Integer and memory overflow issues (Bug#9196).
+ * doc.c (get_doc_string): Rework so that
+ get_doc_string_buffer_size is the actual buffer size, rather than
+ being 1 less than the actual buffer size; this makes xpalloc more
+ convenient.
+
* image.c (x_allocate_bitmap_record, cache_image):
* xselect.c (Fx_register_dnd_atom):
Simplify previous changes by using xpalloc.
p = get_doc_string_buffer;
while (1)
{
- ptrdiff_t space_left = (get_doc_string_buffer_size
+ ptrdiff_t space_left = (get_doc_string_buffer_size - 1
- (p - get_doc_string_buffer));
int nread;
/* Allocate or grow the buffer if we need to. */
- if (space_left == 0)
+ if (space_left <= 0)
{
ptrdiff_t in_buffer = p - get_doc_string_buffer;
get_doc_string_buffer =
xpalloc (get_doc_string_buffer, &get_doc_string_buffer_size,
16 * 1024, -1, 1);
p = get_doc_string_buffer + in_buffer;
- space_left = (get_doc_string_buffer_size
+ space_left = (get_doc_string_buffer_size - 1
- (p - get_doc_string_buffer));
}