diff options
| author | zeertzjq <zeertzjq@outlook.com> | 2022-02-18 10:15:08 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-18 10:15:08 +0800 |
| commit | faeff49cbfd190afba67e221412b7132b7ad8360 (patch) | |
| tree | bb6260556f056982e51f6dda99bd882e650cafcc /src | |
| parent | 592f4a7c0807427355635eb371215036325e5bb8 (diff) | |
| parent | 62a1290758a3cd6af95dc47a3bbdc7dcf290d531 (diff) | |
| download | rneovim-faeff49cbfd190afba67e221412b7132b7ad8360.tar.gz rneovim-faeff49cbfd190afba67e221412b7132b7ad8360.tar.bz2 rneovim-faeff49cbfd190afba67e221412b7132b7ad8360.zip | |
Merge pull request #17449 from zeertzjq/vim-8.2.3659
vim-patch:8.2.{3659,3660,3661}: integer overflow with large line number
Diffstat (limited to 'src')
| -rw-r--r-- | src/nvim/ex_docmd.c | 10 | ||||
| -rw-r--r-- | src/nvim/globals.h | 2 | ||||
| -rw-r--r-- | src/nvim/normal.c | 17 | ||||
| -rw-r--r-- | src/nvim/testdir/test_excmd.vim | 14 | ||||
| -rw-r--r-- | src/nvim/testdir/test_normal.vim | 21 | ||||
| -rw-r--r-- | src/nvim/testdir/test_put.vim | 10 |
6 files changed, 58 insertions, 16 deletions
diff --git a/src/nvim/ex_docmd.c b/src/nvim/ex_docmd.c index 9991584862..e8b8dc799c 100644 --- a/src/nvim/ex_docmd.c +++ b/src/nvim/ex_docmd.c @@ -4141,7 +4141,11 @@ static linenr_T get_address(exarg_T *eap, char_u **ptr, cmd_addr_T addr_type, in if (!ascii_isdigit(*cmd)) { // '+' is '+1', but '+0' is not '+1' n = 1; } else { - n = getdigits(&cmd, true, 0); + n = getdigits(&cmd, false, MAXLNUM); + if (n == MAXLNUM) { + emsg(_(e_line_number_out_of_range)); + goto error; + } } if (addr_type == ADDR_TABS_RELATIVE) { @@ -4160,6 +4164,10 @@ static linenr_T get_address(exarg_T *eap, char_u **ptr, cmd_addr_T addr_type, in if (i == '-') { lnum -= n; } else { + if (n >= LONG_MAX - lnum) { + emsg(_(e_line_number_out_of_range)); + goto error; + } lnum += n; } } diff --git a/src/nvim/globals.h b/src/nvim/globals.h index 98a38c5fe2..5aa564623f 100644 --- a/src/nvim/globals.h +++ b/src/nvim/globals.h @@ -1002,6 +1002,8 @@ EXTERN char e_cannot_define_autocommands_for_all_events[] INIT(= N_("E1155: Cann EXTERN char e_resulting_text_too_long[] INIT(= N_("E1240: Resulting text too long")); +EXTERN char e_line_number_out_of_range[] INIT(= N_("E1247: Line number out of range")); + EXTERN char e_highlight_group_name_too_long[] INIT(= N_("E1249: Highlight group name too long")); EXTERN char top_bot_msg[] INIT(= N_("search hit TOP, continuing at BOTTOM")); diff --git a/src/nvim/normal.c b/src/nvim/normal.c index 21c465434a..7fe6469527 100644 --- a/src/nvim/normal.c +++ b/src/nvim/normal.c @@ -824,15 +824,12 @@ static bool normal_get_command_count(NormalState *s) if (s->c == K_DEL || s->c == K_KDEL) { s->ca.count0 /= 10; del_from_showcmd(4); // delete the digit and ~@% + } else if (s->ca.count0 > 99999999L) { + s->ca.count0 = 999999999L; } else { s->ca.count0 = s->ca.count0 * 10 + (s->c - '0'); } - if (s->ca.count0 < 0) { - // overflow - s->ca.count0 = 999999999L; - } - // Set v:count here, when called from main() and not a stuffed // command, so that v:count can be used in an expression mapping // right after the count. Do set it for redo. @@ -1046,14 +1043,14 @@ static int normal_execute(VimState *state, int key) // If you give a count before AND after the operator, they are // multiplied. if (s->ca.count0) { - s->ca.count0 = (long)((uint64_t)s->ca.count0 * (uint64_t)s->ca.opcount); + if (s->ca.opcount >= 999999999L / s->ca.count0) { + s->ca.count0 = 999999999L; + } else { + s->ca.count0 *= s->ca.opcount; + } } else { s->ca.count0 = s->ca.opcount; } - if (s->ca.count0 < 0) { - // overflow - s->ca.count0 = 999999999L; - } } // Always remember the count. It will be set to zero (on the next call, diff --git a/src/nvim/testdir/test_excmd.vim b/src/nvim/testdir/test_excmd.vim index bbf8b4dfc8..8055a51a11 100644 --- a/src/nvim/testdir/test_excmd.vim +++ b/src/nvim/testdir/test_excmd.vim @@ -409,4 +409,18 @@ func Test_not_break_expression_register() call assert_equal('1+1', getreg('=', 1)) endfunc +func Test_address_line_overflow() + throw 'Skipped: v:sizeoflong is N/A' " use legacy/excmd_spec.lua instead + + if v:sizeoflong < 8 + throw 'Skipped: only works with 64 bit long ints' + endif + new + call setline(1, 'text') + call assert_fails('|.44444444444444444444444', 'E1247:') + call assert_fails('|.9223372036854775806', 'E1247:') + bwipe! +endfunc + + " vim: shiftwidth=2 sts=2 expandtab diff --git a/src/nvim/testdir/test_normal.vim b/src/nvim/testdir/test_normal.vim index 5b7cf6fee5..e8eebb3fdd 100644 --- a/src/nvim/testdir/test_normal.vim +++ b/src/nvim/testdir/test_normal.vim @@ -2779,4 +2779,25 @@ func Test_normal_gj_on_extra_wide_char() bw! endfunc +func Test_normal_count_out_of_range() + new + call setline(1, 'text') + normal 44444444444| + call assert_equal(999999999, v:count) + normal 444444444444| + call assert_equal(999999999, v:count) + normal 4444444444444| + call assert_equal(999999999, v:count) + normal 4444444444444444444| + call assert_equal(999999999, v:count) + + normal 9y99999999| + call assert_equal(899999991, v:count) + normal 10y99999999| + call assert_equal(999999999, v:count) + normal 44444444444y44444444444| + call assert_equal(999999999, v:count) + bwipe! +endfunc + " vim: shiftwidth=2 sts=2 expandtab diff --git a/src/nvim/testdir/test_put.vim b/src/nvim/testdir/test_put.vim index 9f2fc999a7..65232175c6 100644 --- a/src/nvim/testdir/test_put.vim +++ b/src/nvim/testdir/test_put.vim @@ -154,8 +154,8 @@ func Test_very_large_count_64bit() endif new - let @" = 'x' - call assert_fails('norm 44444444444444p', 'E1240:') + let @" = repeat('x', 100) + call assert_fails('norm 999999999p', 'E1240:') bwipe! endfunc @@ -176,9 +176,9 @@ func Test_very_large_count_block_64bit() endif new - call setline(1, 'x') - exe "norm \<C-V>y" - call assert_fails('norm 44444444444444p', 'E1240:') + call setline(1, repeat('x', 100)) + exe "norm \<C-V>$y" + call assert_fails('norm 999999999p', 'E1240:') bwipe! endfunc |