patch 8.2.3595: check for signed overflow might not work everywhere Problem: Check for signed overflow might not work everywhere. Solution: Limit to 32 bit int. (closes #9043, closes #9067)

commit: 0d5a12ea041c112b06b1aafde38846ae4cff8f4c [log] [tgz]
author: Bram Moolenaar <Bram@vim.org> Sun Nov 14 14:05:18 2021 +0000
committer: Bram Moolenaar <Bram@vim.org> Sun Nov 14 14:05:18 2021 +0000
tree: dfc55d3a4574280cef85e78e13404641ec514148
parent: 786e05beb5bf4a50cffacd0968f1409aa6af3c6b [diff] [blame]
diff --git a/src/getchar.c b/src/getchar.c
index f2f3885..a6644d8 100644
--- a/src/getchar.c
+++ b/src/getchar.c

@@ -1001,6 +1001,8 @@
     }
     else
     {
+	int extra;
+
 	/*
 	 * Need to allocate a new buffer.
 	 * In typebuf.tb_buf there must always be room for 3 * (MAXMAPLEN + 4)
@@ -1008,13 +1010,15 @@
 	 * often.
 	 */
 	newoff = MAXMAPLEN + 4;
-	newlen = typebuf.tb_len + addlen + newoff + 4 * (MAXMAPLEN + 4);
-	if (newlen < 0)		    // string is getting too long
+	extra = addlen + newoff + 4 * (MAXMAPLEN + 4);
+	if (typebuf.tb_len > 2147483647 - extra)
 	{
+	    // string is getting too long for a 32 bit int
 	    emsg(_(e_toocompl));    // also calls flush_buffers
 	    setcursor();
 	    return FAIL;
 	}
+	newlen = typebuf.tb_len + extra;
 	s1 = alloc(newlen);
 	if (s1 == NULL)		    // out of memory
 	    return FAIL;
commit	0d5a12ea041c112b06b1aafde38846ae4cff8f4c	[log] [tgz]
author	Bram Moolenaar <Bram@vim.org>	Sun Nov 14 14:05:18 2021 +0000
committer	Bram Moolenaar <Bram@vim.org>	Sun Nov 14 14:05:18 2021 +0000
tree	dfc55d3a4574280cef85e78e13404641ec514148
parent	786e05beb5bf4a50cffacd0968f1409aa6af3c6b [diff] [blame]