Problem: Theoretical computation overflow.
Solution: Perform multiplication in a wider type. (closes #9657)
if (n < gap->ga_len / 2)
n = gap->ga_len / 2;
- new_len = gap->ga_itemsize * (gap->ga_len + n);
+ new_len = (size_t)gap->ga_itemsize * (gap->ga_len + n);
pp = vim_realloc(gap->ga_data, new_len);
if (pp == NULL)
return FAIL;
- old_len = gap->ga_itemsize * gap->ga_maxlen;
+ old_len = (size_t)gap->ga_itemsize * gap->ga_maxlen;
vim_memset(pp + old_len, 0, new_len - old_len);
gap->ga_maxlen = gap->ga_len + n;
gap->ga_data = pp;
if (((wp->w_p_cuc
&& (int)wp->w_virtcol >= VCOL_HLC - eol_hl_off
&& (int)wp->w_virtcol <
- wp->w_width * (row - startrow + 1) + v
+ (long)wp->w_width * (row - startrow + 1) + v
&& lnum != wp->w_cursor.lnum)
|| draw_color_col
|| win_attr != 0)
// Don't make it bigger though.
if (exestack.ga_len + n < exestack.ga_maxlen)
{
- new_len = exestack.ga_itemsize * (exestack.ga_len + n);
+ new_len = (size_t)exestack.ga_itemsize * (exestack.ga_len + n);
pp = vim_realloc(exestack.ga_data, new_len);
if (pp == NULL)
return FAIL;
if ((l->lv_u.nonmat.lv_stride > 0) ^ domax)
n = l->lv_u.nonmat.lv_start;
else
- n = l->lv_u.nonmat.lv_start + (l->lv_len - 1)
+ n = l->lv_u.nonmat.lv_start + ((varnumber_T)l->lv_len - 1)
* l->lv_u.nonmat.lv_stride;
}
else
while ((pos = (char_u *)strstr((char *)pos + 2, "$*")) != NULL)
++i;
len = (int)STRLEN(p);
- new_cmdline = alloc(STRLEN(program) + i * (len - 2) + 1);
+ new_cmdline = alloc(STRLEN(program) + (size_t)i * (len - 2) + 1);
if (new_cmdline == NULL)
return NULL; // out of memory
ptr = new_cmdline;
// derive the bbox from that point. We have the expected cpl chars
// across the media and lpp lines down the media.
bbox[1] = (int)(top - (psettings->lines_per_page + prt_header_height())
- * prt_line_height);
- bbox[2] = (int)(left + psettings->chars_per_line * prt_char_width
- + 0.5);
+ * (double)prt_line_height);
+ bbox[2] = (int)(left + psettings->chars_per_line
+ * (double)prt_char_width + 0.5);
bbox[3] = (int)(top + 0.5);
}
else
bbox[1] = (int)bottom;
bbox[2] = (int)(left + ((psettings->lines_per_page
+ prt_header_height()) * prt_line_height) + 0.5);
- bbox[3] = (int)(bottom + psettings->chars_per_line * prt_char_width
- + 0.5);
+ bbox[3] = (int)(bottom + psettings->chars_per_line
+ * (double)prt_char_width + 0.5);
}
prt_dsc_ints("BoundingBox", 4, bbox);
// The media width and height does not change with landscape printing!
if (prt_out_mbyte)
{
prt_dsc_font_resource((prt_use_courier ? NULL
- : "DocumentNeededResources"), &prt_ps_mb_font);
+ : "DocumentNeededResources"), &prt_ps_mb_font);
if (!prt_custom_cmap)
prt_dsc_resources(NULL, "cmap", prt_cmap);
}
if (l->lv_first == &range_list_item)
{
varnumber_T new_start = l->lv_u.nonmat.lv_start
- + (l->lv_len - 1) * l->lv_u.nonmat.lv_stride;
+ + ((varnumber_T)l->lv_len - 1) * l->lv_u.nonmat.lv_stride;
l->lv_u.nonmat.lv_end = new_start
- (l->lv_u.nonmat.lv_end - l->lv_u.nonmat.lv_start);
l->lv_u.nonmat.lv_start = new_start;
// free entries in used list
for (hp = mfp->mf_used_first; hp != NULL; hp = nextp)
{
- total_mem_used -= hp->bh_page_count * mfp->mf_page_size;
+ total_mem_used -= (long_u)hp->bh_page_count * mfp->mf_page_size;
nextp = hp->bh_next;
mf_free_bhdr(hp);
}
}
else if (hp == NULL) // need to allocate memory for this block
{
- if ((p = alloc(mfp->mf_page_size * page_count)) == NULL)
+ if ((p = alloc((size_t)mfp->mf_page_size * page_count)) == NULL)
return NULL;
hp = mf_rem_free(mfp);
hp->bh_data = p;
else
hp->bh_next->bh_prev = hp;
mfp->mf_used_count += hp->bh_page_count;
- total_mem_used += hp->bh_page_count * mfp->mf_page_size;
+ total_mem_used += (long_u)hp->bh_page_count * mfp->mf_page_size;
}
/*
else
hp->bh_prev->bh_next = hp->bh_next;
mfp->mf_used_count -= hp->bh_page_count;
- total_mem_used -= hp->bh_page_count * mfp->mf_page_size;
+ total_mem_used -= (long_u)hp->bh_page_count * mfp->mf_page_size;
}
/*
if (hp->bh_page_count != page_count)
{
vim_free(hp->bh_data);
- if ((hp->bh_data = alloc(mfp->mf_page_size * page_count)) == NULL)
+ if ((hp->bh_data = alloc((size_t)mfp->mf_page_size * page_count))
+ == NULL)
{
vim_free(hp);
return NULL;
if ((hp = ALLOC_ONE(bhdr_T)) != NULL)
{
- if ((hp->bh_data = alloc(mfp->mf_page_size * page_count)) == NULL)
+ if ((hp->bh_data = alloc((size_t)mfp->mf_page_size * page_count))
+ == NULL)
{
vim_free(hp); // not enough memory
return NULL;
&& lnum >= curline + buf->b_ml.ml_chunksize[curix].mlcs_numlines)
|| (offset != 0
&& offset > size + buf->b_ml.ml_chunksize[curix].mlcs_totalsize
- + ffdos * buf->b_ml.ml_chunksize[curix].mlcs_numlines)))
+ + (long)ffdos * buf->b_ml.ml_chunksize[curix].mlcs_numlines)))
{
curline += buf->b_ml.ml_chunksize[curix].mlcs_numlines;
size += buf->b_ml.ml_chunksize[curix].mlcs_totalsize;
return; // cache is still valid
vim_free(wp->w_popup_mask_cells);
- wp->w_popup_mask_cells = alloc_clear(width * height);
+ wp->w_popup_mask_cells = alloc_clear((size_t)width * height);
if (wp->w_popup_mask_cells == NULL)
return;
cells = wp->w_popup_mask_cells;
mask = popup_mask;
else
mask = popup_mask_next;
- vim_memset(mask, 0, screen_Rows * screen_Columns * sizeof(short));
+ vim_memset(mask, 0, (size_t)screen_Rows * screen_Columns * sizeof(short));
// Find the window with the lowest zindex that hasn't been handled yet,
// so that the window with a higher zindex overwrites the value in
linenr_T linecount = wp->w_buffer->b_ml.ml_line_count;
int height = wp->w_height;
- sb_thumb_height = (height * height + linecount / 2) / linecount;
+ sb_thumb_height = ((linenr_T)height * height + linecount / 2)
+ / linecount;
if (wp->w_topline > 1 && sb_thumb_height == height)
--sb_thumb_height; // scrolled, no full thumb
if (sb_thumb_height == 0)
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 4255,
/**/
4254,
/**/
projects / vim / commitdiff