vim-patch:8.0.0879: crash when shifting with huge number

Problem:    Crash when shifting with huge number.
Solution:   Check for overflow. (Dominique Pelle, closes vim/vim#1945)
https://github.com/vim/vim/commit/bae5a17a738d1a3b5c51d9aa5d99e228d3911955

2 files changed, 14 insertions, 3 deletions

diff --git a/src/nvim/ops.c b/src/nvim/ops.c
index 4fb1a1ea9d..d0317c84f6 100644
--- a/src/nvim/ops.c
+++ b/src/nvim/ops.c
@@ -312,7 +312,6 @@ static void shift_block(oparg_T *oap, int amount)
 {
   int left = (oap->op_type == OP_LSHIFT);
   int oldstate = State;
-  int total;
   char_u              *newp, *oldp;
   int oldcol = curwin->w_cursor.col;
   int p_sw = get_sw_value(curbuf);
@@ -331,8 +330,12 @@ static void shift_block(oparg_T *oap, int amount)
   if (bd.is_short)
     return;
 
-  /* total is number of screen columns to be inserted/removed */
-  total = amount * p_sw;
+  // total is number of screen columns to be inserted/removed
+  int total = (int)((unsigned)amount * (unsigned)p_sw);
+  if ((total / p_sw) != amount) {
+    return;   // multiplication overflow
+  }
+
   oldp = get_cursor_line_ptr();
 
   if (!left) {
diff --git a/src/nvim/testdir/test_visual.vim b/src/nvim/testdir/test_visual.vim
index 0be6ebd02d..6520666d45 100644
--- a/src/nvim/testdir/test_visual.vim
+++ b/src/nvim/testdir/test_visual.vim
@@ -17,6 +17,14 @@ func Test_block_shift_multibyte()
   q!
 endfunc
 
+func Test_block_shift_overflow()
+  " This used to cause a multiplication overflow followed by a crash.
+  new
+  normal ii
+  exe "normal \<C-V>876543210>"
+  q!
+endfunc
+
 func Test_Visual_ctrl_o()
   new
   call setline(1, ['one', 'two', 'three'])