Patch 8.2.3595

[Bram Moolenaar]

Patch 8.2.3595
Problem: Check for signed overflow might not work everywhere.
Solution: Limit to 32 bit int. (closes #9043, closes #9067)
Files: src/getchar.c


*** ../vim-8.2.3594/src/getchar.c 2021-10-09 15:39:20.459884353 +0100
--- src/getchar.c 2021-11-14 14:01:06.484907143 +0000
***************
*** 1001,1006 ****
--- 1001,1008 ----
}
else
{
+ int extra;
+
/*
* Need to allocate a new buffer.
* In typebuf.tb_buf there must always be room for 3 * (MAXMAPLEN + 4)
***************
*** 1008,1020 ****
* often.
*/
newoff = MAXMAPLEN + 4;
! newlen = typebuf.tb_len + addlen + newoff + 4 * (MAXMAPLEN + 4);
! if (newlen < 0) // string is getting too long
{
emsg(_(e_toocompl)); // also calls flush_buffers
setcursor();
return FAIL;
}
s1 = alloc(newlen);
if (s1 == NULL) // out of memory
return FAIL;
--- 1010,1024 ----
* often.
*/
newoff = MAXMAPLEN + 4;
! extra = addlen + newoff + 4 * (MAXMAPLEN + 4);
! if (typebuf.tb_len > 2147483647 - extra)
{
+ // string is getting too long for a 32 bit int
emsg(_(e_toocompl)); // also calls flush_buffers
setcursor();
return FAIL;
}
+ newlen = typebuf.tb_len + extra;
s1 = alloc(newlen);
if (s1 == NULL) // out of memory
return FAIL;
*** ../vim-8.2.3594/src/version.c 2021-11-14 13:46:01.940689807 +0000
--- src/version.c 2021-11-14 14:04:31.001046805 +0000
***************
*** 759,760 ****
--- 759,762 ----
{ /* Add new patch number below this line */
+ /**/
+ 3595,
/**/

--
MORTICIAN: Bring out your dead!
[clang]
Bring out your dead!
[clang]
Bring out your dead!
CUSTOMER: Here's one -- nine pence.
DEAD PERSON: I'm not dead!
The Quest for the Holy Grail (Monty Python)

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// \\\
\\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///