diff options
author | Christian Brabandt <cb@256bit.org> | 2023-11-14 21:58:26 +0100 |
---|---|---|
committer | Christian Brabandt <cb@256bit.org> | 2023-11-16 22:04:38 +0100 |
commit | 73b2d3790cad5694fc0ed0db2926e4220c48d968 (patch) | |
tree | cb4526fbeb18d3ba71e57ea82c57d5d931534b5e /src/misc1.c | |
parent | 060623e4a3bc72b011e7cd92bedb3bfb64e06200 (diff) |
patch 9.0.2111: [security]: overflow in get_numberv9.0.2111
Problem: [security]: overflow in get_number
Solution: Return 0 when the count gets too large
[security]: overflow in get_number
When using the z= command, we may overflow the count with values larger
than MAX_INT. So verify that we do not overflow and in case when an
overflow is detected, simply return 0
Signed-off-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'src/misc1.c')
-rw-r--r-- | src/misc1.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/misc1.c b/src/misc1.c index 5b008c614a..5f9828ebe9 100644 --- a/src/misc1.c +++ b/src/misc1.c @@ -975,6 +975,8 @@ get_number( c = safe_vgetc(); if (VIM_ISDIGIT(c)) { + if (n > INT_MAX / 10) + return 0; n = n * 10 + c - '0'; msg_putchar(c); ++typed; |