To: vim_dev@googlegroups.com Subject: Patch 8.2.3595 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.3595 Problem: Check for signed overflow might not work everywhere. Solution: Limit to 32 bit int. (closes #9043, closes #9067) Files: src/getchar.c *** ../vim-8.2.3594/src/getchar.c 2021-10-09 15:39:20.459884353 +0100 --- src/getchar.c 2021-11-14 14:01:06.484907143 +0000 *************** *** 1001,1006 **** --- 1001,1008 ---- } else { + int extra; + /* * Need to allocate a new buffer. * In typebuf.tb_buf there must always be room for 3 * (MAXMAPLEN + 4) *************** *** 1008,1020 **** * often. */ newoff = MAXMAPLEN + 4; ! newlen = typebuf.tb_len + addlen + newoff + 4 * (MAXMAPLEN + 4); ! if (newlen < 0) // string is getting too long { emsg(_(e_toocompl)); // also calls flush_buffers setcursor(); return FAIL; } s1 = alloc(newlen); if (s1 == NULL) // out of memory return FAIL; --- 1010,1024 ---- * often. */ newoff = MAXMAPLEN + 4; ! extra = addlen + newoff + 4 * (MAXMAPLEN + 4); ! if (typebuf.tb_len > 2147483647 - extra) { + // string is getting too long for a 32 bit int emsg(_(e_toocompl)); // also calls flush_buffers setcursor(); return FAIL; } + newlen = typebuf.tb_len + extra; s1 = alloc(newlen); if (s1 == NULL) // out of memory return FAIL; *** ../vim-8.2.3594/src/version.c 2021-11-14 13:46:01.940689807 +0000 --- src/version.c 2021-11-14 14:04:31.001046805 +0000 *************** *** 759,760 **** --- 759,762 ---- { /* Add new patch number below this line */ + /**/ + 3595, /**/ -- MORTICIAN: Bring out your dead! [clang] Bring out your dead! [clang] Bring out your dead! CUSTOMER: Here's one -- nine pence. DEAD PERSON: I'm not dead! The Quest for the Holy Grail (Monty Python) /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///