diff options
| author | Gabriel <gabfeol@gmail.com> | 2019-05-22 16:59:49 -0300 |
|---|---|---|
| committer | Jan Edmund Lazo <jan.lazo@mail.utoronto.ca> | 2019-07-24 21:43:04 -0400 |
| commit | 33ce6a7f62c5203ca0f6903327c2e3e5ec54344c (patch) | |
| tree | 57865be1e37dd1f1a8a8a762d2ec36e5499086b1 | |
| parent | 43f4e5d5be44c4d836eabd479dcee9ff7d3bfa2a (diff) | |
| download | rneovim-33ce6a7f62c5203ca0f6903327c2e3e5ec54344c.tar.gz rneovim-33ce6a7f62c5203ca0f6903327c2e3e5ec54344c.tar.bz2 rneovim-33ce6a7f62c5203ca0f6903327c2e3e5ec54344c.zip | |
Checks for overflow when parsing string to int
| -rw-r--r-- | src/nvim/regexp_nfa.c | 4 | ||||
| -rw-r--r-- | test/functional/eval/match_functions_spec.lua | 9 |
2 files changed, 13 insertions, 0 deletions
diff --git a/src/nvim/regexp_nfa.c b/src/nvim/regexp_nfa.c index ab189c0c03..abbb5a3867 100644 --- a/src/nvim/regexp_nfa.c +++ b/src/nvim/regexp_nfa.c @@ -1499,6 +1499,10 @@ static int nfa_regatom(void) if (c == '<' || c == '>') c = getchr(); while (ascii_isdigit(c)) { + if (n > (INT_MAX - (c - '0')) / 10) { + EMSG(_("E951: \\% value too large")); + return FAIL; + } n = n * 10 + (c - '0'); c = getchr(); } diff --git a/test/functional/eval/match_functions_spec.lua b/test/functional/eval/match_functions_spec.lua index 0ec465a34c..421b9e7ea3 100644 --- a/test/functional/eval/match_functions_spec.lua +++ b/test/functional/eval/match_functions_spec.lua @@ -156,3 +156,12 @@ describe('matchaddpos()', function() ]], {[1] = {foreground = Screen.colors.Red}, [2] = {bold = true, foreground = Screen.colors.Blue1}}) end) end) + +describe('nfa_regatom() column search', function() + it('fails when column value is greater than a 64-bit integer value', function() + expect_err("Vim:E951: \\%% value too large", command, "/\\v%18446744071562067968c") + end) + it('fails when column value is greater than a 32-bit integer value', function() + expect_err("Vim:E951: \\%% value too large", command, "/\\v%2147483648c") + end) +end) |