Mercurial > vim
changeset 15959:4feaa025491b v8.1.0985
patch 8.1.0985: crash with large number in regexp
commit https://github.com/vim/vim/commit/ab350f89f9646e07aefe16a32ba3ddb847496b4a
Author: Bram Moolenaar <Bram@vim.org>
Date: Thu Feb 28 06:25:00 2019 +0100
patch 8.1.0985: crash with large number in regexp
Problem: Crash with large number in regexp. (Kuang-che Wu)
Solution: Check for long becoming negative int. (closes #)
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Thu, 28 Feb 2019 06:30:11 +0100 |
parents | 5b3c0bb37ebc |
children | ee37b47d6a33 |
files | src/regexp.c src/testdir/test_search.vim src/version.c |
diffstat | 3 files changed, 28 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/regexp.c +++ b/src/regexp.c @@ -2228,7 +2228,7 @@ regatom(int *flagp) default: i = -1; break; } - if (i < 0) + if (i < 0 || i > INT_MAX) EMSG2_RET_NULL( _("E678: Invalid character after %s%%[dxouU]"), reg_magic == MAGIC_ALL); @@ -3293,7 +3293,7 @@ coll_get_char(void) case 'u': nr = gethexchrs(4); break; case 'U': nr = gethexchrs(8); break; } - if (nr < 0) + if (nr < 0 || nr > INT_MAX) { /* If getting the number fails be backwards compatible: the character * is a backslash. */
--- a/src/testdir/test_search.vim +++ b/src/testdir/test_search.vim @@ -1212,13 +1212,36 @@ func Test_search_Ctrl_L_combining() call Incsearch_cleanup() endfunc -func Test_large_hex_chars() +func Test_large_hex_chars1() " This used to cause a crash, the character becomes an NFA state. try /\%Ufffffc23 catch call assert_match('E678:', v:exception) endtry + try + set re=1 + /\%Ufffffc23 + catch + call assert_match('E678:', v:exception) + endtry + set re& +endfunc + +func Test_large_hex_chars2() + " This used to cause a crash, the character becomes an NFA state. + try + /[\Ufffffc1f] + catch + call assert_match('E486:', v:exception) + endtry + try + set re=1 + /[\Ufffffc1f] + catch + call assert_match('E486:', v:exception) + endtry + set re& endfunc func Test_one_error_msg()