changeset 22590:13f4aee01ce5 v8.2.1843

patch 8.2.1843: Netbeans: with huge buffer number memory allocation may fail Commit: https://github.com/vim/vim/commit/b9616af23f31fc18721a92643c21f42b69854efe Author: Bram Moolenaar <Bram@vim.org> Date: Tue Oct 13 21:11:13 2020 +0200 patch 8.2.1843: Netbeans: with huge buffer number memory allocation may fail Problem: Netbeans: with huge buffer number memory allocation may fail. Solution: Check for size overflow.
author Bram Moolenaar <Bram@vim.org>
date Tue, 13 Oct 2020 21:15:05 +0200
parents 97f5ed911b24
children c4bb7a69c6a2
files src/netbeans.c src/version.c
diffstat 2 files changed, 12 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/netbeans.c
+++ b/src/netbeans.c
@@ -674,11 +674,19 @@ nb_get_buf(int bufno)
     {
 	if (bufno >= buf_list_size) // grow list
 	{
-	    nbbuf_T *t_buf_list = buf_list;
+	    nbbuf_T	*t_buf_list = buf_list;
+	    size_t	bufsize;
 
 	    incr = bufno - buf_list_size + 90;
 	    buf_list_size += incr;
-	    buf_list = vim_realloc(buf_list, buf_list_size * sizeof(nbbuf_T));
+	    bufsize = buf_list_size * sizeof(nbbuf_T);
+	    if (bufsize == 0 || bufsize / sizeof(nbbuf_T)
+						      != (size_t)buf_list_size)
+	    {
+		// list size overflow, bail out
+		return NULL;
+	    }
+	    buf_list = vim_realloc(buf_list, bufsize);
 	    if (buf_list == NULL)
 	    {
 		vim_free(t_buf_list);
--- a/src/version.c
+++ b/src/version.c
@@ -751,6 +751,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1843,
+/**/
     1842,
 /**/
     1841,