Checks for overflow when parsing string to int

2025-09-20 02:08:17 +00:00 · 2019-05-22 16:59:49 -03:00
parent 43f4e5d5be
commit 33ce6a7f62
2 changed files with 13 additions and 0 deletions
--- a/src/nvim/regexp_nfa.c
+++ b/src/nvim/regexp_nfa.c
@@ -1499,6 +1499,10 @@ static int nfa_regatom(void)
      if (c == '<' || c == '>')
        c = getchr();
      while (ascii_isdigit(c)) {
+        if (n > (INT_MAX - (c - '0')) / 10) {
+          EMSG(_("E951: \\% value too large"));
+          return FAIL;
+        }
        n = n * 10 + (c - '0');
        c = getchr();
      }