From 88c0486aff282e8fe387c605b9df1ffc08460190 Mon Sep 17 00:00:00 2001
From: Mark Nudelman <markn@greenwoodsoftware.com>
Date: Fri, 31 Dec 2021 18:22:52 -0800
Subject: [PATCH] Protect against int overflow in cmd_int. Fix compiler const
 warning.

---
 cmdbuf.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/cmdbuf.c b/cmdbuf.c
index 460b90a6..4ec0c33b 100644
--- a/cmdbuf.c
+++ b/cmdbuf.c
@@ -1354,7 +1354,10 @@ cmd_int(frac)
 	int err;
 
 	for (p = cmdbuf;  *p >= '0' && *p <= '9';  p++)
-		n = (n * 10) + (*p - '0');
+	{
+		int digit = *p - '0';
+		n = (n > (INT_MAX-digit) / 10) ? INT_MAX : (n * 10) + digit;
+	}
 	*frac = 0;
 	if (*p++ == '.')
 	{
@@ -1557,7 +1560,7 @@ addhist_init(uparam, ml, string)
 	if (ml != NULL)
 		cmd_addhist(ml, string, 0);
 	else if (string != NULL)
-		restore_mark(string);
+		restore_mark((char*)string); /* stupid const cast */
 }
 #endif /* CMD_HISTORY */