patch 8.2.0892: ubsan warns for undefined behavior

author Bram Moolenaar <Bram@vim.org>

Wed, 3 Jun 2020 16:55:38 +0000 (18:55 +0200)

committer Bram Moolenaar <Bram@vim.org>

Wed, 3 Jun 2020 16:55:38 +0000 (18:55 +0200)
author Bram Moolenaar <Bram@vim.org>
Wed, 3 Jun 2020 16:55:38 +0000 (18:55 +0200)
committer Bram Moolenaar <Bram@vim.org>
Wed, 3 Jun 2020 16:55:38 +0000 (18:55 +0200)
diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c

index 26a8f356b17e606c8b4cd613b9ca69c5c4a00c23..465797dd3e9da284ca4c446f49aae3b9698ba878 100644 (file)
--- a/src/regexp_nfa.c
+++ b/src/regexp_nfa.c
@@ -246,6 +246,7 @@ static int nfa_classcodes[] = {
  static char_u e_nul_found[] = N_("E865: (NFA) Regexp end encountered prematurely");
  static char_u e_misplaced[] = N_("E866: (NFA regexp) Misplaced %c");
  static char_u e_ill_char_class[] = N_("E877: (NFA regexp) Invalid character class: %d");
+static char_u e_value_too_large[] = N_("E951: \\% value too large");
  
  // Variables only used in nfa_regcomp() and descendants.
  static int nfa_re_flags; // re_flags passed to nfa_regcomp()
@@ -1541,19 +1542,27 @@ nfa_regatom(void)
  
                 default:
                     {
-                       long    n = 0;
+                       long_u  n = 0;
                         int     cmp = c;
  
                         if (c == '<' || c == '>')
                             c = getchr();
                         while (VIM_ISDIGIT(c))
                         {
-                           n = n * 10 + (c - '0');
+                           long_u tmp = n * 10 + (c - '0');
+
+                           if (tmp < n)
+                           {
+                               // overflow.
+                               emsg(_(e_value_too_large));
+                               return FAIL;
+                           }
+                           n = tmp;
                             c = getchr();
                         }
                         if (c == 'l' || c == 'c' || c == 'v')
                         {
-                           int limit = INT_MAX;
+                           long_u limit = INT_MAX;
  
                             if (c == 'l')
                             {
@@ -1576,7 +1585,7 @@ nfa_regatom(void)
                             }
                             if (n >= limit)
                             {
-                               emsg(_("E951: \\% value too large"));
+                               emsg(_(e_value_too_large));
                                 return FAIL;
                             }
                             EMIT((int)n);
diff --git a/src/version.c b/src/version.c

index b0fd4b3de8e55bf99ee6dce3f20d35923f19c03e..a241fa0a2a938a9b22fca0b407531fa5e746694b 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -746,6 +746,8 @@ static char *(features[]) =
  
  static int included_patches[] =
  {   /* Add new patch number below this line */
+/**/
+    892,
  /**/
      891,
  /**/
author	Bram Moolenaar <Bram@vim.org>
	Wed, 3 Jun 2020 16:55:38 +0000 (18:55 +0200)
committer	Bram Moolenaar <Bram@vim.org>
	Wed, 3 Jun 2020 16:55:38 +0000 (18:55 +0200)
src/regexp_nfa.c		patch \| blob \| blame \| history
src/version.c		patch \| blob \| blame \| history