From d86c816f8cae993dd21ab6ce932eb36a3e965dcb Mon Sep 17 00:00:00 2001
From: Jan Edmund Lazo <jan.lazo@mail.utoronto.ca>
Date: Sun, 17 Mar 2019 17:08:01 -0400
Subject: [PATCH] vim-patch:8.1.0048: vim_str2nr() on numbers close to max
 #9744

Problem:    vim_str2nr() does not handle numbers close to the maximum.
Solution:   Check for overflow more precisely. (Ken Takata, closes vim/vim#2746)
https://github.com/vim/vim/commit/07ccf7ce7fb948fd4d080b817e9fbaea9e721dab
---
 src/nvim/charset.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/nvim/charset.c b/src/nvim/charset.c
index ddff93d83b..b155b3861f 100644
--- a/src/nvim/charset.c
+++ b/src/nvim/charset.c
@@ -1777,9 +1777,12 @@ void vim_str2nr(const char_u *const start, int *const prep, int *const len,
 #define PARSE_NUMBER(base, cond, conv) \
   do { \
     while (!STRING_ENDED(ptr) && (cond)) { \
+      const uvarnumber_T digit = (uvarnumber_T)(conv); \
       /* avoid ubsan error for overflow */ \
-      if (un < UVARNUMBER_MAX / base) { \
-        un = base * un + (uvarnumber_T)(conv); \
+      if (un < UVARNUMBER_MAX / base \
+          || (un == UVARNUMBER_MAX / base \
+              && (base != 10 || digit <= UVARNUMBER_MAX % 10))) { \
+        un = base * un + digit; \
       } else { \
         un = UVARNUMBER_MAX; \
       } \