* ccl.c: Improve and simplify overflow checking (Bug#9196).

(ccl_driver): Do not generate an out-of-range pointer.
(Fccl_execute_on_string): Remove unnecessary check for
integer overflow, noted by Stefan Monnier in
<http://lists.gnu.org/archive/html/emacs-devel/2011-08/msg00979.html>.
Remove a FIXME that didn't need fixing.
Simplify the newly-introduced buffer reallocation code.

diff --git a/src/ChangeLog b/src/ChangeLog
index 901194ed0a00018efb4121b99430563da87e6e2a..7eb185939930effbea6e401ba91b84aa2035f6e2 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,13 @@
+2011-08-27  Paul Eggert  <eggert@cs.ucla.edu>
+
+       * ccl.c: Improve and simplify overflow checking (Bug#9196).
+       (ccl_driver): Do not generate an out-of-range pointer.
+       (Fccl_execute_on_string): Remove unnecessary check for
+       integer overflow, noted by Stefan Monnier in
+       <http://lists.gnu.org/archive/html/emacs-devel/2011-08/msg00979.html>.
+       Remove a FIXME that didn't need fixing.
+       Simplify the newly-introduced buffer reallocation code.
+
 2011-08-27  Juanma Barranquero  <lekktu@gmail.com>
 
        * makefile.w32-in ($(BLD)/alloc.$(O)): Depend on lib/verify.h.

diff --git a/src/ccl.c b/src/ccl.c
index dc0adae68773669cc06ae3cca4e6327c7136a0ad..b28a284f70a5cf5282a6efd438f898f1fcbd8ab9 100644 (file)
--- a/src/ccl.c
+++ b/src/ccl.c
@@ -1770,7 +1770,7 @@ ccl_driver (struct ccl_program *ccl, int *source, int *destination, int src_size
        }
 
       msglen = strlen (msg);
-      if (dst + msglen <= dst_end)
+      if (msglen <= dst_end - dst)
        {
          for (i = 0; i < msglen; i++)
            *dst++ = msg[i];
@@ -2127,37 +2127,25 @@ usage: (ccl-execute-on-string CCL-PROGRAM STATUS STRING &optional CONTINUE UNIBY
       src_size = j;
       while (1)
        {
+         int max_expansion = NILP (unibyte_p) ? MAX_MULTIBYTE_LENGTH : 1;
+         ptrdiff_t offset, shortfall;
          ccl_driver (&ccl, src, destination, src_size, CCL_EXECUTE_BUF_SIZE,
                      Qnil);
          produced_chars += ccl.produced;
+         offset = outp - outbuf;
+         shortfall = ccl.produced * max_expansion - (outbufsize - offset);
+         if (0 < shortfall)
+           {
+             outbuf = xpalloc (outbuf, &outbufsize, shortfall, -1, 1);
+             outp = outbuf + offset;
+           }
          if (NILP (unibyte_p))
            {
-             /* FIXME: Surely this should be buf_magnification instead.
-                MAX_MULTIBYTE_LENGTH overestimates the storage needed.  */
-             int magnification = MAX_MULTIBYTE_LENGTH;
-
-             ptrdiff_t offset = outp - outbuf;
-             ptrdiff_t shortfall;
-             if (INT_MULTIPLY_OVERFLOW (ccl.produced, magnification))
-               memory_full (SIZE_MAX);
-             shortfall = ccl.produced * magnification - (outbufsize - offset);
-             if (0 < shortfall)
-               {
-                 outbuf = xpalloc (outbuf, &outbufsize, shortfall, -1, 1);
-                 outp = outbuf + offset;
-               }
              for (j = 0; j < ccl.produced; j++)
                CHAR_STRING_ADVANCE (destination[j], outp);
            }
          else
            {
-             ptrdiff_t offset = outp - outbuf;
-             ptrdiff_t shortfall = ccl.produced - (outbufsize - offset);
-             if (0 < shortfall)
-               {
-                 outbuf = xpalloc (outbuf, &outbufsize, shortfall, -1, 1);
-                 outp = outbuf + offset;
-               }
              for (j = 0; j < ccl.produced; j++)
                *outp++ = destination[j];
            }