Mercurial > vim

diff src/netbeans.c @ 22590:13f4aee01ce5 v8.2.1843

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.1843: Netbeans: with huge buffer number memory allocation may fail Commit: https://github.com/vim/vim/commit/b9616af23f31fc18721a92643c21f42b69854efe Author: Bram Moolenaar <Bram@vim.org> Date: Tue Oct 13 21:11:13 2020 +0200 patch 8.2.1843: Netbeans: with huge buffer number memory allocation may fail Problem: Netbeans: with huge buffer number memory allocation may fail. Solution: Check for size overflow.
author Bram Moolenaar <Bram@vim.org>
date Tue, 13 Oct 2020 21:15:05 +0200
parents b378f860d4ab
children 70eb58639009
line wrap: on
line diff
--- a/src/netbeans.c
+++ b/src/netbeans.c
@@ -674,11 +674,19 @@ nb_get_buf(int bufno)
     {
 	if (bufno >= buf_list_size) // grow list
 	{
-	    nbbuf_T *t_buf_list = buf_list;
+	    nbbuf_T	*t_buf_list = buf_list;
+	    size_t	bufsize;
 
 	    incr = bufno - buf_list_size + 90;
 	    buf_list_size += incr;
-	    buf_list = vim_realloc(buf_list, buf_list_size * sizeof(nbbuf_T));
+	    bufsize = buf_list_size * sizeof(nbbuf_T);
+	    if (bufsize == 0 || bufsize / sizeof(nbbuf_T)
+						      != (size_t)buf_list_size)
+	    {
+		// list size overflow, bail out
+		return NULL;
+	    }
+	    buf_list = vim_realloc(buf_list, bufsize);
 	    if (buf_list == NULL)
 	    {
 		vim_free(t_buf_list);