Mercurial > vim

diff src/misc1.c @ 33782:15593f77c5c2 v9.0.2111

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.2111: [security]: overflow in get_number Commit: https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 Author: Christian Brabandt <cb@256bit.org> Date: Tue Nov 14 21:58:26 2023 +0100 patch 9.0.2111: [security]: overflow in get_number Problem: [security]: overflow in get_number Solution: Return 0 when the count gets too large [security]: overflow in get_number When using the z= command, we may overflow the count with values larger than MAX_INT. So verify that we do not overflow and in case when an overflow is detected, simply return 0 Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Thu, 16 Nov 2023 22:15:14 +0100
parents 351d2bbfe921
children 370543108ba1
line wrap: on
line diff
--- a/src/misc1.c
+++ b/src/misc1.c
@@ -975,6 +975,8 @@ get_number(
 	c = safe_vgetc();
 	if (VIM_ISDIGIT(c))
 	{
+	    if (n > INT_MAX / 10)
+		return 0;
 	    n = n * 10 + c - '0';
 	    msg_putchar(c);
 	    ++typed;