Mercurial > vim

comparison src/charset.c @ 14061:47b2db8a5709 v8.1.0048

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.1.0048: vim_str2nr() does not handle numbers close to the maximum commit https://github.com/vim/vim/commit/07ccf7ce7fb948fd4d080b817e9fbaea9e721dab Author: Bram Moolenaar <Bram@vim.org> Date: Tue Jun 12 17:25:36 2018 +0200 patch 8.1.0048: vim_str2nr() does not handle numbers close to the maximum Problem: vim_str2nr() does not handle numbers close to the maximum. Solution: Check for overflow more precisely. (Ken Takata, closes https://github.com/vim/vim/issues/2746)
author Christian Brabandt <cb@256bit.org>
date Tue, 12 Jun 2018 17:30:06 +0200
parents 0fa21ba32e21
children 2ad722003b36
comparison
equal deleted inserted replaced
14060:18c62ba45098 14061:47b2db8a5709
1926 if (pre != 0) 1926 if (pre != 0)
1927 n += 2; /* skip over "0b" */ 1927 n += 2; /* skip over "0b" */
1928 while ('0' <= *ptr && *ptr <= '1') 1928 while ('0' <= *ptr && *ptr <= '1')
1929 { 1929 {
1930 /* avoid ubsan error for overflow */ 1930 /* avoid ubsan error for overflow */
1931 if (un < UVARNUM_MAX / 2) 1931 if (un <= UVARNUM_MAX / 2)
1932 un = 2 * un + (unsigned long)(*ptr - '0'); 1932 un = 2 * un + (uvarnumber_T)(*ptr - '0');
1933 else 1933 else
1934 un = UVARNUM_MAX; 1934 un = UVARNUM_MAX;
1935 ++ptr; 1935 ++ptr;
1936 if (n++ == maxlen) 1936 if (n++ == maxlen)
1937 break; 1937 break;
1941 { 1941 {
1942 /* octal */ 1942 /* octal */
1943 while ('0' <= *ptr && *ptr <= '7') 1943 while ('0' <= *ptr && *ptr <= '7')
1944 { 1944 {
1945 /* avoid ubsan error for overflow */ 1945 /* avoid ubsan error for overflow */
1946 if (un < UVARNUM_MAX / 8) 1946 if (un <= UVARNUM_MAX / 8)
1947 un = 8 * un + (uvarnumber_T)(*ptr - '0'); 1947 un = 8 * un + (uvarnumber_T)(*ptr - '0');
1948 else 1948 else
1949 un = UVARNUM_MAX; 1949 un = UVARNUM_MAX;
1950 ++ptr; 1950 ++ptr;
1951 if (n++ == maxlen) 1951 if (n++ == maxlen)
1958 if (pre != 0) 1958 if (pre != 0)
1959 n += 2; /* skip over "0x" */ 1959 n += 2; /* skip over "0x" */
1960 while (vim_isxdigit(*ptr)) 1960 while (vim_isxdigit(*ptr))
1961 { 1961 {
1962 /* avoid ubsan error for overflow */ 1962 /* avoid ubsan error for overflow */
1963 if (un < UVARNUM_MAX / 16) 1963 if (un <= UVARNUM_MAX / 16)
1964 un = 16 * un + (uvarnumber_T)hex2nr(*ptr); 1964 un = 16 * un + (uvarnumber_T)hex2nr(*ptr);
1965 else 1965 else
1966 un = UVARNUM_MAX; 1966 un = UVARNUM_MAX;
1967 ++ptr; 1967 ++ptr;
1968 if (n++ == maxlen) 1968 if (n++ == maxlen)
1972 else 1972 else
1973 { 1973 {
1974 /* decimal */ 1974 /* decimal */
1975 while (VIM_ISDIGIT(*ptr)) 1975 while (VIM_ISDIGIT(*ptr))
1976 { 1976 {
1977 uvarnumber_T digit = (uvarnumber_T)(*ptr - '0');
1978
1977 /* avoid ubsan error for overflow */ 1979 /* avoid ubsan error for overflow */
1978 if (un < UVARNUM_MAX / 10) 1980 if (un < UVARNUM_MAX / 10
1979 un = 10 * un + (uvarnumber_T)(*ptr - '0'); 1981 || (un == UVARNUM_MAX / 10 && digit <= UVARNUM_MAX % 10))
1982 un = 10 * un + digit;
1980 else 1983 else
1981 un = UVARNUM_MAX; 1984 un = UVARNUM_MAX;
1982 ++ptr; 1985 ++ptr;
1983 if (n++ == maxlen) 1986 if (n++ == maxlen)
1984 break; 1987 break;