From 5ed303c22b52ac1edc438b6e2edc44df1684974d Mon Sep 17 00:00:00 2001
From: Jan Edmund Lazo <janedmundlazo@hotmail.com>
Date: Fri, 10 Aug 2018 10:25:02 -0400
Subject: vim-patch:8.0.1470: integer overflow when using regexp pattern

Problem:    Integer overflow when using regexp pattern. (geeknik)
Solution:   Use a long instead of int. (Christian Brabandt, closes vim/vim#2251)
https://github.com/vim/vim/commit/2c7b906afb86b986476cfc959732e433b1b4a3b1
---
 src/nvim/regexp_nfa.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/nvim/regexp_nfa.c b/src/nvim/regexp_nfa.c
index ac811ec8f4..c5d46fcbbf 100644
--- a/src/nvim/regexp_nfa.c
+++ b/src/nvim/regexp_nfa.c
@@ -1485,7 +1485,7 @@ static int nfa_regatom(void)
 
     default:
     {
-      int n = 0;
+      long n = 0;
       int cmp = c;
 
       if (c == '<' || c == '>')
@@ -1511,7 +1511,13 @@ static int nfa_regatom(void)
           EMIT(cmp == '<' ? NFA_VCOL_LT :
                cmp == '>' ? NFA_VCOL_GT : NFA_VCOL);
         }
-        EMIT(n);
+#if SIZEOF_INT < SIZEOF_LONG
+        if (n > INT_MAX) {
+          EMSG(_("E951: \\% value too large"));
+          return FAIL;
+        }
+#endif
+        EMIT((int)n);
         break;
       } else if (c == '\'' && n == 0) {
         /* \%'m  \%<'m  \%>'m  */
-- 
cgit