From: Paul Eggert Date: Tue, 20 Feb 2018 21:42:20 +0000 (-0800) Subject: Port recent MAX_RW_COUNT checks to POSIX X-Git-Tag: emacs-27.0.90~5652 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=d599dce1353ce59d134fcff21cde02c70025253d;p=emacs.git Port recent MAX_RW_COUNT checks to POSIX * src/sysdep.c (MAX_RW_COUNT): Verify that it fits in POSIX standard types, to go along with already-existing checks for MS-Windows types. (emacs_intr_read): eassert on all platforms, not just MS-Windows. --- diff --git a/src/sysdep.c b/src/sysdep.c index 08db376b261..c59034ce5c3 100644 --- a/src/sysdep.c +++ b/src/sysdep.c @@ -2554,6 +2554,22 @@ emacs_close (int fd) #define MAX_RW_COUNT (INT_MAX >> 18 << 18) #endif +/* Verify that MAX_RW_COUNT fits in the relevant standard types. */ +#ifndef SSIZE_MAX +# define SSIZE_MAX TYPE_MAXIMUM (ssize_t) +#endif +verify (MAX_RW_COUNT <= PTRDIFF_MAX); +verify (MAX_RW_COUNT <= SIZE_MAX); +verify (MAX_RW_COUNT <= SSIZE_MAX); + +#ifdef WINDOWSNT +/* Verify that Emacs read requests cannot cause trouble, even in + 64-bit builds. The last argument of 'read' is 'unsigned int', and + the return value's type (see 'sys_read') is 'int'. */ +verify (MAX_RW_COUNT <= INT_MAX); +verify (MAX_RW_COUNT <= UINT_MAX); +#endif + /* Read from FD to a buffer BUF with size NBYTE. If interrupted, process any quits and pending signals immediately if INTERRUPTIBLE, and then retry the read unless quitting. @@ -2562,18 +2578,11 @@ emacs_close (int fd) static ptrdiff_t emacs_intr_read (int fd, void *buf, ptrdiff_t nbyte, bool interruptible) { + /* No caller should ever pass a too-large size to emacs_read. */ + eassert (nbyte <= MAX_RW_COUNT); + ssize_t result; - /* There is no need to check against MAX_RW_COUNT, since no caller ever - passes a size that large to emacs_read. */ -#ifdef WINDOWSNT - /* On MS-Windows, 'read's last argument is declared as 'unsigned - int', and the return value's type (see 'sys_read') is 'int'. - This might cause trouble, especially in 64-bit builds, if the - above comment ever becomes incorrect. The following assertion - should make us more future-proof. */ - eassert (nbyte <= INT_MAX); -#endif do { if (interruptible)