]> git.eshelyaron.com Git - emacs.git/commitdiff
projects / emacs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 437b2cb)
* lread.c (read1): Check for size overflow.
authorPaul Eggert <eggert@cs.ucla.edu>
Thu, 23 Jun 2011 05:41:40 +0000 (22:41 -0700)
committerPaul Eggert <eggert@cs.ucla.edu>
Thu, 23 Jun 2011 05:41:40 +0000 (22:41 -0700)
src/ChangeLog patch | blob | history
src/lread.c patch | blob | history

diff --git a/src/ChangeLog b/src/ChangeLog
index 6cf45e5d2aa4b57cf4225f7a8c4cc3a47cb63035..1e9cf82d1accce22cd8fd0ac86d4c42fe2edd026 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -13,6 +13,7 @@
        (substitute_object_recurse, read_vector, read_list, map_obarray):
        Use ptrdiff_t, not int, for sizes.
        (read1): Use EMACS_INT, not int, for sizes.
+       Check for size overflow.
 
        * image.c (cache_image): Check for size arithmetic overflow.
 
diff --git a/src/lread.c b/src/lread.c
index 18569df554b4b353dec583826214d8b6a87373f9..06b957cf392974765704804dc6f7ca99c326c6d7 100644 (file)
--- a/src/lread.c
+++ b/src/lread.c
@@ -2869,6 +2869,8 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list)
            if (end - p < MAX_MULTIBYTE_LENGTH)
              {
                ptrdiff_t offset = p - read_buffer;
+               if (min (PTRDIFF_MAX, SIZE_MAX) / 2 < read_buffer_size)
+                 memory_full (SIZE_MAX);
                read_buffer = (char *) xrealloc (read_buffer,
                                                 read_buffer_size *= 2);
                p = read_buffer + offset;
@@ -3012,6 +3014,8 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list)
              if (end - p < MAX_MULTIBYTE_LENGTH)
                {
                  ptrdiff_t offset = p - read_buffer;
+                 if (min (PTRDIFF_MAX, SIZE_MAX) / 2 < read_buffer_size)
+                   memory_full (SIZE_MAX);
                  read_buffer = (char *) xrealloc (read_buffer,
                                                   read_buffer_size *= 2);
                  p = read_buffer + offset;
@@ -3039,6 +3043,8 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list)
          if (p == end)
            {
              ptrdiff_t offset = p - read_buffer;
+             if (min (PTRDIFF_MAX, SIZE_MAX) / 2 < read_buffer_size)
+               memory_full (SIZE_MAX);
              read_buffer = (char *) xrealloc (read_buffer,
                                               read_buffer_size *= 2);
              p = read_buffer + offset;
Unnamed repository; edit this file 'description' to name the repository.