From b183534c819a91b9e077c55f522db27ea7f7d910 Mon Sep 17 00:00:00 2001
From: "Justin M. Keyes" <justinkz@gmail.com>
Date: Thu, 28 Feb 2019 12:08:09 +0100
Subject: vim-patch:8.1.0968: crash when using search pattern \%Ufffffc23

Problem:    Crash when using search pattern \%Ufffffc23.
Solution:   Limit character to INT_MAX. (closes vim/vim#4009)
https://github.com/vim/vim/commit/527a2d86fb375fcc7b34e80fc47f4c7126fc12ba
---
 src/nvim/regexp_nfa.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/nvim/regexp_nfa.c b/src/nvim/regexp_nfa.c
index d34e653058..d1369e4532 100644
--- a/src/nvim/regexp_nfa.c
+++ b/src/nvim/regexp_nfa.c
@@ -1420,12 +1420,12 @@ static int nfa_regatom(void)
       default:  nr = -1; break;
       }
 
-      if (nr < 0)
-        EMSG2_RET_FAIL(
-            _("E678: Invalid character after %s%%[dxouU]"),
-            reg_magic == MAGIC_ALL);
-      /* A NUL is stored in the text as NL */
-      /* TODO: what if a composing character follows? */
+      if (nr < 0 || nr > INT_MAX) {
+        EMSG2_RET_FAIL(_("E678: Invalid character after %s%%[dxouU]"),
+                       reg_magic == MAGIC_ALL);
+      }
+      // A NUL is stored in the text as NL
+      // TODO(vim): what if a composing character follows?
       EMIT(nr == 0 ? 0x0a : nr);
     }
     break;
-- 
cgit