* alloc.c (allocate_vectorlike): Check for ptrdiff_t overflow.

author Paul Eggert <eggert@cs.ucla.edu>

Wed, 8 Jun 2011 17:48:26 +0000 (10:48 -0700)

committer Paul Eggert <eggert@cs.ucla.edu>

Wed, 8 Jun 2011 17:48:26 +0000 (10:48 -0700)
author Paul Eggert <eggert@cs.ucla.edu>
Wed, 8 Jun 2011 17:48:26 +0000 (10:48 -0700)
committer Paul Eggert <eggert@cs.ucla.edu>
Wed, 8 Jun 2011 17:48:26 +0000 (10:48 -0700)
diff --git a/src/ChangeLog b/src/ChangeLog

index 6da301c9d07ba1f356b0022dba6ad6b45b15dcf4..e2b1b29496827d4bacb5d7112201671995dc07ab 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,6 +1,7 @@
  2011-06-08  Paul Eggert  <eggert@cs.ucla.edu>
  
         * alloc.c (Fmake_bool_vector): Don't assume vector size fits in int.
+       (allocate_vectorlike): Check for ptrdiff_t overflow.
  
         * alloc.c: Catch some string size overflows that we were missing.
         (XMALLOC_OVERRUN_CHECK_SIZE) [!XMALLOC_OVERRUN_CHECK]: Define to 0,
diff --git a/src/alloc.c b/src/alloc.c

index 88542e86c48ca56cb274ed7e8108fab2b5998298..2dbaef9b00b343a69f52e18dd461d1d22904da58 100644 (file)
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -2802,10 +2802,11 @@ allocate_vectorlike (EMACS_INT len)
  {
    struct Lisp_Vector *p;
    size_t nbytes;
+  ptrdiff_t nbytes_max = min (PTRDIFF_MAX, SIZE_MAX);
    int header_size = offsetof (struct Lisp_Vector, contents);
    int word_size = sizeof p->contents[0];
  
-  if ((SIZE_MAX - header_size) / word_size < len)
+  if ((nbytes_max - header_size) / word_size < len)
      memory_full (SIZE_MAX);
  
    MALLOC_BLOCK_INPUT;
author	Paul Eggert <eggert@cs.ucla.edu>
	Wed, 8 Jun 2011 17:48:26 +0000 (10:48 -0700)
committer	Paul Eggert <eggert@cs.ucla.edu>
	Wed, 8 Jun 2011 17:48:26 +0000 (10:48 -0700)
src/ChangeLog		patch \| blob \| history
src/alloc.c		patch \| blob \| history