IntenseFinance/neovim
3
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-02-25 18:55:25 -06:00
Code Issues Packages Projects Releases Wiki Activity

Checks for overflow when parsing string to int

Browse Source
This commit is contained in:
Gabriel 2019-05-22 16:59:49 -03:00 committed by Jan Edmund Lazo
parent 43f4e5d5be
commit 33ce6a7f62
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/nvim/regexp_nfa.c
View File

@ -1499,6 +1499,10 @@ static int nfa_regatom(void)
if (c == '<' || c == '>') if (c == '<' || c == '>')
c = getchr(); c = getchr();
while (ascii_isdigit(c)) { while (ascii_isdigit(c)) {
if (n > (INT_MAX - (c - '0')) / 10) {
EMSG(_("E951: \\% value too large"));
return FAIL;
}
n = n * 10 + (c - '0'); n = n * 10 + (c - '0');
c = getchr(); c = getchr();
} }

9
test/functional/eval/match_functions_spec.lua
View File

@ -156,3 +156,12 @@ describe('matchaddpos()', function()
]], {[1] = {foreground = Screen.colors.Red}, [2] = {bold = true, foreground = Screen.colors.Blue1}}) ]], {[1] = {foreground = Screen.colors.Red}, [2] = {bold = true, foreground = Screen.colors.Blue1}})
end) end)
end) end)
describe('nfa_regatom() column search', function()
it('fails when column value is greater than a 64-bit integer value', function()
expect_err("Vim:E951: \\%% value too large", command, "/\\v%18446744071562067968c")
end)
it('fails when column value is greater than a 32-bit integer value', function()
expect_err("Vim:E951: \\%% value too large", command, "/\\v%2147483648c")
end)
end)