* macros.c: Integer and memory overflow fixes.

(Fstart_kbd_macro): Don't update size until alloc done.
(store_kbd_macro_char): Reorder multiplicands to avoid overflow.

diff --git a/src/ChangeLog b/src/ChangeLog
index 24d67e2463e089b94ba2d7b922f711f0dd6ac6b6..435d883e14f9e2b7268b4ac1c420ad0b21e9bcfe 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,9 @@
 2011-07-29  Paul Eggert  <eggert@cs.ucla.edu>
 
+       * macros.c: Integer and memory overflow fixes.
+       (Fstart_kbd_macro): Don't update size until alloc done.
+       (store_kbd_macro_char): Reorder multiplicands to avoid overflow.
+
        * lread.c (read1, init_obarray): Don't update size until alloc done.
 
        * keymap.c: Integer overflow fixes.

diff --git a/src/macros.c b/src/macros.c
index 60f30c3fbbefc3872080912177ba1a731f6d6250..f6cd3a3ccad424d168ee6842632f33c79e4aeb53 100644 (file)
--- a/src/macros.c
+++ b/src/macros.c
@@ -62,9 +62,9 @@ macro before appending to it. */)
 
   if (!current_kboard->kbd_macro_buffer)
     {
-      current_kboard->kbd_macro_bufsize = 30;
       current_kboard->kbd_macro_buffer
        = (Lisp_Object *)xmalloc (30 * sizeof (Lisp_Object));
+      current_kboard->kbd_macro_bufsize = 30;
     }
   update_mode_lines++;
   if (NILP (append))
@@ -202,7 +202,7 @@ store_kbd_macro_char (Lisp_Object c)
          if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof *kb->kbd_macro_buffer / 2
              < kb->kbd_macro_bufsize)
            memory_full (SIZE_MAX);
-         nbytes = kb->kbd_macro_bufsize * 2 * sizeof *kb->kbd_macro_buffer;
+         nbytes = kb->kbd_macro_bufsize * (2 * sizeof *kb->kbd_macro_buffer);
          kb->kbd_macro_buffer
            = (Lisp_Object *) xrealloc (kb->kbd_macro_buffer, nbytes);
          kb->kbd_macro_bufsize *= 2;