From cdef1cefa2a440911c727558562f83ed9b00e16b Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Thu, 20 Oct 2022 14:17:18 +0100
Subject: [PATCH] patch 9.0.0804: crash when trying to divide a number by -1

Problem:    Crash when trying to divice the largest negative number by -1.
Solution:   Handle this case specifically.
---
 src/eval.c                | 8 +++++++-
 src/testdir/test_expr.vim | 6 ++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/eval.c b/src/eval.c
index 1652fcb4ae48..062fab0ac949 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -82,6 +82,12 @@ num_divide(varnumber_T n1, varnumber_T n2, int *failed)
 	else
 	    result = VARNUM_MAX;
     }
+    else if (n1 == VARNUM_MIN && n2 == -1)
+    {
+	// specific case: trying to do VARNUM_MIN / -1 results in a positive
+	// number that doesn't fit in varnumber_T and causes an FPE
+	result = VARNUM_MAX;
+    }
     else
 	result = n1 / n2;
 
@@ -5906,7 +5912,7 @@ var2fpos(
 }
 
 /*
- * Convert list in "arg" into position "psop" and optional file number "fnump".
+ * Convert list in "arg" into position "posp" and optional file number "fnump".
  * When "fnump" is NULL there is no file number, only 3 items: [lnum, col, off]
  * Note that the column is passed on as-is, the caller may want to decrement
  * it to use 1 for the first column.
diff --git a/src/testdir/test_expr.vim b/src/testdir/test_expr.vim
index b47896340f60..e1fed369b747 100644
--- a/src/testdir/test_expr.vim
+++ b/src/testdir/test_expr.vim
@@ -764,6 +764,12 @@ func Test_eval_after_if()
   call assert_equal('b', s:val)
 endfunc
 
+func Test_divide_by_zero()
+  " only tests that this doesn't crash, the result is not important
+  echo 0 / 0
+  echo 0 / 0 / -1
+endfunc
+
 " Test for command-line completion of expressions
 func Test_expr_completion()
   CheckFeature cmdline_compl