Patch 8.0.1470
Problem:    Integer overflow when using regexp pattern. (geeknik)
Solution:   Use a long instead of int. (Christian Brabandt, closes #2251)
Files:      src/regexp_nfa.c


*** ../vim-8.0.1469/src/regexp_nfa.c    2017-12-16 19:59:30.559719124 +0100
--- src/regexp_nfa.c    2018-02-04 18:18:13.441465027 +0100
***************
*** 1600,1606 ****
  
                default:
                    {
!                       int     n = 0;
                        int     cmp = c;
  
                        if (c == '<' || c == '>')
--- 1600,1606 ----
  
                default:
                    {
!                       long    n = 0;
                        int     cmp = c;
  
                        if (c == '<' || c == '>')
***************
*** 1628,1634 ****
                                /* \%{n}v  \%{n}<v  \%{n}>v  */
                                EMIT(cmp == '<' ? NFA_VCOL_LT :
                                     cmp == '>' ? NFA_VCOL_GT : NFA_VCOL);
!                           EMIT(n);
                            break;
                        }
                        else if (c == '\'' && n == 0)
--- 1628,1641 ----
                                /* \%{n}v  \%{n}<v  \%{n}>v  */
                                EMIT(cmp == '<' ? NFA_VCOL_LT :
                                     cmp == '>' ? NFA_VCOL_GT : NFA_VCOL);
! #if VIM_SIZEOF_INT < VIM_SIZEOF_LONG
!                           if (n > INT_MAX)
!                           {
!                               EMSG(_("E951: \\% value too large"));
!                               return FAIL;
!                           }
! #endif
!                           EMIT((int)n);
                            break;
                        }
                        else if (c == '\'' && n == 0)
***************
*** 3970,3976 ****
  #ifdef FEAT_RELTIME
  static proftime_T  *nfa_time_limit;
  static int       *nfa_timed_out;
! static int         nfa_time_count;
  #endif
  
  static void copy_pim(nfa_pim_T *to, nfa_pim_T *from);
--- 3977,3983 ----
  #ifdef FEAT_RELTIME
  static proftime_T  *nfa_time_limit;
  static int       *nfa_timed_out;
! static int        nfa_time_count;
  #endif
  
  static void copy_pim(nfa_pim_T *to, nfa_pim_T *from);
***************
*** 4068,4077 ****
        if (REG_MULTI)
        {
            if (from->list.multi[0].end_lnum >= 0)
!             {
                to->list.multi[0].end_lnum = from->list.multi[0].end_lnum;
                to->list.multi[0].end_col = from->list.multi[0].end_col;
!             }
        }
        else
        {
--- 4075,4084 ----
        if (REG_MULTI)
        {
            if (from->list.multi[0].end_lnum >= 0)
!           {
                to->list.multi[0].end_lnum = from->list.multi[0].end_lnum;
                to->list.multi[0].end_col = from->list.multi[0].end_col;
!           }
        }
        else
        {
***************
*** 5124,5132 ****
      }
  
      if (state->c == NFA_START_INVISIBLE_BEFORE
!         || state->c == NFA_START_INVISIBLE_BEFORE_FIRST
!         || state->c == NFA_START_INVISIBLE_BEFORE_NEG
!         || state->c == NFA_START_INVISIBLE_BEFORE_NEG_FIRST)
      {
        /* The recursive match must end at the current position. When "pim" is
         * not NULL it specifies the current position. */
--- 5131,5139 ----
      }
  
      if (state->c == NFA_START_INVISIBLE_BEFORE
!           || state->c == NFA_START_INVISIBLE_BEFORE_FIRST
!           || state->c == NFA_START_INVISIBLE_BEFORE_NEG
!           || state->c == NFA_START_INVISIBLE_BEFORE_NEG_FIRST)
      {
        /* The recursive match must end at the current position. When "pim" is
         * not NULL it specifies the current position. */
***************
*** 6302,6308 ****
                        }
                    }
                    else if (state->c < 0 ? check_char_class(state->c, curc)
!                               : (curc == state->c
                                   || (rex.reg_ic && MB_TOLOWER(curc)
                                                    == MB_TOLOWER(state->c))))
                    {
--- 6309,6315 ----
                        }
                    }
                    else if (state->c < 0 ? check_char_class(state->c, curc)
!                              : (curc == state->c
                                   || (rex.reg_ic && MB_TOLOWER(curc)
                                                    == MB_TOLOWER(state->c))))
                    {
***************
*** 6863,6869 ****
                        && (REG_MULTI
                            ? (reglnum < nfa_endp->se_u.pos.lnum
                               || (reglnum == nfa_endp->se_u.pos.lnum
!                                  && (int)(reginput - regline)
                                                    < nfa_endp->se_u.pos.col))
                            : reginput < nfa_endp->se_u.ptr))))
        {
--- 6870,6876 ----
                        && (REG_MULTI
                            ? (reglnum < nfa_endp->se_u.pos.lnum
                               || (reglnum == nfa_endp->se_u.pos.lnum
!                                  && (int)(reginput - regline)
                                                    < nfa_endp->se_u.pos.col))
                            : reginput < nfa_endp->se_u.ptr))))
        {
*** ../vim-8.0.1469/src/version.c       2018-02-04 17:47:37.933909684 +0100
--- src/version.c       2018-02-04 18:21:47.716032550 +0100
***************
*** 773,774 ****
--- 773,776 ----
  {   /* Add new patch number below this line */
+ /**/
+     1470,
  /**/

-- 
You were lucky to have a LAKE! There were a hundred and sixty of
us living in a small shoebox in the middle of the road.

 /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\  an exciting new programming language -- http://www.Zimbu.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Raspunde prin e-mail lui