patch 9.0.2110: [security]: overflow in ex address parsingv9.0.2110

Problem: [security]: overflow in ex address parsing Solution: Verify that lnum is positive, before substracting from LONG_MAX [security]: overflow in ex address parsing When parsing relative ex addresses one may unintentionally cause an overflow (because LONG_MAX - lnum will overflow for negative addresses). So verify that lnum is actually positive before doing the overflow check. Signed-off-by: Christian Brabandt <cb@256bit.org>
author: Christian Brabandt <cb@256bit.org> 2023-11-14 21:33:29 +0100
committer: Christian Brabandt <cb@256bit.org> 2023-11-16 22:04:38 +0100
commit: 060623e4a3bc72b011e7cd92bedb3bfb64e06200 (patch)
tree: 10d957de477543bcf11d3973dabc0a62f1981520 /src/ex_docmd.c
parent: 58f9befca1fa172068effad7f2ea5a9d6a7b0cca (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/ex_docmd.c b/src/ex_docmd.c
index 06837ac92c..01d411a632 100644
--- a/src/ex_docmd.c
+++ b/src/ex_docmd.c
@@ -4644,7 +4644,7 @@ get_address(
 		    lnum -= n;
 		else
 		{
-		    if (n >= LONG_MAX - lnum)
+		    if (lnum >= 0 && n >= LONG_MAX - lnum)
 		    {
 			emsg(_(e_line_number_out_of_range));
 			goto error;
author	Christian Brabandt <cb@256bit.org>	2023-11-14 21:33:29 +0100
committer	Christian Brabandt <cb@256bit.org>	2023-11-16 22:04:38 +0100
commit	060623e4a3bc72b011e7cd92bedb3bfb64e06200 (patch)
tree	10d957de477543bcf11d3973dabc0a62f1981520 /src/ex_docmd.c
parent	58f9befca1fa172068effad7f2ea5a9d6a7b0cca (diff)