Mercurial > vim

comparison src/normal.c @ 26256:92fbed13ca4d v8.2.3659

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.3659: integer overflow with large line number Commit: https://github.com/vim/vim/commit/03725c5795ae5b8c14da4a39cd0ce723c6dd4304 Author: Bram Moolenaar <Bram@vim.org> Date: Wed Nov 24 12:17:53 2021 +0000 patch 8.2.3659: integer overflow with large line number Problem: Integer overflow with large line number. Solution: Check for overflow. (closes https://github.com/vim/vim/issues/9202)
author Bram Moolenaar <Bram@vim.org>
date Wed, 24 Nov 2021 13:30:03 +0100
parents 9a8e9383e4cd
children a74c8936794a
comparison
equal deleted inserted replaced
26255:c69a537bd421 26256:92fbed13ca4d
628 ca.count0 /= 10; 628 ca.count0 /= 10;
629 #ifdef FEAT_CMDL_INFO 629 #ifdef FEAT_CMDL_INFO
630 del_from_showcmd(4); // delete the digit and ~@% 630 del_from_showcmd(4); // delete the digit and ~@%
631 #endif 631 #endif
632 } 632 }
633 else if (ca.count0 >= 999999999L)
634 {
635 ca.count0 = 999999999L;
636 }
633 else 637 else
638 {
634 ca.count0 = ca.count0 * 10 + (c - '0'); 639 ca.count0 = ca.count0 * 10 + (c - '0');
635 if (ca.count0 < 0) // overflow 640 }
636 ca.count0 = 999999999L;
637 #ifdef FEAT_EVAL 641 #ifdef FEAT_EVAL
638 // Set v:count here, when called from main() and not a stuffed 642 // Set v:count here, when called from main() and not a stuffed
639 // command, so that v:count can be used in an expression mapping 643 // command, so that v:count can be used in an expression mapping
640 // right after the count. Do set it for redo. 644 // right after the count. Do set it for redo.
641 if (toplevel && readbuf1_empty()) 645 if (toplevel && readbuf1_empty())
698 * into "d3w" which makes things fall into place pretty neatly. 702 * into "d3w" which makes things fall into place pretty neatly.
699 * If you give a count before AND after the operator, they are 703 * If you give a count before AND after the operator, they are
700 * multiplied. 704 * multiplied.
701 */ 705 */
702 if (ca.count0) 706 if (ca.count0)
703 ca.count0 *= ca.opcount; 707 {
708 if (ca.opcount >= 999999999L / ca.count0)
709 ca.count0 = 999999999L;
710 else
711 ca.count0 *= ca.opcount;
712 }
704 else 713 else
705 ca.count0 = ca.opcount; 714 ca.count0 = ca.opcount;
706 if (ca.count0 < 0) // overflow
707 ca.count0 = 999999999L;
708 } 715 }
709 716
710 /* 717 /*
711 * Always remember the count. It will be set to zero (on the next call, 718 * Always remember the count. It will be set to zero (on the next call,
712 * above) when there is no pending operator. 719 * above) when there is no pending operator.