From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 12 Apr 2011 08:12:01 +0000 (-0700)
Subject: * sysdep.c (emacs_read, emacs_write): Check for negative sizes
X-Git-Tag: emacs-pretest-24.0.90~104^2~275^2~283^2~17
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=282726844359402dead010401a3257d106d68f69;p=emacs.git

* sysdep.c (emacs_read, emacs_write): Check for negative sizes

since callers should never pass a negative size.
Change the signature to match that of plain 'read' and 'write'; see
<http://lists.gnu.org/archive/html/emacs-devel/2011-04/msg00397.html>.
* lisp.h: Update prototypes of emacs_write and emacs_read.
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 6e54c45453c..3006d08a33e 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,11 @@
+2011-04-12  Paul Eggert  <eggert@cs.ucla.edu>
+
+	* sysdep.c (emacs_read, emacs_write): Check for negative sizes
+	since callers should never pass a negative size.
+	Change the signature to match that of plain 'read' and 'write'; see
+	<http://lists.gnu.org/archive/html/emacs-devel/2011-04/msg00397.html>.
+	* lisp.h: Update prototypes of emacs_write and emacs_read.
+
 2011-04-11  Eli Zaretskii  <eliz@gnu.org>
 
 	* xdisp.c (redisplay_window): Don't try to determine the character
diff --git a/src/lisp.h b/src/lisp.h
index d3e43c1cf14..080b2693a41 100644
--- a/src/lisp.h
+++ b/src/lisp.h
@@ -3346,8 +3346,8 @@ extern long get_random (void);
 extern void seed_random (long);
 extern int emacs_open (const char *, int, int);
 extern int emacs_close (int);
-extern ssize_t emacs_read (int, char *, ssize_t);
-extern ssize_t emacs_write (int, const char *, ssize_t);
+extern ssize_t emacs_read (int, char *, size_t);
+extern ssize_t emacs_write (int, const char *, size_t);
 enum { READLINK_BUFSIZE = 1024 };
 extern char *emacs_readlink (const char *, char [READLINK_BUFSIZE]);
 #ifndef HAVE_MEMSET
diff --git a/src/sysdep.c b/src/sysdep.c
index 37c9f73dba9..d56e2a864dc 100644
--- a/src/sysdep.c
+++ b/src/sysdep.c
@@ -1826,10 +1826,18 @@ emacs_close (int fd)
 }
 
 ssize_t
-emacs_read (int fildes, char *buf, ssize_t nbyte)
+emacs_read (int fildes, char *buf, size_t nbyte)
 {
   register ssize_t rtnval;
 
+  /* Defend against the possibility that a buggy caller passes a negative NBYTE
+     argument, which would be converted to a large unsigned size_t NBYTE.  This
+     defense prevents callers from doing large writes, unfortunately.  This
+     size restriction can be removed once we have carefully checked that there
+     are no such callers.  */
+  if ((ssize_t) nbyte < 0)
+    abort ();
+
   while ((rtnval = read (fildes, buf, nbyte)) == -1
 	 && (errno == EINTR))
     QUIT;
@@ -1837,13 +1845,17 @@ emacs_read (int fildes, char *buf, ssize_t nbyte)
 }
 
 ssize_t
-emacs_write (int fildes, const char *buf, ssize_t nbyte)
+emacs_write (int fildes, const char *buf, size_t nbyte)
 {
   register ssize_t rtnval, bytes_written;
 
+  /* Defend against negative NBYTE, as in emacs_read.  */
+  if ((ssize_t) nbyte < 0)
+    abort ();
+
   bytes_written = 0;
 
-  while (nbyte > 0)
+  while (nbyte != 0)
     {
       rtnval = write (fildes, buf, nbyte);