vim-patch:9.0.2108: [security]: overflow with count for :s command

Problem:  [security]: overflow with count for :s command
Solution: Abort the :s command if the count is too large

If the count after the :s command is larger than what fits into a
(signed) long variable, abort with e_value_too_large.

Adds a test with INT_MAX as count and verify it correctly fails.

It seems the return value on Windows using mingw compiler wraps around,
so the initial test using :s/./b/9999999999999999999999999990 doesn't
fail there, since the count is wrapping around several times and finally
is no longer larger than 2147483647. So let's just use 2147483647 in the
test, which hopefully will always cause a failure

https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78

Co-authored-by: Christian Brabandt <cb@256bit.org>

1 files changed, 4 insertions, 2 deletions

diff --git a/src/nvim/globals.h b/src/nvim/globals.h
index 0cab3d1f8c..8e773d691a 100644
--- a/src/nvim/globals.h
+++ b/src/nvim/globals.h
@@ -1026,11 +1026,13 @@ EXTERN const char e_highlight_group_name_too_long[] INIT(= N_("E1249: Highlight
 
 EXTERN const char e_invalid_line_number_nr[] INIT(= N_("E966: Invalid line number: %ld"));
 
-EXTERN char e_stray_closing_curly_str[]
+EXTERN const char e_stray_closing_curly_str[]
 INIT(= N_("E1278: Stray '}' without a matching '{': %s"));
-EXTERN char e_missing_close_curly_str[]
+EXTERN const char e_missing_close_curly_str[]
 INIT(= N_("E1279: Missing '}': %s"));
 
+EXTERN const char e_val_too_large[] INIT(= N_("E1510: Value too large: %s"));
+
 EXTERN const char e_undobang_cannot_redo_or_move_branch[]
 INIT(= N_("E5767: Cannot use :undo! to redo or move to a different undo branch"));