From 33ce6a7f62c5203ca0f6903327c2e3e5ec54344c Mon Sep 17 00:00:00 2001
From: Gabriel <gabfeol@gmail.com>
Date: Wed, 22 May 2019 16:59:49 -0300
Subject: Checks for overflow when parsing string to int

---
 src/nvim/regexp_nfa.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src')

diff --git a/src/nvim/regexp_nfa.c b/src/nvim/regexp_nfa.c
index ab189c0c03..abbb5a3867 100644
--- a/src/nvim/regexp_nfa.c
+++ b/src/nvim/regexp_nfa.c
@@ -1499,6 +1499,10 @@ static int nfa_regatom(void)
       if (c == '<' || c == '>')
         c = getchr();
       while (ascii_isdigit(c)) {
+        if (n > (INT_MAX - (c - '0')) / 10) {
+          EMSG(_("E951: \\% value too large"));
+          return FAIL;
+        }
         n = n * 10 + (c - '0');
         c = getchr();
       }
-- 
cgit