From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 16 Jun 2011 21:25:42 +0000 (-0700)
Subject: Improve buffer-overflow checking (Bug#8873).
X-Git-Tag: emacs-pretest-24.0.90~104^2~538
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=393d71f34cd42b77afe78fbd174f2b1377182232;p=emacs.git

Improve buffer-overflow checking (Bug#8873).
---

393d71f34cd42b77afe78fbd174f2b1377182232
diff --cc src/ChangeLog
index 59fb2d89b24,5f18c8d0062..ae1a00cf173
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@@ -1,3 -1,29 +1,29 @@@
+ 2011-06-16  Paul Eggert  <eggert@cs.ucla.edu>
+ 
 -	Improve buffer-overflow checking.
++	Improve buffer-overflow checking (Bug#8873).
+ 	* fileio.c (Finsert_file_contents):
+ 	* insdel.c (insert_from_buffer_1, replace_range, replace_range_2):
+ 	Remove the old (too-loose) buffer overflow checks.
+ 	They weren't needed, since make_gap checks for buffer overflow.
+ 	* insdel.c (make_gap_larger): Catch buffer overflows that were missed.
+ 	The old code merely checked for Emacs fixnum overflow, and relied
+ 	on undefined (wraparound) behavior.  The new code avoids undefined
+ 	behavior, and also checks for ptrdiff_t and/or size_t overflow.
+ 
+ 	* editfns.c (Finsert_char): Don't dump core with very negative counts.
+ 	Tune.  Don't use wider integers than needed.  Don't use alloca.
+ 	Use a bigger 'string' buffer.  Rewrite to avoid 'n > 0' test.
+ 
+ 	* insdel.c (replace_range): Fix buf overflow when insbytes < outgoing.
+ 
+ 	* insdel.c, lisp.h (buffer_overflow): New function.
+ 	(insert_from_buffer_1, replace_range, replace_range_2):
+ 	* insdel.c (make_gap_larger):
+ 	* editfns.c (Finsert_char):
+ 	* fileio.c (Finsert_file_contents): Use it, to normalize wording.
+ 
+ 	* buffer.h (BUF_BYTES_MAX): Cast to ptrdiff_t so that it's signed.
+ 
  2011-06-15  Paul Eggert  <eggert@cs.ucla.edu>
  
  	Integer overflow and signedness fixes (Bug#8873).