From 096923e99067ba81d1f8f6bc5927920a1f5cceee Mon Sep 17 00:00:00 2001 From: zeertzjq Date: Wed, 27 Apr 2022 12:37:34 +0800 Subject: [PATCH] vim-patch:8.2.3595: check for signed overflow might not work everywhere Problem: Check for signed overflow might not work everywhere. Solution: Limit to 32 bit int. (closes vim/vim#9043, closes vim/vim#9067) https://github.com/vim/vim/commit/0d5a12ea041c112b06b1aafde38846ae4cff8f4c --- src/nvim/getchar.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/nvim/getchar.c b/src/nvim/getchar.c index 31cc1ed861..42044f6378 100644 --- a/src/nvim/getchar.c +++ b/src/nvim/getchar.c @@ -872,10 +872,8 @@ void init_default_mappings(void) int ins_typebuf(char_u *str, int noremap, int offset, bool nottyped, bool silent) { char_u *s1, *s2; - int newlen; int addlen; int i; - int newoff; int val; int nrm; @@ -901,13 +899,15 @@ int ins_typebuf(char_u *str, int noremap, int offset, bool nottyped, bool silent // In typebuf.tb_buf there must always be room for 3 * (MAXMAPLEN + 4) // characters. We add some extra room to avoid having to allocate too // often. - newoff = MAXMAPLEN + 4; - newlen = typebuf.tb_len + addlen + newoff + 4 * (MAXMAPLEN + 4); - if (newlen < 0) { // string is getting too long + int newoff = MAXMAPLEN + 4; + int extra = addlen + newoff + 4 * (MAXMAPLEN + 4); + if (typebuf.tb_len > 2147483674 - extra) { + // string is getting too long for 32 bit int emsg(_(e_toocompl)); // also calls flush_buffers setcursor(); return FAIL; } + int newlen = typebuf.tb_len + extra; s1 = xmalloc((size_t)newlen); s2 = xmalloc((size_t)newlen); typebuf.tb_buflen = newlen;