From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 26 Mar 2020 01:20:31 +0000 (-0700)
Subject: Fix integer overflow in internal_self_insert
X-Git-Tag: emacs-28.0.90~7719
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=98546d9c823db544b62bdba0bb388816ea6dd342;p=emacs.git

Fix integer overflow in internal_self_insert

* src/cmds.c (internal_self_insert): Avoid undefined behavior
on integer overflow by using saturated add.
---

diff --git a/src/cmds.c b/src/cmds.c
index 5b98a09fda9..c342cd88bd8 100644
--- a/src/cmds.c
+++ b/src/cmds.c
@@ -451,7 +451,10 @@ internal_self_insert (int c, EMACS_INT n)
 	  string = concat2 (string, tem);
 	}
 
-      replace_range (PT, PT + chars_to_delete, string, 1, 1, 1, 0);
+      ptrdiff_t to;
+      if (INT_ADD_WRAPV (PT, chars_to_delete, &to))
+	to = PTRDIFF_MAX;
+      replace_range (PT, to, string, 1, 1, 1, 0);
       Fforward_char (make_fixnum (n));
     }
   else if (n > 1)