patch 8.1.0968: crash when using search pattern \%Ufffffc23
Problem: Crash when using search pattern \%Ufffffc23.
Solution: Limit character to INT_MAX. (closes #4009)
diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c
index 333c006..ba75834 100644
--- a/src/regexp_nfa.c
+++ b/src/regexp_nfa.c
@@ -1475,7 +1475,7 @@
default: nr = -1; break;
}
- if (nr < 0)
+ if (nr < 0 || nr > INT_MAX)
EMSG2_RET_FAIL(
_("E678: Invalid character after %s%%[dxouU]"),
reg_magic == MAGIC_ALL);
diff --git a/src/testdir/test_search.vim b/src/testdir/test_search.vim
index 972144a..4ff2aca 100644
--- a/src/testdir/test_search.vim
+++ b/src/testdir/test_search.vim
@@ -1211,3 +1211,12 @@
call assert_equal(bufcontent[1], @/)
call Incsearch_cleanup()
endfunc
+
+func Test_large_hex_chars()
+ " This used to cause a crash, the character becomes an NFA state.
+ try
+ /\%Ufffffc23
+ catch
+ call assert_match('E678:', v:exception)
+ endtry
+endfunc
diff --git a/src/version.c b/src/version.c
index 825c5e5..13f54e3 100644
--- a/src/version.c
+++ b/src/version.c
@@ -780,6 +780,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 968,
+/**/
967,
/**/
966,