To: vim_dev@googlegroups.com Subject: Patch 8.0.1470 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.0.1470 Problem: Integer overflow when using regexp pattern. (geeknik) Solution: Use a long instead of int. (Christian Brabandt, closes #2251) Files: src/regexp_nfa.c *** ../vim-8.0.1469/src/regexp_nfa.c 2017-12-16 19:59:30.559719124 +0100 --- src/regexp_nfa.c 2018-02-04 18:18:13.441465027 +0100 *************** *** 1600,1606 **** default: { ! int n = 0; int cmp = c; if (c == '<' || c == '>') --- 1600,1606 ---- default: { ! long n = 0; int cmp = c; if (c == '<' || c == '>') *************** *** 1628,1634 **** /* \%{n}v \%{n}v */ EMIT(cmp == '<' ? NFA_VCOL_LT : cmp == '>' ? NFA_VCOL_GT : NFA_VCOL); ! EMIT(n); break; } else if (c == '\'' && n == 0) --- 1628,1641 ---- /* \%{n}v \%{n}v */ EMIT(cmp == '<' ? NFA_VCOL_LT : cmp == '>' ? NFA_VCOL_GT : NFA_VCOL); ! #if VIM_SIZEOF_INT < VIM_SIZEOF_LONG ! if (n > INT_MAX) ! { ! EMSG(_("E951: \\% value too large")); ! return FAIL; ! } ! #endif ! EMIT((int)n); break; } else if (c == '\'' && n == 0) *************** *** 3970,3976 **** #ifdef FEAT_RELTIME static proftime_T *nfa_time_limit; static int *nfa_timed_out; ! static int nfa_time_count; #endif static void copy_pim(nfa_pim_T *to, nfa_pim_T *from); --- 3977,3983 ---- #ifdef FEAT_RELTIME static proftime_T *nfa_time_limit; static int *nfa_timed_out; ! static int nfa_time_count; #endif static void copy_pim(nfa_pim_T *to, nfa_pim_T *from); *************** *** 4068,4077 **** if (REG_MULTI) { if (from->list.multi[0].end_lnum >= 0) ! { to->list.multi[0].end_lnum = from->list.multi[0].end_lnum; to->list.multi[0].end_col = from->list.multi[0].end_col; ! } } else { --- 4075,4084 ---- if (REG_MULTI) { if (from->list.multi[0].end_lnum >= 0) ! { to->list.multi[0].end_lnum = from->list.multi[0].end_lnum; to->list.multi[0].end_col = from->list.multi[0].end_col; ! } } else { *************** *** 5124,5132 **** } if (state->c == NFA_START_INVISIBLE_BEFORE ! || state->c == NFA_START_INVISIBLE_BEFORE_FIRST ! || state->c == NFA_START_INVISIBLE_BEFORE_NEG ! || state->c == NFA_START_INVISIBLE_BEFORE_NEG_FIRST) { /* The recursive match must end at the current position. When "pim" is * not NULL it specifies the current position. */ --- 5131,5139 ---- } if (state->c == NFA_START_INVISIBLE_BEFORE ! || state->c == NFA_START_INVISIBLE_BEFORE_FIRST ! || state->c == NFA_START_INVISIBLE_BEFORE_NEG ! || state->c == NFA_START_INVISIBLE_BEFORE_NEG_FIRST) { /* The recursive match must end at the current position. When "pim" is * not NULL it specifies the current position. */ *************** *** 6302,6308 **** } } else if (state->c < 0 ? check_char_class(state->c, curc) ! : (curc == state->c || (rex.reg_ic && MB_TOLOWER(curc) == MB_TOLOWER(state->c)))) { --- 6309,6315 ---- } } else if (state->c < 0 ? check_char_class(state->c, curc) ! : (curc == state->c || (rex.reg_ic && MB_TOLOWER(curc) == MB_TOLOWER(state->c)))) { *************** *** 6863,6869 **** && (REG_MULTI ? (reglnum < nfa_endp->se_u.pos.lnum || (reglnum == nfa_endp->se_u.pos.lnum ! && (int)(reginput - regline) < nfa_endp->se_u.pos.col)) : reginput < nfa_endp->se_u.ptr)))) { --- 6870,6876 ---- && (REG_MULTI ? (reglnum < nfa_endp->se_u.pos.lnum || (reglnum == nfa_endp->se_u.pos.lnum ! && (int)(reginput - regline) < nfa_endp->se_u.pos.col)) : reginput < nfa_endp->se_u.ptr)))) { *** ../vim-8.0.1469/src/version.c 2018-02-04 17:47:37.933909684 +0100 --- src/version.c 2018-02-04 18:21:47.716032550 +0100 *************** *** 773,774 **** --- 773,776 ---- { /* Add new patch number below this line */ + /**/ + 1470, /**/ -- You were lucky to have a LAKE! There were a hundred and sixty of us living in a small shoebox in the middle of the road. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///