patch 9.0.2114: overflow detection not accurate when adding digits

Problem: overflow detection not accurate when adding digits Solution: Use a helper function Use a helper function to better detect overflows before adding integer digits to a long or an integer variable respectively. Signal the overflow to the caller function. closes: #13539 Signed-off-by: Christian Brabandt <cb@256bit.org> Signed-off-by: Michael Henry <vim@drmikehenry.com> Signed-off-by: Ernie Rael <errael@raelity.com>
vim · Nov 19, 2023 · 22cbc8a · 22cbc8a
1 parent 22a97fc
commit 22cbc8a
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 4 deletions.
diff --git a/src/misc1.c b/src/misc1.c
@@ -975,9 +975,8 @@ get_number(
 	c = safe_vgetc();
 	if (VIM_ISDIGIT(c))
 	{
-	    if (n > INT_MAX / 10)
+	    if (vim_append_digit_int(&n, c - '0') == FAIL)
 		return 0;
-	    n = n * 10 + c - '0';
 	    msg_putchar(c);
 	    ++typed;
 	}
@@ -2817,3 +2816,25 @@ may_trigger_modechanged(void)
     restore_v_event(v_event, &save_v_event);
 #endif
 }
+
+// For overflow detection, add a digit safely to an int value.
+    int
+vim_append_digit_int(int *value, int digit)
+{
+    int x = *value;
+    if (x > ((INT_MAX - digit) / 10))
+	return FAIL;
+    *value = x * 10 + digit;
+    return OK;
+}
+
+// For overflow detection, add a digit safely to a long value.
+    int
+vim_append_digit_long(long *value, int digit)
+{
+    long x = *value;
+    if (x > ((LONG_MAX - (long)digit) / 10))
+	return FAIL;
+    *value = x * 10 + (long)digit;
+    return OK;
+}
diff --git a/src/normal.c b/src/normal.c
@@ -2563,12 +2563,11 @@ nv_z_get_count(cmdarg_T *cap, int *nchar_arg)
 	    n /= 10;
 	else if (VIM_ISDIGIT(nchar))
 	{
-	    if (n > LONG_MAX / 10)
+	    if (vim_append_digit_long(&n, nchar - '0') == FAIL)
 	    {
 		clearopbeep(cap->oap);
 		break;
 	    }
-	    n = n * 10 + (nchar - '0');
 	}
 	else if (nchar == CAR)
 	{

diff --git a/src/proto/misc1.pro b/src/proto/misc1.pro
@@ -53,4 +53,6 @@ int path_with_url(char_u *fname);
 dict_T *get_v_event(save_v_event_T *sve);
 void restore_v_event(dict_T *v_event, save_v_event_T *sve);
 void may_trigger_modechanged(void);
+int vim_append_digit_int(int *value, int digit);
+int vim_append_digit_long(long *value, int digit);
 /* vim: set ft=c : */
diff --git a/src/version.c b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    2114,
 /**/
     2113,
 /**/