patch 8.2.1843: Netbeans: with huge buffer number memory allocation may fail

Problem:    Netbeans: with huge buffer number memory allocation may fail.
Solution:   Check for size overflow.

diff --git a/src/netbeans.c b/src/netbeans.c
index ad049a27da753ca75e5bd5a2b113f21a43e7cc48..ccff3a5367b3d23096f3035049e9cac35fcf2f21 100644 (file)
--- a/src/netbeans.c
+++ b/src/netbeans.c
@@ -674,11 +674,19 @@ nb_get_buf(int bufno)
     {
        if (bufno >= buf_list_size) // grow list
        {
-           nbbuf_T *t_buf_list = buf_list;
+           nbbuf_T     *t_buf_list = buf_list;
+           size_t      bufsize;
 
            incr = bufno - buf_list_size + 90;
            buf_list_size += incr;
-           buf_list = vim_realloc(buf_list, buf_list_size * sizeof(nbbuf_T));
+           bufsize = buf_list_size * sizeof(nbbuf_T);
+           if (bufsize == 0 || bufsize / sizeof(nbbuf_T)
+                                                     != (size_t)buf_list_size)
+           {
+               // list size overflow, bail out
+               return NULL;
+           }
+           buf_list = vim_realloc(buf_list, bufsize);
            if (buf_list == NULL)
            {
                vim_free(t_buf_list);

diff --git a/src/version.c b/src/version.c
index e32611178f428c21bde2defbb2c0c3d1cb791fb6..0e5c4df494f5de2b1561b9894f64edbf4e141b6a 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -750,6 +750,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1843,
 /**/
     1842,
 /**/