diff options
| author | Justin M. Keyes <justinkz@gmail.com> | 2019-02-28 01:26:40 +0100 |
|---|---|---|
| committer | Justin M. Keyes <justinkz@gmail.com> | 2019-02-28 12:07:25 +0100 |
| commit | a66b1d4615502d7bc89a97b9e8f5f8d2c6b90cd8 (patch) | |
| tree | 4d21319eb3a43fa60cd31ecd376cf4d94194c35b /src | |
| parent | 533d4a36ec03626e9d796ef7e2a9aa3c0e1ce7bf (diff) | |
| download | rneovim-a66b1d4615502d7bc89a97b9e8f5f8d2c6b90cd8.tar.gz rneovim-a66b1d4615502d7bc89a97b9e8f5f8d2c6b90cd8.tar.bz2 rneovim-a66b1d4615502d7bc89a97b9e8f5f8d2c6b90cd8.zip | |
vim-patch:8.1.0985: crash with large number in regexp
Problem: Crash with large number in regexp. (Kuang-che Wu)
Solution: Check for long becoming negative int. (closes #)
https://github.com/vim/vim/commit/ab350f89f9646e07aefe16a32ba3ddb847496b4a
Diffstat (limited to 'src')
| -rw-r--r-- | src/nvim/regexp.c | 26 | ||||
| -rw-r--r-- | src/nvim/testdir/test_search.vim | 32 |
2 files changed, 46 insertions, 12 deletions
diff --git a/src/nvim/regexp.c b/src/nvim/regexp.c index 53479294de..7c8d228d45 100644 --- a/src/nvim/regexp.c +++ b/src/nvim/regexp.c @@ -2098,18 +2098,20 @@ static char_u *regatom(int *flagp) default: i = -1; break; } - if (i < 0) - EMSG2_RET_NULL( - _("E678: Invalid character after %s%%[dxouU]"), - reg_magic == MAGIC_ALL); - if (use_multibytecode(i)) + if (i < 0 || i > INT_MAX) { + EMSG2_RET_NULL(_("E678: Invalid character after %s%%[dxouU]"), + reg_magic == MAGIC_ALL); + } + if (use_multibytecode(i)) { ret = regnode(MULTIBYTECODE); - else + } else { ret = regnode(EXACTLY); - if (i == 0) + } + if (i == 0) { regc(0x0a); - else + } else { regmbc(i); + } regc(NUL); *flagp |= HASWIDTH; break; @@ -3063,10 +3065,10 @@ static int coll_get_char(void) case 'u': nr = gethexchrs(4); break; case 'U': nr = gethexchrs(8); break; } - if (nr < 0) { - /* If getting the number fails be backwards compatible: the character - * is a backslash. */ - --regparse; + if (nr < 0 || nr > INT_MAX) { + // If getting the number fails be backwards compatible: the character + // is a backslash. + regparse--; nr = '\\'; } return nr; diff --git a/src/nvim/testdir/test_search.vim b/src/nvim/testdir/test_search.vim index 9e2f80fcba..87633d2280 100644 --- a/src/nvim/testdir/test_search.vim +++ b/src/nvim/testdir/test_search.vim @@ -524,3 +524,35 @@ func Test_search_sentence() /\%'( / endfunc + +func Test_large_hex_chars1() + " This used to cause a crash, the character becomes an NFA state. + try + /\%Ufffffc23 + catch + call assert_match('E678:', v:exception) + endtry + try + set re=1 + /\%Ufffffc23 + catch + call assert_match('E678:', v:exception) + endtry + set re& +endfunc + +func Test_large_hex_chars2() + " This used to cause a crash, the character becomes an NFA state. + try + /[\Ufffffc1f] + catch + call assert_match('E486:', v:exception) + endtry + try + set re=1 + /[\Ufffffc1f] + catch + call assert_match('E486:', v:exception) + endtry + set re& +endfunc |