To: vim_dev@googlegroups.com Subject: Patch 8.0.0879 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.0.0879 Problem: Crash when shifting with huge number. Solution: Check for overflow. (Dominique Pelle, closes #1945) Files: src/ops.c, src/testdir/test_visual.vim *** ../vim-8.0.0878/src/ops.c 2017-07-16 20:54:29.642786500 +0200 --- src/ops.c 2017-08-06 15:38:05.742282133 +0200 *************** *** 396,402 **** return; /* total is number of screen columns to be inserted/removed */ ! total = amount * p_sw; oldp = ml_get_curline(); if (!left) --- 396,405 ---- return; /* total is number of screen columns to be inserted/removed */ ! total = (int)((unsigned)amount * (unsigned)p_sw); ! if ((total / p_sw) != amount) ! return; /* multiplication overflow */ ! oldp = ml_get_curline(); if (!left) *** ../vim-8.0.0878/src/testdir/test_visual.vim 2017-03-08 22:55:14.918181192 +0100 --- src/testdir/test_visual.vim 2017-08-06 15:35:27.235431913 +0200 *************** *** 18,23 **** --- 18,31 ---- q! endfunc + func Test_block_shift_overflow() + " This used to cause a multiplication overflow followed by a crash. + new + normal ii + exe "normal \876543210>" + q! + endfunc + func Test_dotregister_paste() new exe "norm! ihello world\" *** ../vim-8.0.0878/src/version.c 2017-08-06 15:22:10.305211941 +0200 --- src/version.c 2017-08-06 15:39:18.213756419 +0200 *************** *** 771,772 **** --- 771,774 ---- { /* Add new patch number below this line */ + /**/ + 879, /**/ -- Save the plankton - eat a whale. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///