From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 16 May 2011 05:15:51 +0000 (-0700)
Subject: * insdel.c (count_size_as_multibyte): Check for string overflow.
X-Git-Tag: emacs-pretest-24.0.90~104^2~618^2~239^2~18
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=06d6db334ef501be6280e950b9158c539c24eb4d;p=emacs.git

* insdel.c (count_size_as_multibyte): Check for string overflow.
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 944a5dfbecb..b7bf4599d63 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,7 @@
 2011-05-16  Paul Eggert  <eggert@cs.ucla.edu>
 
+	* insdel.c (count_size_as_multibyte): Check for string overflow.
+
 	* character.c (lisp_string_width): Check for string overflow.
 	Use EMACS_INT, not int, for string indexes and lengths; in
 	particular, 2nd arg is now EMACS_INT, not int.  Do not crash if
diff --git a/src/insdel.c b/src/insdel.c
index 2662858c2a1..de9e8aa570a 100644
--- a/src/insdel.c
+++ b/src/insdel.c
@@ -20,6 +20,9 @@ along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.  */
 
 #include <config.h>
 #include <setjmp.h>
+
+#include <intprops.h>
+
 #include "lisp.h"
 #include "intervals.h"
 #include "buffer.h"
@@ -581,14 +584,19 @@ count_size_as_multibyte (const unsigned char *ptr, EMACS_INT nbytes)
   for (i = 0; i < nbytes; i++)
     {
       unsigned int c = *ptr++;
+      int n;
 
       if (ASCII_CHAR_P (c))
-	outgoing_nbytes++;
+	n = 1;
       else
 	{
 	  c = BYTE8_TO_CHAR (c);
-	  outgoing_nbytes += CHAR_BYTES (c);
+	  n = CHAR_BYTES (c);
 	}
+
+      if (INT_ADD_OVERFLOW (outgoing_nbytes, n))
+	string_overflow ();
+      outgoing_nbytes += n;
     }
 
   return outgoing_nbytes;