From 274f5f9d53baea8a253700af1471a732cb2d9b45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Thu, 17 Aug 2023 17:03:34 +0200 Subject: [PATCH] core: fix integer overflow when setting integer option with `++N` or `--N` --- ChangeLog.adoc | 1 + src/core/wee-config-file.c | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/ChangeLog.adoc b/ChangeLog.adoc index 722c2f620..127f3706b 100644 --- a/ChangeLog.adoc +++ b/ChangeLog.adoc @@ -34,6 +34,7 @@ New features:: Bug fixes:: + * core: fix integer overflow when setting integer option with `++N` or `--N` * core: fix cursor position after `/plugin list -i` or `/plugin list -il` * core: display focus hashtable for debug even if no key is matching * fset: remove extra spaces between min and max values when second format is used diff --git a/src/core/wee-config-file.c b/src/core/wee-config-file.c index f34901320..e5cb1ceb2 100644 --- a/src/core/wee-config-file.c +++ b/src/core/wee-config-file.c @@ -1491,22 +1491,22 @@ config_file_option_set (struct t_config_option *option, const char *value, { error = NULL; number = strtol (value + 2, &error, 10); - if (error && !error[0]) + if (error && !error[0] + && (long)old_value + number <= (long)(option->max)) { value_int = old_value + number; - if (value_int <= option->max) - new_value_ok = 1; + new_value_ok = 1; } } else if (strncmp (value, "--", 2) == 0) { error = NULL; number = strtol (value + 2, &error, 10); - if (error && !error[0]) + if (error && !error[0] + && (long)old_value - number >= (long)(option->min)) { value_int = old_value - number; - if (value_int >= option->min) - new_value_ok = 1; + new_value_ok = 1; } } else