Mercurial > vim
view src/proto/ops.pro @ 33778:06ad070cda83 v9.0.2109
patch 9.0.2109: [security]: overflow in nv_z_get_count
Commit: https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca
Author: Christian Brabandt <cb@256bit.org>
Date: Tue Nov 14 21:02:30 2023 +0100
patch 9.0.2109: [security]: overflow in nv_z_get_count
Problem: [security]: overflow in nv_z_get_count
Solution: break out, if count is too large
When getting the count for a normal z command, it may overflow for large
counts given. So verify, that we can safely store the result in a long.
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Thu, 16 Nov 2023 22:15:11 +0100 |
parents | ca6bc7c04163 |
children | e6defaa1e46a |
line wrap: on
line source
/* ops.c */ int get_op_type(int char1, int char2); int op_is_change(int op); int get_op_char(int optype); int get_extra_op_char(int optype); void op_shift(oparg_T *oap, int curs_top, int amount); void shift_line(int left, int round, int amount, int call_changed_bytes); int op_delete(oparg_T *oap); int op_replace(oparg_T *oap, int c); int swapchar(int op_type, pos_T *pos); void op_insert(oparg_T *oap, long count1); int op_change(oparg_T *oap); void adjust_cursor_eol(void); char_u *skip_comment(char_u *line, int process, int include_space, int *is_comment); int do_join(long count, int insert_space, int save_undo, int use_formatoptions, int setmark); void block_prep(oparg_T *oap, struct block_def *bdp, linenr_T lnum, int is_del); void op_addsub(oparg_T *oap, linenr_T Prenum1, int g_cmd); void clear_oparg(oparg_T *oap); void cursor_pos_info(dict_T *dict); char *did_set_operatorfunc(optset_T *args); void free_operatorfunc_option(void); int set_ref_in_opfunc(int copyID); void do_pending_operator(cmdarg_T *cap, int old_col, int gui_yank); /* vim: set ft=c : */