From: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri, 29 Jul 2011 01:00:29 +0000 (-0700)
Subject: * macros.c: Integer and memory overflow fixes.
X-Git-Tag: emacs-pretest-24.0.90~104^2~152^2~109
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=c86960f076fd12d743da2b30768323efb9c22bbf;p=emacs.git

* macros.c: Integer and memory overflow fixes.

(Fstart_kbd_macro): Don't update size until alloc done.
(store_kbd_macro_char): Reorder multiplicands to avoid overflow.
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 24d67e2463e..435d883e14f 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,9 @@
 2011-07-29  Paul Eggert  <eggert@cs.ucla.edu>
 
+	* macros.c: Integer and memory overflow fixes.
+	(Fstart_kbd_macro): Don't update size until alloc done.
+	(store_kbd_macro_char): Reorder multiplicands to avoid overflow.
+
 	* lread.c (read1, init_obarray): Don't update size until alloc done.
 
 	* keymap.c: Integer overflow fixes.
diff --git a/src/macros.c b/src/macros.c
index 60f30c3fbbe..f6cd3a3ccad 100644
--- a/src/macros.c
+++ b/src/macros.c
@@ -62,9 +62,9 @@ macro before appending to it. */)
 
   if (!current_kboard->kbd_macro_buffer)
     {
-      current_kboard->kbd_macro_bufsize = 30;
       current_kboard->kbd_macro_buffer
 	= (Lisp_Object *)xmalloc (30 * sizeof (Lisp_Object));
+      current_kboard->kbd_macro_bufsize = 30;
     }
   update_mode_lines++;
   if (NILP (append))
@@ -202,7 +202,7 @@ store_kbd_macro_char (Lisp_Object c)
 	  if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof *kb->kbd_macro_buffer / 2
 	      < kb->kbd_macro_bufsize)
 	    memory_full (SIZE_MAX);
-	  nbytes = kb->kbd_macro_bufsize * 2 * sizeof *kb->kbd_macro_buffer;
+	  nbytes = kb->kbd_macro_bufsize * (2 * sizeof *kb->kbd_macro_buffer);
 	  kb->kbd_macro_buffer
 	    = (Lisp_Object *) xrealloc (kb->kbd_macro_buffer, nbytes);
 	  kb->kbd_macro_bufsize *= 2;