patch 9.0.2110: [security]: overflow in ex address parsing Problem: [security]: overflow in ex address parsing Solution: Verify that lnum is positive, before substracting from LONG_MAX [security]: overflow in ex address parsing When parsing relative ex addresses one may unintentionally cause an overflow (because LONG_MAX - lnum will overflow for negative addresses). So verify that lnum is actually positive before doing the overflow check. Signed-off-by: Christian Brabandt <cb@256bit.org>

commit: 060623e4a3bc72b011e7cd92bedb3bfb64e06200 [log] [tgz]
author: Christian Brabandt <cb@256bit.org> Tue Nov 14 21:33:29 2023 +0100
committer: Christian Brabandt <cb@256bit.org> Thu Nov 16 22:04:38 2023 +0100
tree: 10d957de477543bcf11d3973dabc0a62f1981520
parent: 58f9befca1fa172068effad7f2ea5a9d6a7b0cca [diff]
diff --git a/src/testdir/test_excmd.vim b/src/testdir/test_excmd.vim
index 3637351..47fc267 100644
--- a/src/testdir/test_excmd.vim
+++ b/src/testdir/test_excmd.vim

@@ -724,5 +724,9 @@
   bwipe!
 endfunc
 
+" catch address lines overflow
+func Test_ex_address_range_overflow()
+  call assert_fails(':--+foobar', 'E492:')
+endfunc
 
 " vim: shiftwidth=2 sts=2 expandtab
commit	060623e4a3bc72b011e7cd92bedb3bfb64e06200	[log] [tgz]
author	Christian Brabandt <cb@256bit.org>	Tue Nov 14 21:33:29 2023 +0100
committer	Christian Brabandt <cb@256bit.org>	Thu Nov 16 22:04:38 2023 +0100
tree	10d957de477543bcf11d3973dabc0a62f1981520
parent	58f9befca1fa172068effad7f2ea5a9d6a7b0cca [diff]