-2011-04-29 Eli Zaretskii <eliz@gnu.org>
+2011-04-21 Eli Zaretskii <eliz@gnu.org>
+
+ Lift the MOST_POSITIVE_FIXNUM/4 limitation on visited files.
+ * fileio.c (Finsert_file_contents): Don't limit file size to 1/4
+ of MOST_POSITIVE_FIXNUM. (Bug#8528)
+
+ * coding.c (coding_alloc_by_realloc): Error out if destination
+ will grow beyond MOST_POSITIVE_FIXNUM.
+ (decode_coding_emacs_mule): Abort if there isn't enough place in
+ charbuf for the composition carryover bytes. Reserve an extra
+ space for up to 2 characters produced in a loop.
+ (decode_coding_iso_2022): Abort if there isn't enough place in
+ charbuf for the composition carryover bytes.
+
+2011-04-21 Eli Zaretskii <eliz@gnu.org>
* doprnt.c (doprnt) [!HAVE_LONG_LONG_INT]: Error out instead of
aborting when %lld or %lll format is passed.
static void
coding_alloc_by_realloc (struct coding_system *coding, EMACS_INT bytes)
{
+ if (coding->dst_bytes >= MOST_POSITIVE_FIXNUM - bytes)
+ error ("Maximum size of buffer or string exceeded");
coding->destination = (unsigned char *) xrealloc (coding->destination,
coding->dst_bytes + bytes);
coding->dst_bytes += bytes;
/* We may produce two annotations (charset and composition) in one
loop and one more charset annotation at the end. */
int *charbuf_end
- = coding->charbuf + coding->charbuf_size - (MAX_ANNOTATION_LENGTH * 3);
+ = coding->charbuf + coding->charbuf_size - (MAX_ANNOTATION_LENGTH * 3)
+ /* We can produce up to 2 characters in a loop. */
+ - 1;
EMACS_INT consumed_chars = 0, consumed_chars_base;
int multibytep = coding->src_multibyte;
EMACS_INT char_offset = coding->produced_char;
{
int i;
+ if (charbuf_end - charbuf < cmp_status->length)
+ abort ();
for (i = 0; i < cmp_status->length; i++)
*charbuf++ = cmp_status->carryover[i];
coding->annotated = 1;
if (cmp_status->state != COMPOSING_NO)
{
+ if (charbuf_end - charbuf < cmp_status->length)
+ abort ();
for (i = 0; i < cmp_status->length; i++)
*charbuf++ = cmp_status->carryover[i];
coding->annotated = 1;
record_unwind_protect (close_file_unwind, make_number (fd));
- /* Arithmetic overflow can occur if an Emacs integer cannot represent the
- file size, or if the calculations below overflow. The calculations below
- double the file size twice, so check that it can be multiplied by 4
- safely.
-
- Also check whether the size is negative, which can happen on a platform
- that allows file sizes greater than the maximum off_t value. */
+ /* Check whether the size is too large or negative, which can happen on a
+ platform that allows file sizes greater than the maximum off_t value. */
if (! not_regular
- && ! (0 <= st.st_size && st.st_size <= MOST_POSITIVE_FIXNUM / 4))
+ && ! (0 <= st.st_size && st.st_size <= MOST_POSITIVE_FIXNUM))
error ("Maximum buffer size exceeded");
/* Prevent redisplay optimizations. */
projects / emacs.git / commitdiff