Mercurial > vim

diff src/normal.c @ 26256:92fbed13ca4d v8.2.3659
patch 8.2.3659: integer overflow with large line number Commit: https://github.com/vim/vim/commit/03725c5795ae5b8c14da4a39cd0ce723c6dd4304 Author: Bram Moolenaar <Bram@vim.org> Date: Wed Nov 24 12:17:53 2021 +0000 patch 8.2.3659: integer overflow with large line number Problem: Integer overflow with large line number. Solution: Check for overflow. (closes https://github.com/vim/vim/issues/9202)
author: Bram Moolenaar <Bram@vim.org>
date: Wed, 24 Nov 2021 13:30:03 +0100
parents: 9a8e9383e4cd
children: a74c8936794a
--- a/src/normal.c
+++ b/src/normal.c
@@ -630,10 +630,14 @@ getcount:
 		del_from_showcmd(4);	// delete the digit and ~@%
 #endif
 	    }
+	    else if (ca.count0 >= 999999999L)
+	    {
+		ca.count0 = 999999999L;
+	    }
 	    else
+	    {
 		ca.count0 = ca.count0 * 10 + (c - '0');
-	    if (ca.count0 < 0)	    // overflow
-		ca.count0 = 999999999L;
+	    }
 #ifdef FEAT_EVAL
 	    // Set v:count here, when called from main() and not a stuffed
 	    // command, so that v:count can be used in an expression mapping
@@ -700,11 +704,14 @@ getcount:
 	 * multiplied.
 	 */
 	if (ca.count0)
-	    ca.count0 *= ca.opcount;
+	{
+	    if (ca.opcount >= 999999999L / ca.count0)
+		ca.count0 = 999999999L;
+	    else
+		ca.count0 *= ca.opcount;
+	}
 	else
 	    ca.count0 = ca.opcount;
-	if (ca.count0 < 0)	    // overflow
-	    ca.count0 = 999999999L;
     }
 
     /*
author	Bram Moolenaar <Bram@vim.org>
date	Wed, 24 Nov 2021 13:30:03 +0100
parents	9a8e9383e4cd
children	a74c8936794a