patch 8.1.0968: crash when using search pattern \%Ufffffc23

Problem:    Crash when using search pattern \%Ufffffc23.
Solution:   Limit character to INT_MAX. (closes #4009)

diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c
index 333c006f4842a7c1b605bbde4ee5ae38c7279981..ba75834fc57fd827070bba7b9ece72b4c6a13e7d 100644 (file)
--- a/src/regexp_nfa.c
+++ b/src/regexp_nfa.c
@@ -1475,7 +1475,7 @@ nfa_regatom(void)
                            default:  nr = -1; break;
                        }
 
-                       if (nr < 0)
+                       if (nr < 0 || nr > INT_MAX)
                            EMSG2_RET_FAIL(
                               _("E678: Invalid character after %s%%[dxouU]"),
                                    reg_magic == MAGIC_ALL);

diff --git a/src/testdir/test_search.vim b/src/testdir/test_search.vim
index 972144aca16ed8c994577a7289ac85a77a846a7e..4ff2aca5ace403c6025df8660a3934cd9f024fd1 100644 (file)
--- a/src/testdir/test_search.vim
+++ b/src/testdir/test_search.vim
@@ -1211,3 +1211,12 @@ func Test_search_Ctrl_L_combining()
   call assert_equal(bufcontent[1], @/)
   call Incsearch_cleanup()
 endfunc
+
+func Test_large_hex_chars()
+  " This used to cause a crash, the character becomes an NFA state.
+  try
+    /\%Ufffffc23
+  catch
+    call assert_match('E678:', v:exception)
+  endtry
+endfunc

diff --git a/src/version.c b/src/version.c
index 825c5e54be975d5b904fdc01caefa0b95d5ca13b..13f54e343d1bef811a12b041265283350ee26f3b 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -779,6 +779,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    968,
 /**/
     967,
 /**/