Mercurial > vim
view READMEdir/README_unix.txt @ 33784:872c07d5befe v9.0.2112
patch 9.0.2112: [security]: overflow in shift_line
Commit: https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e
Author: Christian Brabandt <cb@256bit.org>
Date: Tue Nov 14 22:42:59 2023 +0100
patch 9.0.2112: [security]: overflow in shift_line
Problem: [security]: overflow in shift_line
Solution: allow a max indent of INT_MAX
[security]: overflow in shift_line
When shifting lines in operator pending mode and using a very large
value, we may overflow the size of integer. Fix this by using a long
variable, testing if the result would be larger than INT_MAX and if so,
indent by INT_MAX value.
Special case: We cannot use long here, since on 32bit architectures (or
on Windows?), it typically cannot take larger values than a plain int,
so we have to use long long count, decide whether the resulting
multiplication of the shiftwidth value * amount is larger than INT_MAX
and if so, we will store INT_MAX as possible larges value in the long
long count variable.
Then we can safely cast it back to int when calling the functions to set
the indent (set_indent() or change_indent()). So this should be safe.
Add a test that when using a huge value in operator pending mode for
shifting, we will shift by INT_MAX
closes: #13535
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Thu, 16 Nov 2023 22:15:15 +0100 |
parents | f8116058ca76 |
children | 4635e43f2c6f |
line wrap: on
line source
README_unix.txt for version 9.0 of Vim: Vi IMproved. This file explains the installation of Vim on Unix systems. See "README.txt" for general information about Vim. When you use the source distribution, "make install" is used to install Vim. See the "INSTALL" file in the "src" directory. If you use a compiled package, follow the instructions for the package.