From b7d60c04836255a82656b29deb740df2cd9946a2 Mon Sep 17 00:00:00 2001
From: Sirisak Lueangsaksri <spywhere@me.com>
Date: Tue, 19 Jan 2021 23:37:57 +0700
Subject: opt: better handling number bounds (#13783)

---
 src/nvim/option.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/nvim/option.c b/src/nvim/option.c
index a3b1e7208d..febcfd882b 100644
--- a/src/nvim/option.c
+++ b/src/nvim/option.c
@@ -3245,10 +3245,15 @@ int check_signcolumn(char_u *val)
   // check for 'auto:<NUMBER>-<NUMBER>'
   if (STRLEN(val) == 8
       && !STRNCMP(val, "auto:", 5)
-      && ascii_isdigit(*(val + 5))
-      && *(val + 6) == '-'
-      && ascii_isdigit(*(val + 7))
+      && ascii_isdigit(val[5])
+      && val[6] == '-'
+      && ascii_isdigit(val[7])
       ) {
+    int min = val[5] - '0';
+    int max = val[7] - '0';
+    if (min < 1 || max < 2 || min > 8 || max > 9 || min >= max) {
+      return FAIL;
+    }
     return OK;
   }
 
-- 
cgit