2011-07-29 Paul Eggert <eggert@cs.ucla.edu>
+ * region-cache.c (move_cache_gap): Check for size calculation overflow.
+
* process.c (Fnetwork_interface_list): Check for overflow
in size calculation.
if (gap_len < min_size)
{
EMACS_INT i;
+ ptrdiff_t cache_len_max =
+ min (PTRDIFF_MAX, SIZE_MAX) / sizeof *c->boundaries;
+ ptrdiff_t min_size_max = cache_len_max - c->cache_len;
- /* Always make at least NEW_CACHE_GAP elements, as long as we're
- expanding anyway. */
- if (min_size < NEW_CACHE_GAP)
- min_size = NEW_CACHE_GAP;
+ if (min_size_max < min_size)
+ memory_full (SIZE_MAX);
+
+ /* Unless running out of space, make at least NEW_CACHE_GAP
+ elements, as long as we're expanding anyway. */
+ min_size = max (min_size, min (min_size_max, NEW_CACHE_GAP));
c->boundaries =
(struct boundary *) xrealloc (c->boundaries,
projects / emacs.git / commitdiff