Problem: Check for signed overflow might not work everywhere.
Solution: Limit to 32 bit int. (closes #9043, closes #9067)
}
else
{
+ int extra;
+
/*
* Need to allocate a new buffer.
* In typebuf.tb_buf there must always be room for 3 * (MAXMAPLEN + 4)
* often.
*/
newoff = MAXMAPLEN + 4;
- newlen = typebuf.tb_len + addlen + newoff + 4 * (MAXMAPLEN + 4);
- if (newlen < 0) // string is getting too long
+ extra = addlen + newoff + 4 * (MAXMAPLEN + 4);
+ if (typebuf.tb_len > 2147483647 - extra)
{
+ // string is getting too long for a 32 bit int
emsg(_(e_toocompl)); // also calls flush_buffers
setcursor();
return FAIL;
}
+ newlen = typebuf.tb_len + extra;
s1 = alloc(newlen);
if (s1 == NULL) // out of memory
return FAIL;
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 3595,
/**/
3594,
/**/
projects / vim / commitdiff