# HG changeset patch # User Bram Moolenaar # Date 1591203604 -7200 # Node ID ab0dc036f586c79f8b8d5b55de160a95ffb052c8 # Parent 96e5c3e65d20976359929e0082d05ffa526a9a1f patch 8.2.0892: ubsan warns for undefined behavior Commit: https://github.com/vim/vim/commit/c5acc0f7fed6b061d994fc5ac660dcc0312750bd Author: Bram Moolenaar Date: Wed Jun 3 18:55:38 2020 +0200 patch 8.2.0892: ubsan warns for undefined behavior Problem: Ubsan warns for undefined behavior. Solution: Use unsigned instead of signed variable. (Dominique Pelle, closes #6193) diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c --- a/src/regexp_nfa.c +++ b/src/regexp_nfa.c @@ -246,6 +246,7 @@ static int nfa_classcodes[] = { static char_u e_nul_found[] = N_("E865: (NFA) Regexp end encountered prematurely"); static char_u e_misplaced[] = N_("E866: (NFA regexp) Misplaced %c"); static char_u e_ill_char_class[] = N_("E877: (NFA regexp) Invalid character class: %d"); +static char_u e_value_too_large[] = N_("E951: \\% value too large"); // Variables only used in nfa_regcomp() and descendants. static int nfa_re_flags; // re_flags passed to nfa_regcomp() @@ -1541,19 +1542,27 @@ nfa_regatom(void) default: { - long n = 0; + long_u n = 0; int cmp = c; if (c == '<' || c == '>') c = getchr(); while (VIM_ISDIGIT(c)) { - n = n * 10 + (c - '0'); + long_u tmp = n * 10 + (c - '0'); + + if (tmp < n) + { + // overflow. + emsg(_(e_value_too_large)); + return FAIL; + } + n = tmp; c = getchr(); } if (c == 'l' || c == 'c' || c == 'v') { - int limit = INT_MAX; + long_u limit = INT_MAX; if (c == 'l') { @@ -1576,7 +1585,7 @@ nfa_regatom(void) } if (n >= limit) { - emsg(_("E951: \\% value too large")); + emsg(_(e_value_too_large)); return FAIL; } EMIT((int)n); diff --git a/src/version.c b/src/version.c --- a/src/version.c +++ b/src/version.c @@ -747,6 +747,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 892, +/**/ 891, /**/ 890,