diff options
author | Christian Brabandt <cb@256bit.org> | 2023-11-14 21:33:29 +0100 |
---|---|---|
committer | Christian Brabandt <cb@256bit.org> | 2023-11-16 22:04:38 +0100 |
commit | 060623e4a3bc72b011e7cd92bedb3bfb64e06200 (patch) | |
tree | 10d957de477543bcf11d3973dabc0a62f1981520 /src/ex_docmd.c | |
parent | 58f9befca1fa172068effad7f2ea5a9d6a7b0cca (diff) |
patch 9.0.2110: [security]: overflow in ex address parsingv9.0.2110
Problem: [security]: overflow in ex address parsing
Solution: Verify that lnum is positive, before substracting from
LONG_MAX
[security]: overflow in ex address parsing
When parsing relative ex addresses one may unintentionally cause an
overflow (because LONG_MAX - lnum will overflow for negative addresses).
So verify that lnum is actually positive before doing the overflow
check.
Signed-off-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'src/ex_docmd.c')
-rw-r--r-- | src/ex_docmd.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/ex_docmd.c b/src/ex_docmd.c index 06837ac92c..01d411a632 100644 --- a/src/ex_docmd.c +++ b/src/ex_docmd.c @@ -4644,7 +4644,7 @@ get_address( lnum -= n; else { - if (n >= LONG_MAX - lnum) + if (lnum >= 0 && n >= LONG_MAX - lnum) { emsg(_(e_line_number_out_of_range)); goto error; |