From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 23 Jun 2011 00:46:41 +0000 (-0700)
Subject: * image.c (cache_image): Check for size arithmetic overflow.
X-Git-Tag: emacs-pretest-24.0.90~104^2~152^2~437
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=7fcccf1efe3d4bc6182253ec0b1b5fd409fdd242;p=emacs.git

* image.c (cache_image): Check for size arithmetic overflow.
---

diff --git a/src/ChangeLog b/src/ChangeLog
index e1e9e24fcba..7f174bf0a21 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2011-06-23  Paul Eggert  <eggert@cs.ucla.edu>
+
+	* image.c (cache_image): Check for size arithmetic overflow.
+
 2011-06-22  Paul Eggert  <eggert@cs.ucla.edu>
 
 	* lread.c: Integer overflow issues.
diff --git a/src/image.c b/src/image.c
index a9785e5d00f..6e8440fb431 100644
--- a/src/image.c
+++ b/src/image.c
@@ -1836,6 +1836,8 @@ cache_image (struct frame *f, struct image *img)
   /* If no free slot found, maybe enlarge c->images.  */
   if (i == c->used && c->used == c->size)
     {
+      if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof *c->images / 2 < c->size)
+	memory_full (SIZE_MAX);
       c->size *= 2;
       c->images = (struct image **) xrealloc (c->images,
 					      c->size * sizeof *c->images);