From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 11 Jan 2022 19:34:16 +0000 (+0000)
Subject: patch 8.2.4065: computation overflow with large cound for :yank
X-Git-Tag: v8.2.4065
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3cf21b305104e91a28e4ce3a473672b2e88a9469;p=thirdparty%2Fvim.git

patch 8.2.4065: computation overflow with large cound for :yank

Problem:    Computation overflow with large cound for :yank.
Solution:   Avoid an overflow.
---

diff --git a/src/ex_docmd.c b/src/ex_docmd.c
index 71343590d0..f16f6009fd 100644
--- a/src/ex_docmd.c
+++ b/src/ex_docmd.c
@@ -2374,7 +2374,10 @@ do_one_cmd(
 	else
 	{
 	    ea.line1 = ea.line2;
-	    ea.line2 += n - 1;
+	    if (ea.line2 >= LONG_MAX - (n - 1))
+	        ea.line2 = LONG_MAX;  // avoid overflow
+	    else
+		ea.line2 += n - 1;
 	    ++ea.addr_count;
 	    /*
 	     * Be vi compatible: no error message for out of range.
diff --git a/src/testdir/test_excmd.vim b/src/testdir/test_excmd.vim
index 6f648dd4e5..731e9aa94f 100644
--- a/src/testdir/test_excmd.vim
+++ b/src/testdir/test_excmd.vim
@@ -704,9 +704,14 @@ func Test_address_line_overflow()
     throw 'Skipped: only works with 64 bit long ints'
   endif
   new
-  call setline(1, 'text')
+  call setline(1, range(100))
   call assert_fails('|.44444444444444444444444', 'E1247:')
   call assert_fails('|.9223372036854775806', 'E1247:')
+
+  $
+  yank 77777777777777777777
+  call assert_equal("99\n", @")
+
   bwipe!
 endfunc
 
diff --git a/src/version.c b/src/version.c
index 5f28da33d9..e329775342 100644
--- a/src/version.c
+++ b/src/version.c
@@ -750,6 +750,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    4065,
 /**/
     4064,
 /**/