changeset 11997:66b677c77467 v8.0.0879

patch 8.0.0879: crash when shifting with huge number commit https://github.com/vim/vim/commit/bae5a17a738d1a3b5c51d9aa5d99e228d3911955 Author: Bram Moolenaar <Bram@vim.org> Date: Sun Aug 6 15:42:06 2017 +0200 patch 8.0.0879: crash when shifting with huge number Problem: Crash when shifting with huge number. Solution: Check for overflow. (Dominique Pelle, closes https://github.com/vim/vim/issues/1945)
author Christian Brabandt <cb@256bit.org>
date Sun, 06 Aug 2017 15:45:04 +0200
parents 4adaaa738e57
children e2b3a7cf5504
files src/ops.c src/testdir/test_visual.vim src/version.c
diffstat 3 files changed, 14 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/ops.c
+++ b/src/ops.c
@@ -396,7 +396,10 @@ shift_block(oparg_T *oap, int amount)
 	return;
 
     /* total is number of screen columns to be inserted/removed */
-    total = amount * p_sw;
+    total = (int)((unsigned)amount * (unsigned)p_sw);
+    if ((total / p_sw) != amount)
+	return; /* multiplication overflow */
+
     oldp = ml_get_curline();
 
     if (!left)
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -18,6 +18,14 @@ func Test_block_shift_multibyte()
   q!
 endfunc
 
+func Test_block_shift_overflow()
+  " This used to cause a multiplication overflow followed by a crash.
+  new
+  normal ii
+  exe "normal \<C-V>876543210>"
+  q!
+endfunc
+
 func Test_dotregister_paste()
   new
   exe "norm! ihello world\<esc>"
--- a/src/version.c
+++ b/src/version.c
@@ -770,6 +770,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    879,
+/**/
     878,
 /**/
     877,