patch 9.0.2114: overflow detection not accurate when adding digits
Commit:
https://github.com/vim/vim/commit/22cbc8a4e17ce61aa460c451a26e1bff2c3d2af9
Author: Christian Brabandt <[email protected]>
Date: Sun Nov 19 10:47:21 2023 +0100
patch 9.0.2114: overflow detection not accurate when adding digits
Problem: overflow detection not accurate when adding digits
Solution: Use a helper function
Use a helper function to better detect overflows before adding integer
digits to a long or an integer variable respectively. Signal the
overflow to the caller function.
closes: #13539
Signed-off-by: Christian Brabandt <[email protected]>
Signed-off-by: Michael Henry <[email protected]>
Signed-off-by: Ernie Rael <[email protected]>
diff --git a/src/misc1.c b/src/misc1.c
index 5f9828ebe..dc0deae67 100644
--- a/src/misc1.c
+++ b/src/misc1.c
@@ -975,9 +975,8 @@ get_number(
c = safe_vgetc();
if (VIM_ISDIGIT(c))
{
- if (n > INT_MAX / 10)
+ if (vim_append_digit_int(&n, c - '0') == FAIL)
return 0;
- n = n * 10 + c - '0';
msg_putchar(c);
++typed;
}
@@ -2817,3 +2816,25 @@ may_trigger_modechanged(void)
restore_v_event(v_event, &save_v_event);
#endif
}
+
+// For overflow detection, add a digit safely to an int value.
+ int
+vim_append_digit_int(int *value, int digit)
+{
+ int x = *value;
+ if (x > ((INT_MAX - digit) / 10))
+ return FAIL;
+ *value = x * 10 + digit;
+ return OK;
+}
+
+// For overflow detection, add a digit safely to a long value.
+ int
+vim_append_digit_long(long *value, int digit)
+{
+ long x = *value;
+ if (x > ((LONG_MAX - (long)digit) / 10))
+ return FAIL;
+ *value = x * 10 + (long)digit;
+ return OK;
+}
diff --git a/src/normal.c b/src/normal.c
index 16b4b4506..61a19c13a 100644
--- a/src/normal.c
+++ b/src/normal.c
@@ -2563,12 +2563,11 @@ nv_z_get_count(cmdarg_T *cap, int *nchar_arg)
n /= 10;
else if (VIM_ISDIGIT(nchar))
{
- if (n > LONG_MAX / 10)
+ if (vim_append_digit_long(&n, nchar - '0') == FAIL)
{
clearopbeep(cap->oap);
break;
}
- n = n * 10 + (nchar - '0');
}
else if (nchar == CAR)
{
diff --git a/src/proto/misc1.pro b/src/proto/misc1.pro
index b87b7ea74..2b8e9d8f2 100644
--- a/src/proto/misc1.pro
+++ b/src/proto/misc1.pro
@@ -53,4 +53,6 @@ int path_with_url(char_u *fname);
dict_T *get_v_event(save_v_event_T *sve);
void restore_v_event(dict_T *v_event, save_v_event_T *sve);
void may_trigger_modechanged(void);
+int vim_append_digit_int(int *value, int digit);
+int vim_append_digit_long(long *value, int digit);
/* vim: set ft=c : */
diff --git a/src/version.c b/src/version.c
index 00b532075..2a0a6e77d 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 2114,
/**/
2113,
/**/
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/E1r4eb1-001SS8-SY%40256bit.org.
