From: Paul Eggert Date: Fri, 29 Jul 2011 01:56:54 +0000 (-0700) Subject: * xgselect.c (xg_select): Check for size calculation overflow. X-Git-Tag: emacs-pretest-24.0.90~104^2~152^2~95 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=c26f25213a70687820290a58189e58e687ef498c;p=emacs.git * xgselect.c (xg_select): Check for size calculation overflow. Don't update size until alloc done. --- diff --git a/src/ChangeLog b/src/ChangeLog index 7a0543e46c5..b5c5afd7a1e 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,8 @@ 2011-07-29 Paul Eggert + * xgselect.c (xg_select): Check for size calculation overflow. + Don't update size until alloc done. + * xfns.c: Integer and memory overflow fixes. (x_encode_text, x_set_name_internal, Fx_change_window_property): Use ptrdiff_t, not int, to count sizes, since they can exceed diff --git a/src/xgselect.c b/src/xgselect.c index 9ccdd37489f..d1844610077 100644 --- a/src/xgselect.c +++ b/src/xgselect.c @@ -54,10 +54,16 @@ xg_select (int max_fds, SELECT_TYPE *rfds, SELECT_TYPE *wfds, SELECT_TYPE *efds, do { if (n_gfds > gfds_size) { - while (n_gfds > gfds_size) - gfds_size *= 2; + int gfds_size_max = + min (INT_MAX, min (PTRDIFF_MAX, SIZE_MAX) / sizeof *gfds); + int size; + if (gfds_size_max / 2 < n_gfds) + memory_full (SIZE_MAX); + size = 2 * n_gfds; + gfds_size = 0; xfree (gfds); - gfds = xmalloc (sizeof (*gfds) * gfds_size); + gfds = xmalloc (sizeof *gfds * size); + gfds_size = size; } n_gfds = g_main_context_query (context,