patch 9.0.2111: [security]: overflow in get_number Problem: [security]: overflow in get_number Solution: Return 0 when the count gets too large [security]: overflow in get_number When using the z= command, we may overflow the count with values larger than MAX_INT. So verify that we do not overflow and in case when an overflow is detected, simply return 0 Signed-off-by: Christian Brabandt <cb@256bit.org>

commit: 73b2d3790cad5694fc0ed0db2926e4220c48d968 [log] [tgz]
author: Christian Brabandt <cb@256bit.org> Tue Nov 14 21:58:26 2023 +0100
committer: Christian Brabandt <cb@256bit.org> Thu Nov 16 22:04:38 2023 +0100
tree: cb4526fbeb18d3ba71e57ea82c57d5d931534b5e
parent: 060623e4a3bc72b011e7cd92bedb3bfb64e06200 [diff] [blame]
diff --git a/src/misc1.c b/src/misc1.c
index 5b008c6..5f9828e 100644
--- a/src/misc1.c
+++ b/src/misc1.c

@@ -975,6 +975,8 @@
 	c = safe_vgetc();
 	if (VIM_ISDIGIT(c))
 	{
+	    if (n > INT_MAX / 10)
+		return 0;
 	    n = n * 10 + c - '0';
 	    msg_putchar(c);
 	    ++typed;
commit	73b2d3790cad5694fc0ed0db2926e4220c48d968	[log] [tgz]
author	Christian Brabandt <cb@256bit.org>	Tue Nov 14 21:58:26 2023 +0100
committer	Christian Brabandt <cb@256bit.org>	Thu Nov 16 22:04:38 2023 +0100
tree	cb4526fbeb18d3ba71e57ea82c57d5d931534b5e
parent	060623e4a3bc72b011e7cd92bedb3bfb64e06200 [diff] [blame]