009 * characters. We add some extra room to avoid having to allocate too
1008 * often. 1010 * often.
1009 */ 1011 */
1010 newoff = MAXMAPLEN + 4; 1012 newoff = MAXMAPLEN + 4;
1011 newlen = typebuf.tb_len + addlen + newoff + 4 * (MAXMAPLEN + 4); 1013 extra = addlen + newoff + 4 * (MAXMAPLEN + 4);
1012 if (newlen < 0) // string is getting too long 1014 if (typebuf.tb_len > 2147483647 - extra)
1013 { 1015 {
1016 // string is getting too long for a 32 bit int
1014 emsg(_(e_toocompl)); // also calls flush_buffers 1017 emsg(_(e_toocompl)); // also calls flush_buffers
1015 setcursor(); 1018 setcursor();
1016 return FAIL; 1019 return FAIL;
1017 } 1020 }
1021 newlen = typebuf.tb_len + extra;
1018 s1 = alloc(newlen); 1022 s1 = alloc(newlen);
1019 if (s1 == NULL) // out of memory 1023 if (s1 == NULL) // out of memory
1020 return FAIL; 1024 return FAIL;
1021 s2 = alloc(newlen); 1025 s2 = alloc(newlen);
1022 if (s2 == NULL) // out of memory 1026 if (s2 == NULL) // out of memory