vim-patch:9.0.2108: [security]: overflow with count for :s command

Problem: [security]: overflow with count for :s command Solution: Abort the :s command if the count is too large If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Adds a test with INT_MAX as count and verify it correctly fails. It seems the return value on Windows using mingw compiler wraps around, so the initial test using :s/./b/9999999999999999999999999990 doesn't fail there, since the count is wrapping around several times and finally is no longer larger than 2147483647. So let's just use 2147483647 in the test, which hopefully will always cause a failure ac63787734 Co-authored-by: Christian Brabandt <cb@256bit.org>
2025-09-30 06:58:35 +00:00 · 2023-11-17 06:41:03 +08:00
parent 354b57b01f
commit a4c111ae69
6 changed files with 15 additions and 8 deletions
--- a/src/nvim/cmdhist.c
+++ b/src/nvim/cmdhist.c
@@ -30,8 +30,6 @@
 # include "cmdhist.c.generated.h"
 #endif

-static const char e_val_too_large[] = N_("E1510: Value too large: %s");
-
 static histentry_T *(history[HIST_COUNT]) = { NULL, NULL, NULL, NULL, NULL };
 static int hisidx[HIST_COUNT] = { -1, -1, -1, -1, -1 };  ///< lastused entry
 /// identifying (unique) number of newest history entry