vim/backport-crash-when-pasting-too-many-times.patch

From eeed1c7ae090c17f4df51cf97b2a9e4d8b4f4dc7 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sun, 10 Oct 2021 12:35:17 +0100
Subject: [PATCH] patch 8.2.3492: crash when pasting too many times

Problem:    Crash when pasting too many times.
Solution:   Limit the size to what fits in an int. (closes #8962)

---
 src/globals.h            |  1 +
 src/register.c           | 11 +++++++++--
 src/testdir/test_put.vim |  8 ++++++++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/globals.h b/src/globals.h
index fee8c7f..7be3bfd 100644
--- a/src/globals.h
+++ b/src/globals.h
@@ -1659,6 +1659,7 @@ EXTERN char e_menuothermode[]	INIT(= N_("E328: Menu only exists in another mode"
 #endif
 EXTERN char e_invalwindow[]	INIT(= N_("E957: Invalid window number"));
 EXTERN char e_listarg[]		INIT(= N_("E686: Argument of %s must be a List"));
+EXTERN char e_resulting_text_too_long[]		INIT(= N_("E1240: Resulting text too long"));
 
 #ifdef FEAT_GUI_MAC
 EXTERN short disallow_gui	INIT(= FALSE);
diff --git a/src/register.c b/src/register.c
index 24e4b99..bab27fe 100644
--- a/src/register.c
+++ b/src/register.c
@@ -1908,8 +1908,15 @@ do_put(
 	    }
 
 	    do {
-		totlen = count * yanklen;
-		if (totlen > 0)
+		long multlen = count * yanklen;
+
+		totlen = multlen;
+		if (totlen != multlen)
+		{
+		    emsg(_(e_resulting_text_too_long));
+		    break;
+		}
+		else if (totlen > 0)
 		{
 		    oldp = ml_get(lnum);
 		    if (VIsual_active && col > (int)STRLEN(oldp))
diff --git a/src/testdir/test_put.vim b/src/testdir/test_put.vim
index f5037dc..42bb7e6 100644
--- a/src/testdir/test_put.vim
+++ b/src/testdir/test_put.vim
@@ -122,3 +122,11 @@ func Test_put_above_first_line()
   call assert_equal('text', getline(1))
   bwipe!
 endfunc
+
+func Test_very_larg_count()
+  new
+  let @" = 'x'
+  call assert_fails('norm 44444444444444p', 'E1240:')
+  bwipe!
+endfunc
+
-- 
2.27.0