Mercurial > vim

changeset 26125:18114bb393e0 v8.2.3595

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.3595: check for signed overflow might not work everywhere Commit: https://github.com/vim/vim/commit/0d5a12ea041c112b06b1aafde38846ae4cff8f4c Author: Bram Moolenaar <Bram@vim.org> Date: Sun Nov 14 14:05:18 2021 +0000 patch 8.2.3595: check for signed overflow might not work everywhere Problem: Check for signed overflow might not work everywhere. Solution: Limit to 32 bit int. (closes https://github.com/vim/vim/issues/9043, closes https://github.com/vim/vim/issues/9067)
author Bram Moolenaar <Bram@vim.org>
date Sun, 14 Nov 2021 15:15:03 +0100
parents dec03accc688
children 9a8de2345380
files src/getchar.c src/version.c
diffstat 2 files changed, 8 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/getchar.c
+++ b/src/getchar.c
@@ -1001,6 +1001,8 @@ ins_typebuf(
     }
     else
     {
+	int extra;
+
 	/*
 	 * Need to allocate a new buffer.
 	 * In typebuf.tb_buf there must always be room for 3 * (MAXMAPLEN + 4)
@@ -1008,13 +1010,15 @@ ins_typebuf(
 	 * often.
 	 */
 	newoff = MAXMAPLEN + 4;
-	newlen = typebuf.tb_len + addlen + newoff + 4 * (MAXMAPLEN + 4);
-	if (newlen < 0)		    // string is getting too long
+	extra = addlen + newoff + 4 * (MAXMAPLEN + 4);
+	if (typebuf.tb_len > 2147483647 - extra)
 	{
+	    // string is getting too long for a 32 bit int
 	    emsg(_(e_toocompl));    // also calls flush_buffers
 	    setcursor();
 	    return FAIL;
 	}
+	newlen = typebuf.tb_len + extra;
 	s1 = alloc(newlen);
 	if (s1 == NULL)		    // out of memory
 	    return FAIL;
--- a/src/version.c
+++ b/src/version.c
@@ -758,6 +758,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    3595,
+/**/
     3594,
 /**/
     3593,