3 files changed, 23 insertions, 1 deletions

diff --git a/src/testdir/test_viminfo.vim b/src/testdir/test_viminfo.vim
index ff79265f8e..b3a8b91cb1 100644
--- a/src/testdir/test_viminfo.vim
+++ b/src/testdir/test_viminfo.vim
@@ -1371,4 +1371,24 @@ func Test_viminfo_len_one()
   let &viminfofile = _viminfofile
 endfunc
 
+func Test_viminfo_len_overflow()
+  let _viminfofile = &viminfofile
+  let &viminfofile=''
+  let viminfo_file = tempname()
+  defer delete(viminfo_file)
+
+  " Craft a viminfo entry with size_t length overflow
+  call writefile(['# Viminfo',
+        \ '|1,4', '|2,>4294967311',
+        \ '|<"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA',
+        \ '|<BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB',
+        \ '|<CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC',
+        \ '|<DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'], viminfo_file, 'b')
+
+  " Should not crash or cause memory errors
+  exe 'rviminfo! ' .. viminfo_file
+
+  let &viminfofile = _viminfofile
+endfunc
+
 " vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index 075253bfd7..009c332761 100644
--- a/src/version.c
+++ b/src/version.c
@@ -735,6 +735,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    278,
+/**/
     277,
 /**/
     276,
diff --git a/src/viminfo.c b/src/viminfo.c
index 9b60ec5945..8b6aa3e70a 100644
--- a/src/viminfo.c
+++ b/src/viminfo.c
@@ -1054,7 +1054,7 @@ barline_parse(vir_T *virp, char_u *text, garray_T *values)
 		// Length includes the quotes.
 		++p;
 		len = getdigits(&p);
-		buf = alloc((int)(len + 1));
+		buf = alloc(len + 1);
 		if (buf == NULL)
 		    return TRUE;
 		p = buf;