Mercurial > vim
comparison src/charset.c @ 14061:47b2db8a5709 v8.1.0048
patch 8.1.0048: vim_str2nr() does not handle numbers close to the maximum
commit https://github.com/vim/vim/commit/07ccf7ce7fb948fd4d080b817e9fbaea9e721dab
Author: Bram Moolenaar <Bram@vim.org>
Date: Tue Jun 12 17:25:36 2018 +0200
patch 8.1.0048: vim_str2nr() does not handle numbers close to the maximum
Problem: vim_str2nr() does not handle numbers close to the maximum.
Solution: Check for overflow more precisely. (Ken Takata, closes https://github.com/vim/vim/issues/2746)
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Tue, 12 Jun 2018 17:30:06 +0200 |
parents | 0fa21ba32e21 |
children | 2ad722003b36 |
comparison
equal
deleted
inserted
replaced
14060:18c62ba45098 | 14061:47b2db8a5709 |
---|---|
1926 if (pre != 0) | 1926 if (pre != 0) |
1927 n += 2; /* skip over "0b" */ | 1927 n += 2; /* skip over "0b" */ |
1928 while ('0' <= *ptr && *ptr <= '1') | 1928 while ('0' <= *ptr && *ptr <= '1') |
1929 { | 1929 { |
1930 /* avoid ubsan error for overflow */ | 1930 /* avoid ubsan error for overflow */ |
1931 if (un < UVARNUM_MAX / 2) | 1931 if (un <= UVARNUM_MAX / 2) |
1932 un = 2 * un + (unsigned long)(*ptr - '0'); | 1932 un = 2 * un + (uvarnumber_T)(*ptr - '0'); |
1933 else | 1933 else |
1934 un = UVARNUM_MAX; | 1934 un = UVARNUM_MAX; |
1935 ++ptr; | 1935 ++ptr; |
1936 if (n++ == maxlen) | 1936 if (n++ == maxlen) |
1937 break; | 1937 break; |
1941 { | 1941 { |
1942 /* octal */ | 1942 /* octal */ |
1943 while ('0' <= *ptr && *ptr <= '7') | 1943 while ('0' <= *ptr && *ptr <= '7') |
1944 { | 1944 { |
1945 /* avoid ubsan error for overflow */ | 1945 /* avoid ubsan error for overflow */ |
1946 if (un < UVARNUM_MAX / 8) | 1946 if (un <= UVARNUM_MAX / 8) |
1947 un = 8 * un + (uvarnumber_T)(*ptr - '0'); | 1947 un = 8 * un + (uvarnumber_T)(*ptr - '0'); |
1948 else | 1948 else |
1949 un = UVARNUM_MAX; | 1949 un = UVARNUM_MAX; |
1950 ++ptr; | 1950 ++ptr; |
1951 if (n++ == maxlen) | 1951 if (n++ == maxlen) |
1958 if (pre != 0) | 1958 if (pre != 0) |
1959 n += 2; /* skip over "0x" */ | 1959 n += 2; /* skip over "0x" */ |
1960 while (vim_isxdigit(*ptr)) | 1960 while (vim_isxdigit(*ptr)) |
1961 { | 1961 { |
1962 /* avoid ubsan error for overflow */ | 1962 /* avoid ubsan error for overflow */ |
1963 if (un < UVARNUM_MAX / 16) | 1963 if (un <= UVARNUM_MAX / 16) |
1964 un = 16 * un + (uvarnumber_T)hex2nr(*ptr); | 1964 un = 16 * un + (uvarnumber_T)hex2nr(*ptr); |
1965 else | 1965 else |
1966 un = UVARNUM_MAX; | 1966 un = UVARNUM_MAX; |
1967 ++ptr; | 1967 ++ptr; |
1968 if (n++ == maxlen) | 1968 if (n++ == maxlen) |
1972 else | 1972 else |
1973 { | 1973 { |
1974 /* decimal */ | 1974 /* decimal */ |
1975 while (VIM_ISDIGIT(*ptr)) | 1975 while (VIM_ISDIGIT(*ptr)) |
1976 { | 1976 { |
1977 uvarnumber_T digit = (uvarnumber_T)(*ptr - '0'); | |
1978 | |
1977 /* avoid ubsan error for overflow */ | 1979 /* avoid ubsan error for overflow */ |
1978 if (un < UVARNUM_MAX / 10) | 1980 if (un < UVARNUM_MAX / 10 |
1979 un = 10 * un + (uvarnumber_T)(*ptr - '0'); | 1981 || (un == UVARNUM_MAX / 10 && digit <= UVARNUM_MAX % 10)) |
1982 un = 10 * un + digit; | |
1980 else | 1983 else |
1981 un = UVARNUM_MAX; | 1984 un = UVARNUM_MAX; |
1982 ++ptr; | 1985 ++ptr; |
1983 if (n++ == maxlen) | 1986 if (n++ == maxlen) |
1984 break; | 1987 break; |