Commit Graph

634 Commits

Author SHA1 Message Date
zeertzjq
19fed6bde1
vim-patch:9.0.2168: Moving tabpages on :drop may cause an endless loop (#26605)
Problem:  Moving tabpages on :drop may cause an endless loop
Solution: Disallow moving tabpages on :drop when cleaning up the arglist
          first

Moving tabpages during drop command may cause an endless loop

When executing a :tab drop command, Vim will close all windows not in
the argument list. This triggers various autocommands. If a user has
created an 'au Tabenter * :tabmove -' autocommand, this can cause Vim to
end up in an endless loop, when trying to iterate over all tabs (which
would trigger the tabmove autocommand, which will change the tpnext
pointer, etc).

So instead of blocking all autocommands before we actually try to edit
the given file, lets simply disallow to move tabpages around. Otherwise,
we may change the expected number of events triggered during a :drop
command, which users may rely on (there is actually a test, that expects
various TabLeave/TabEnter autocommands) and would therefore be a
backwards incompatible change.

Don't make this an error, as this could trigger several times during the
drop command, but silently ignore the :tabmove command in this case (and
it should in fact finally trigger successfully when loading the given
file in a new tab). So let's just be quiet here instead.

fixes:  vim/vim#13676
closes: vim/vim#13686

df12e39b8b

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-12-16 21:30:08 +08:00
bfredl
7e7da962de
Merge pull request #26512 from famiu/refactor/options/type_flags
refactor(options): remove option type macros
2023-12-16 11:39:30 +01:00
zeertzjq
046efa106e
vim-patch:323dda1484d9 (#26583)
runtime(termdebug): add Tbreak command

closes: vim/vim#13656

323dda1484

Co-authored-by: iam28th <artyom28th@gmail.com>
2023-12-15 06:27:49 +08:00
Famiu Haque
3c2c022e5e
refactor(options): remove option type macros
Problem: We have `P_(BOOL|NUM|STRING)` macros to represent an option's type, which is redundant because `OptValType` can already do that. The current implementation of option type flags is also too limited to allow adding multitype options in the future.

Solution: Remove `P_(BOOL|NUM|STRING)` and replace it with a new `type_flags` attribute in `vimoption_T`. Also do some groundwork for adding multitype options in the future.

Side-effects: Attempting to set an invalid keycode option (e.g. `set t_foo=123`) no longer gives an error.
2023-12-14 16:46:42 +06:00
zeertzjq
d65c6a0baf
vim-patch:9.0.2159: screenpos() may crash with neg. column (#26542)
Problem:  screenpos() may crash with neg. column
Solution: validate and correct column

closes: vim/vim#13669

ec54af4e26
2023-12-13 06:17:50 +08:00
zeertzjq
b8e227b621
vim-patch:9.0.2154: The option[] array is not sorted (#26475)
Problem:  The options[] array is not sorted alphabetically.
Solution: Sort it alphabetically.  Add a test.  Avoid unnecessary loop
          iterations in findoption().

closes: vim/vim#13648

Cherry-pick Test_set_one_column() change from patch 8.2.0432.

f48558e10a
2023-12-09 07:18:21 +08:00
Gregory Anders
8957df4f22 test: forward $VIMRUNTIME in child nvim instances 2023-12-07 11:54:22 -08:00
zeertzjq
f22e9e10f9
vim-patch:8.2.3695: confusing error for missing key (#26420)
Problem:    Confusing error for missing key.
Solution:   Use the actualy key for the error. (closes vim/vim#9241)

5c1ec439f0

Co-authored-by: Bram Moolenaar <Bram@vim.org>
2023-12-06 16:49:40 +08:00
zeertzjq
06ff540e1c
vim-patch:9.0.2151: 'breakindent' is not drawn after diff filler lines (#26412)
Problem:  'breakindent' is not drawn after diff filler lines.
Solution: Correct check for whether 'breakindent' should be drawn.

closes: vim/vim#13624

588f20dece

Cherry-pick Test_diff_with_syntax() change from patch 9.0.1257.
2023-12-06 07:16:02 +08:00
Christian Clason
c9828200ac vim-patch:9.0.2148: Vim does not detect pacman.log file
Problem:  Vim does not detect pacman.log file
Solution: Detect pacmanlogs and add syntax highlighting

pacman.log is a filetype common to Arch Liux and related distributions.
Add some simple syntax highlighting for the pacmanlog filetype.

closes: vim/vim#13618

1e5d66408e

Co-authored-by: Ronan Pigott <ronan@rjp.ie>
2023-12-05 09:45:13 +01:00
zeertzjq
5651c1ff27
vim-patch:9.0.2145: wrong scrolling in insert mode with smoothscroll (#26375)
Problem:  Wrong scrolling in Insert mode with 'smoothscroll' at the
          bottom of the window.
Solution: Don't use set_topline() when 'smoothscroll' is set.

fixes: vim/vim#13612
closes: vim/vim#13613

5b4d1fcbf0
2023-12-04 06:42:47 +08:00
Christian Clason
988b472d90
feat(treesitter): highlight help files by default (#26347) 2023-12-03 15:58:27 +01:00
Evgeni Chasnovski
64a14026d7
feat(highlight): update default color scheme
Problem: Default color scheme is suboptimal.

Solution: Start using new color scheme. Introduce new `vim` color scheme
for opt-in backward compatibility.

------
Main design ideas
- Be "Neovim branded".
- Be minimal for 256 colors with a bit more shades for true colors.
- Be accessible through high enough contrast ratios.
- Be suitable for dark and light backgrounds via exchange of dark and
  light palettes.

------
Palettes

- Have dark and light variants. Implemented through exporeted
  `NvimDark*` and `NvimLight*` hex colors.

- Palettes have 4 shades of grey for UI elements and 6 colors (red,
  yellow, green, cyan, blue, magenta).

- Actual values are computed procedurally in Oklch color space based on
  a handful of hyperparameters.

- Each color has a 256 colors variant with perceptually closest color.

------
Highlight groups

Use:

- Grey shades for general UI according to their design.

- Bold text for keywords (`Statement` highlight group). This is an
  important choice to increase accessibility for people with color
  deficiencies, as it doesn't rely on actual color.

- Green for strings, `DiffAdd` (as background), `DiagnosticOk`, and some
  minor text UI elements.

- Cyan as main syntax color, i.e. for function usage (`Function`
  highlight group), `DiffText`, `DiagnosticInfo`, and some minor text UI
  elements.

- Red to generally mean high user attention, i.e. errors; in particular
  for `ErrorMsg`, `DiffDelete`, `DiagnosticError`.

- Yellow very sparingly only with true colors to mean mild user
  attention, i.e. warnings. That is, `DiagnosticWarn` and `WarningMsg`.

- Blue very sparingly only with true colors as `DiagnosticHint` and some
  additional important syntax group (like `Identifier`).

- Magenta very carefully (if at all).

------
Notes

- To make tests work without relatively larege updates, each one is
  prepended with an equivalent of the call `:colorscheme vim`.

  Plus some tests which spawn new Neovim instances also now use 'vim'
  color scheme.

  In some cases tests are updated to fit new default color scheme.
2023-12-02 18:53:19 +02:00
zeertzjq
9d7544ac4c vim-patch:9.0.2143: [security]: buffer-overflow in ex_substitute
Problem:  [security]: buffer-overflow in ex_substitute
Solution: clear memory after allocating

When allocating the new_start pointer in ex_substitute() the memory
pointer points to some garbage that the following for loop in
ex_cmds.c:4743 confuses and causes it to accessing the new_start pointer
beyond it's size, leading to a buffer-overlow.

So fix this by using alloc_clear() instead of alloc(), which will
clear the memory by NUL and therefore cause the loop to terminate
correctly.

Reported by @henices, thanks!

closes: vim/vim#13596

abfa13ebe9

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-12-02 10:41:31 +08:00
zeertzjq
9cc346119b vim-patch:9.0.2142: [security]: stack-buffer-overflow in option callback functions
Problem:  [security]: stack-buffer-overflow in option callback functions
Solution: pass size of errbuf down the call stack, use snprintf()
          instead of sprintf()

We pass the error buffer down to the option callback functions, but in
some parts of the code, we simply use sprintf(buf) to write into the error
buffer, which can overflow.

So let's pass down the length of the error buffer and use sprintf(buf, size)
instead.

Reported by @henices, thanks!

b39b240c38

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-12-02 10:41:31 +08:00
zeertzjq
01edcd6db8 vim-patch:9.0.2141: [security]: buffer-overflow in suggest_trie_walk
Problem:  [security]: buffer-overflow in suggest_trie_walk
Solution: Check n before using it as index into byts array

Basically, n as an index into the byts array, can point to beyond the byts
array. So let's double check, that n is within the expected range after
incrementing it from sp->ts_curi and bail out if it would be invalid.

Reported by @henices, thanks!

0fb375aae6

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-12-02 10:41:31 +08:00
zeertzjq
7402655132 vim-patch:9.0.2140: [security]: use-after-free in win-enter
Problem:  [security]: use-after-free in win-enter
Solution: validate window pointer before calling win_enter()

win_goto() may stop visual mode, if it is active. However, this may in
turn trigger the ModeChanged autocommand, which could potentially free
the wp pointer which was valid before now became stale and points to now
freed memory.

So before calling win_enter(), let's verify one more time, that the
wp pointer still points to a valid window structure.

Reported by @henices, thanks!

eec0c2b3a4

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-12-02 10:41:31 +08:00
zeertzjq
fedbf32250
vim-patch:9.0.2139: html.angular ft is problematic (#26357)
Problem:  html.angular ft is problematic
Solution: partly revert v9.0.2137

The html.angular filetype causes issues and does not trigger FileType
autocommands for the html or angular filetypes.

So let's roll back that particular change and detect this only as html
file

related: https://github.com/vim/vim/pull/13594#issuecomment-1834465890

closes: vim/vim#13604

4f3480c943

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-12-02 09:42:16 +08:00
ObserverOfTime
307d5bcc79 vim-patch:9.0.2137: Can't detect angular & mustache filetypes
Problem:  Can't detect angular & mustache filetypes
Solution: Detect *.mustache as Mustache filetype;
          detect *.component.html as html.angular filetype

closes: vim/vim#13594

7bed263c34
2023-11-30 18:40:27 +01:00
zeertzjq
640680ccce
vim-patch:9.0.2134: ml_get error when scrolling (#26264)
Problem:  ml_get error when scrolling after delete
Solution: mark topline to be validated in main_loop
          if it is larger than current buffers line
          count

reset_lnums() is called after e.g. TextChanged autocommands and it may
accidentally cause curwin->w_topline to become invalid, e.g. if the
autocommand has deleted some lines.

So verify that curwin->w_topline points to a valid line and if not, mark
the window to have w_topline recalculated in main_loop() in
update_topline() after reset_lnums() returns.

fixes: vim/vim#13568
fixes: vim/vim#13578

c4ffeddfe5

The error doesn't happen in Nvim because Nvim triggers TextChanged after
calling update_topline().

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-29 13:24:24 +08:00
zeertzjq
aa9d9cafd0
vim-patch:9.0.2135: No test for mode() when executing Ex commands (#26282)
Problem:  No test for mode() when executing Ex commands
Solution: Add some test cases and simplify several other test cases.
          Also add a few more test cases for ModeChanged.

closes: vim/vim#13588

fcaeb3d42b
2023-11-29 06:51:00 +08:00
zeertzjq
e6d38c7dac
vim-patch:9.0.2133: Cannot detect overstrike mode in Cmdline mode (#26263)
Problem:  Cannot detect overstrike mode in Cmdline mode
Solution: Make mode() return "cr" for overstrike

closes: vim/vim#13569

d1c3ef1f47
2023-11-28 11:46:20 +08:00
Christian Clason
a314703cf1
vim-patch:9.0.2131: not all nushell files detected (#26260)
Problem:  not all nushell files detected
Solution: use *.nu to detect nushell files

closes: vim/vim#13586

b9efc72c24

Co-authored-by: Daniel Buch Hansen <boogiewasthere@gmail.com>
2023-11-28 07:58:31 +08:00
Christian Clason
38e98754a5 vim-patch:9.0.2128: runtime(swig): add syntax and filetype plugins
Add syntax and filetype plugins for SWIG (Simplified Wrapper Interface
Generator) description files.

The default syntax for .i files highlights comments in a reverse
color scheme which doesn't look well.  This syntax builds
on vim's c++ syntax by adding highlighting for common swig
directives and user defined directives.  For an alternative
syntax, see vimscript vim/vim#1247 (which I found after writing this).

closes: vim/vim#13562

2e31065a65

Co-authored-by: Julien Marrec <julien.marrec@gmail.com>
Co-authored-by: Matěj Cepl <mcepl@cepl.eu>
2023-11-26 00:41:59 +01:00
James McCoy
a1ded1b113
fix(oldtest): always use a 64-bit int for swapfile block number
09d4133 changed blocknr_T from long to int64_t, so pe_bnum is now always 64-bit.  This was an incompatible change in the swapfile format for 32-bit systems, but there have been no complaints in the past 9 years so just adjust the test.
2023-11-24 15:22:00 -05:00
zeertzjq
fe94e04893
vim-patch:9.0.2126: unused assignments when checking 'listchars' (#26182)
Problem:  Unused assignments when checking the value of 'listchars'.
Solution: Loop only once when just checking the value.  Add a test to
          check that this change doesn't cause double-free.

closes: vim/vim#13559

00624a2fa0
2023-11-24 06:52:50 +08:00
zeertzjq
9510346141
vim-patch:9.0.2125: File info disappears when 'cmdheight' has decreased (#26180)
Problem:  File info disappears immediately when 'cmdheight' has just
          decreased due to switching tabpage and 'shortmess' doesn't
          contain 'o' or 'O'.
Solution: Make sure msg_row isn't smaller than cmdline_row.

fixes: vim/vim#13560
closes: vim/vim#13561

40ed6711bd
2023-11-24 06:13:24 +08:00
zeertzjq
8d8136bfcf vim-patch:9.0.2121: [security]: use-after-free in ex_substitute
Problem:  [security]: use-after-free in ex_substitute
Solution: always allocate memory

closes: vim/vim#13552

A recursive :substitute command could cause a heap-use-after free in Vim
(CVE-2023-48706).

The whole reproducible test is a bit tricky, I can only reproduce this
reliably when no previous substitution command has been used yet
(which is the reason, the test needs to run as first one in the
test_substitute.vim file) and as a combination of the `:~` command
together with a :s command that contains the special substitution atom `~\=`
which will make use of a sub-replace special atom and calls a vim script
function.

There was a comment in the existing :s code, that already makes the
`sub` variable allocate memory so that a recursive :s call won't be able
to cause any issues here, so this was known as a potential problem
already.  But for the current test-case that one does not work, because
the substitution does not start with `\=` but with `~\=` (and since
there does not yet exist a previous substitution atom, Vim will simply
increment the `sub` pointer (which then was not allocated dynamically)
and later one happily use a sub-replace special expression (which could
then free the `sub` var).

The following commit fixes this, by making the sub var always using
allocated memory, which also means we need to free the pointer whenever
we leave the function. Since sub is now always an allocated variable,
we also do no longer need the sub_copy variable anymore, since this one
was used to indicated when sub pointed to allocated memory (and had
therefore to be freed on exit) and when not.

Github Security Advisory:
https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q

26c11c5688

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-23 16:17:37 +08:00
luukvbaal
d667e0e414
vim-patch:9.0.2116: No test for defining sign without attribute (#26115)
Problem:  No test for defining sign without attribute
Solution: Add test for defining sign without attributes

closes: vim/vim#13544

e670d17342
2023-11-20 10:25:14 +08:00
bfredl
df87266b23
Merge pull request #25724 from luukvbaal/signmerge
refactor(sign): move legacy signs to extmarks
2023-11-18 15:04:14 +01:00
Luuk van Baal
c4afb9788c refactor(sign): move legacy signs to extmarks
Problem:  The legacy signlist data structures and associated functions are
          redundant since the introduction of extmark signs.
Solution: Store signs defined through the legacy commands in a hashmap, placed
          signs in the extmark tree. Replace signlist associated functions.

Usage of the legacy sign commands should yield no change in behavior with the
exception of:
  - "orphaned signs" are now always removed when the line it is placed on is
    deleted. This used to depend on the value of 'signcolumn'.
  - It is no longer possible to place multiple signs with the same identifier
    in a single group on multiple lines. This will now move the sign instead.

Moreover, both signs placed through the legacy sign commands and through
|nvim_buf_set_extmark()|:
  - Will show up in both |sign-place| and |nvim_buf_get_extmarks()|.
  - Are displayed by increasing sign identifier, left to right.
    Extmark signs used to be ordered decreasingly as opposed to legacy signs.
2023-11-17 15:10:15 +01:00
zeertzjq
790bd4d585 vim-patch:9.0.2106: [security]: Use-after-free in win_close()
Problem:  [security]: Use-after-free in win_close()
Solution: Check window is valid, before accessing it

If the current window structure is no longer valid (because a previous
autocommand has already freed this window), fail and return before
attempting to set win->w_closing variable.

Add a test to trigger ASAN in CI

25aabc2b8e

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:59:22 +08:00
zeertzjq
d49be1cd28 vim-patch:9.0.2010: [security] use-after-free from buf_contents_changed()
Problem:  [security] use-after-free from buf_contents_changed()
Solution: block autocommands

41e6f7d6ba

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:59:22 +08:00
zeertzjq
b6200fbdf2 vim-patch:9.0.1992: [security] segfault in exmode
Problem:  segfault in exmode when redrawing
Solution: skip gui_scroll when exmode_active

20d161ace3

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:59:22 +08:00
zeertzjq
3ab0e296c6 vim-patch:9.0.1969: [security] buffer-overflow in trunc_string()
Problem:  buffer-overflow in trunc_string()
Solution: Add NULL at end of buffer

Currently trunc_string() assumes that when the string is too long,
buf[e-1] will always be writeable. But that assumption may not always be
true. The condition currently looks like this

    else if (e + 3 < buflen)
    [...]
    else
    {
	// can't fit in the "...", just truncate it
	buf[e - 1] = NUL;
    }

but this means, we may run into the last else clause with e still being
larger than buflen. So a buffer overflow occurs.

So instead of using `buf[e - 1]`, let's just always
truncate at `buf[buflen - 1]` which should always be writable.

3bd7fa12e1

vim-patch:9.0.2004: Missing test file

Problem:  Missing test file
Solution: git-add the file to the repo

closes: vim/vim#13305

d4afbdd071

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:59:16 +08:00
zeertzjq
5a67878e86 vim-patch:9.0.1882: Trailing white space in tests
Problem:  Trailing white space in tests
Solution: Delete it

This causes test_codestyle to fail, so we need to remove it again.
Hopefully that makes the CI green again.

Note: I will start using annotated tags from now on.

da200c2f78

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:54:03 +08:00
zeertzjq
7f62775d5d vim-patch:9.0.1881: Test_crash fails on Mac
Problem:  Test_crash fails on Mac
Solution: Skip test on Mac

5856b07795

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:54:03 +08:00
zeertzjq
b5b6e6fb49 vim-patch:9.0.1878: tests running sh have problems
Problem:  tests running sh have problems
Solution: Check that dash is installed

closes: vim/vim#13040

1690ec64ff

Co-authored-by: Philip H <47042125+pheiduck@users.noreply.github.com>
Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:54:03 +08:00
zeertzjq
eae10de14e vim-patch:9.0.1873: [security] heap-buffer-overflow in vim_regsub_both
Problem:  heap-buffer-overflow in vim_regsub_both
Solution: Disallow exchanging windows when textlock is active

f6d28fe2c9

Cherry-pick test_crash.vim change from patch 9.0.1876.

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:54:03 +08:00
zeertzjq
6867d2492c vim-patch:9.0.1872: CI: test_crash() fails on CI
Problem:  CI: test_crash() fails on CI
Solution: Skip test on BSD

d2a08ba0fa

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:54:03 +08:00
zeertzjq
0b0df9f5d7 vim-patch:9.0.1868: test_crash still fails for circle ci
Problem:  test_crash still fails for circle ci
Solution: give even more time to complete

59adcb4c20

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:54:03 +08:00
zeertzjq
1274380029 vim-patch:9.0.1864: still crash with bt_quickfix1_poc
Problem:  crash with bt_quickfix1_poc when cleaning up
          and EXITFREE is defined
Solution: Test if buffer is valid in a window, else close
          window directly, don't try to access buffer properties

While at it, increase the crash timeout slightly, so that CI has a
chance to finish processing the test_crash() test.

623ba31821

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:54:03 +08:00
zeertzjq
2371b9303d vim-patch:9.0.1860: CI: test_crash1() is flaky
Problem:  CI: test_crash1() is flaky
Solution: Wait a bit longer

f44cbe96fa

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:54:03 +08:00
zeertzjq
bbb363f4bc vim-patch:partial:9.0.1859: heap-use-after-free in bt_normal()
Problem:  heap-use-after-free in bt_normal()
Solution: check that buffer is still valid

6e60cf444a

Test change only.

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:54:03 +08:00
zeertzjq
8dc72789cf vim-patch:9.0.1858: [security] heap use after free in ins_compl_get_exp()
Problem:  heap use after free in ins_compl_get_exp()
Solution: validate buffer before accessing it

ee9166eb3b

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:54:03 +08:00
zeertzjq
a589156b4d vim-patch:9.0.1857: [security] heap-use-after-free in is_qf_win()
Problem:  heap-use-after-free in is_qf_win()
Solution: Check buffer is valid before accessing it

fc68299d43

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:54:03 +08:00
zeertzjq
748198f5bf vim-patch:9.0.1854: test_crash1() fails on CI
Problem:  test_crash1() fails on CI
Solution: don't run Screendump test, verify that it doesn't crash
          by running it through a shell command line, testing
          the exit value and concatenating success cmd using '&&'

db510ca805

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 09:54:03 +08:00
zeertzjq
6952b1951b
vim-patch:9.0.2107: [security]: FPE in adjust_plines_for_skipcol (#26082)
Problem:  [security]: FPE in adjust_plines_for_skipcol
Solution: don't divide by zero, return zero

Prevent a floating point exception when calculating w_skipcol (which can
happen with a small window when the number option is set and cpo+=n).

Add a test to verify

cb0b99f067

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 08:40:02 +08:00
zeertzjq
9d39ad6318 vim-patch:9.0.2111: [security]: overflow in get_number
Problem:  [security]: overflow in get_number
Solution: Return 0 when the count gets too large

[security]: overflow in get_number

When using the z= command, we may overflow the count with values larger
than MAX_INT. So verify that we do not overflow and in case when an
overflow is detected, simply return 0

73b2d3790c

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 07:19:14 +08:00
zeertzjq
809b05bf27 vim-patch:9.0.2110: [security]: overflow in ex address parsing
Problem:  [security]: overflow in ex address parsing
Solution: Verify that lnum is positive, before substracting from
          LONG_MAX

[security]: overflow in ex address parsing

When parsing relative ex addresses one may unintentionally cause an
overflow (because LONG_MAX - lnum will overflow for negative addresses).

So verify that lnum is actually positive before doing the overflow
check.

060623e4a3

Co-authored-by: Christian Brabandt <cb@256bit.org>
2023-11-17 07:16:04 +08:00