diff options
author | Bram Moolenaar <Bram@vim.org> | 2017-08-06 15:42:06 +0200 |
---|---|---|
committer | Bram Moolenaar <Bram@vim.org> | 2017-08-06 15:42:06 +0200 |
commit | bae5a17a738d1a3b5c51d9aa5d99e228d3911955 (patch) | |
tree | 8e5eade690175963af3c749a4c368acf3b346164 | |
parent | cae92dc3d5bdd4009910671328cd01394bfbe2cf (diff) |
patch 8.0.0879: crash when shifting with huge numberv8.0.0879
Problem: Crash when shifting with huge number.
Solution: Check for overflow. (Dominique Pelle, closes #1945)
-rw-r--r-- | src/ops.c | 5 | ||||
-rw-r--r-- | src/testdir/test_visual.vim | 8 | ||||
-rw-r--r-- | src/version.c | 2 |
3 files changed, 14 insertions, 1 deletions
@@ -396,7 +396,10 @@ shift_block(oparg_T *oap, int amount) return; /* total is number of screen columns to be inserted/removed */ - total = amount * p_sw; + total = (int)((unsigned)amount * (unsigned)p_sw); + if ((total / p_sw) != amount) + return; /* multiplication overflow */ + oldp = ml_get_curline(); if (!left) diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim index 371fab57a1..97b884fe0c 100644 --- a/src/testdir/test_visual.vim +++ b/src/testdir/test_visual.vim @@ -18,6 +18,14 @@ func Test_block_shift_multibyte() q! endfunc +func Test_block_shift_overflow() + " This used to cause a multiplication overflow followed by a crash. + new + normal ii + exe "normal \<C-V>876543210>" + q! +endfunc + func Test_dotregister_paste() new exe "norm! ihello world\<esc>" diff --git a/src/version.c b/src/version.c index de89ce45af..784f6c1e27 100644 --- a/src/version.c +++ b/src/version.c @@ -770,6 +770,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 879, +/**/ 878, /**/ 877, |