(align): If the argument SIZE would overflow

__malloc_ptrdiff_t, fail right away.

diff --git a/src/ChangeLog b/src/ChangeLog
index ed4535c28d993808230c3bba36307b71a8f580ca..048eedf14faf27f5bed4050b2ab6531d0a5d92b5 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2001-04-09  Eli Zaretskii  <eliz@is.elta.co.il>
+
+       * gmalloc.c (align): If the argument SIZE would overflow
+       __malloc_ptrdiff_t, fail right away.
+
 2001-04-06  Gerd Moellmann  <gerd@gnu.org>
 
        * xfns.c (compute_tip_xy): Add parameters WIDTH and HEIGHT.

diff --git a/src/gmalloc.c b/src/gmalloc.c
index 751e90baf133aa65a670c1df2871ad3805882b8c..3508304da33621fea734eba8a40350027942c2da 100644 (file)
--- a/src/gmalloc.c
+++ b/src/gmalloc.c
@@ -437,7 +437,14 @@ align (size)
   __ptr_t result;
   unsigned long int adj;
 
-  result = (*__morecore) (size);
+  /* align accepts an unsigned argument, but __morecore accepts a
+     signed one.  This could lead to trouble if SIZE overflows a
+     signed int type accepted by __morecore.  We just punt in that
+     case, since they are requesting a ludicrous amount anyway.  */
+  if ((__malloc_ptrdiff_t)size < 0)
+    result = 0;
+  else
+    result = (*__morecore) (size);
   adj = (unsigned long int) ((unsigned long int) ((char *) result -
                                                  (char *) NULL)) % BLOCKSIZE;
   if (adj != 0)