Mercurial > vim
changeset 22590:13f4aee01ce5 v8.2.1843
patch 8.2.1843: Netbeans: with huge buffer number memory allocation may fail
Commit: https://github.com/vim/vim/commit/b9616af23f31fc18721a92643c21f42b69854efe
Author: Bram Moolenaar <Bram@vim.org>
Date: Tue Oct 13 21:11:13 2020 +0200
patch 8.2.1843: Netbeans: with huge buffer number memory allocation may fail
Problem: Netbeans: with huge buffer number memory allocation may fail.
Solution: Check for size overflow.
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Tue, 13 Oct 2020 21:15:05 +0200 |
parents | 97f5ed911b24 |
children | c4bb7a69c6a2 |
files | src/netbeans.c src/version.c |
diffstat | 2 files changed, 12 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/netbeans.c +++ b/src/netbeans.c @@ -674,11 +674,19 @@ nb_get_buf(int bufno) { if (bufno >= buf_list_size) // grow list { - nbbuf_T *t_buf_list = buf_list; + nbbuf_T *t_buf_list = buf_list; + size_t bufsize; incr = bufno - buf_list_size + 90; buf_list_size += incr; - buf_list = vim_realloc(buf_list, buf_list_size * sizeof(nbbuf_T)); + bufsize = buf_list_size * sizeof(nbbuf_T); + if (bufsize == 0 || bufsize / sizeof(nbbuf_T) + != (size_t)buf_list_size) + { + // list size overflow, bail out + return NULL; + } + buf_list = vim_realloc(buf_list, bufsize); if (buf_list == NULL) { vim_free(t_buf_list);