From 2a6c5bb0c4b03a9da81dae64d37c9912e448eaf0 Mon Sep 17 00:00:00 2001
From: Florian Larysch <fl@n621.de>
Date: Sat, 8 Oct 2016 17:55:55 +0200
Subject: modeline: Handle version number overflow. #5450

Closes #5449

A file containing the string "vim" followed by a very large number in a modeline
location will trigger an overflow in getdigits() which is called by
chk_modeline() when trying to parse the version number.

Add getdigits_safe(), which does not assert overflows, but reports them to the
caller.
---
 test/functional/eval/modeline_spec.lua | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 test/functional/eval/modeline_spec.lua

(limited to 'test/functional/eval/modeline_spec.lua')

diff --git a/test/functional/eval/modeline_spec.lua b/test/functional/eval/modeline_spec.lua
new file mode 100644
index 0000000000..0be7210a76
--- /dev/null
+++ b/test/functional/eval/modeline_spec.lua
@@ -0,0 +1,19 @@
+local helpers = require('test.functional.helpers')(after_each)
+local clear, execute, write_file = helpers.clear, helpers.execute, helpers.write_file
+local eq, eval = helpers.eq, helpers.eval
+
+describe("modeline", function()
+  local tempfile = helpers.tmpname()
+  before_each(clear)
+
+  after_each(function()
+    os.remove(tempfile)
+  end)
+
+  it('does not crash with a large version number', function()
+    write_file(tempfile, 'vim100000000000000000000000')
+    execute('e! ' .. tempfile)
+
+    eq(2, eval('1+1'))  -- Still alive?
+  end)
+end)
-- 
cgit