From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sat, 2 Apr 2011 08:00:56 +0000 (-0700)
Subject: * fileio.c (Finsert_file_contents): Avoid signed integer overflow.
X-Git-Tag: emacs-pretest-24.0.90~104^2~275^2~394^2~52
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=2a47c44da27ce75e5ecae75a8006127439b25392;p=emacs.git

* fileio.c (Finsert_file_contents): Avoid signed integer overflow.
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 73be884837f..ff9b70cec2b 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,7 @@
 2011-04-02  Paul Eggert  <eggert@cs.ucla.edu>
 
+	* fileio.c (Finsert_file_contents): Avoid signed integer overflow.
+
 	* minibuf.c (read_minibuf_noninteractive): Use size_t for sizes.
 	Check for integer overflow on size calculations.
 
diff --git a/src/fileio.c b/src/fileio.c
index 552044f7272..676eb7f53ac 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -3239,9 +3239,16 @@ variable `last-coding-system-used' to the coding system actually used.  */)
 
   record_unwind_protect (close_file_unwind, make_number (fd));
 
-  /* Can happen on any platform that uses long as type of off_t, but allows
-     file sizes to exceed 2Gb, so give a suitable message.  */
-  if (! not_regular && st.st_size < 0)
+
+  /* Arithmetic overflow can occur if an Emacs integer cannot represent the
+     file size, or if the calculations below overflow.  The calculations below
+     double the file size twice, so check that it can be multiplied by 4
+     safely.
+
+     Also check whether the size is negative, which can happen on a platform
+     that allows file sizes greater than the maximum off_t value.  */
+  if (! not_regular
+      && ! (0 <= st.st_size && st.st_size <= MOST_POSITIVE_FIXNUM / 4))
     error ("Maximum buffer size exceeded");
 
   /* Prevent redisplay optimizations.  */
@@ -3268,18 +3275,6 @@ variable `last-coding-system-used' to the coding system actually used.  */)
 	{
 	  XSETINT (end, st.st_size);
 
-	  /* Arithmetic overflow can occur if an Emacs integer cannot
-	     represent the file size, or if the calculations below
-	     overflow.  The calculations below double the file size
-	     twice, so check that it can be multiplied by 4 safely.  */
-	  if (XINT (end) != st.st_size
-	      /* Actually, it should test either INT_MAX or LONG_MAX
-		 depending on which one is used for EMACS_INT.  But in
-		 any case, in practice, this test is redundant with the
-		 one above.
-		 || st.st_size > INT_MAX / 4 */)
-	    error ("Maximum buffer size exceeded");
-
 	  /* The file size returned from stat may be zero, but data
 	     may be readable nonetheless, for example when this is a
 	     file in the /proc filesystem.  */