From: Paul Eggert Date: Tue, 14 Jun 2011 21:30:16 +0000 (-0700) Subject: * alloc.c: Check that resized vectors' lengths fit in fixnums. X-Git-Tag: emacs-pretest-24.0.90~104^2~548^2~11 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=dd0b0efbabfc187be6810a0e41b4ac5fdda667af;p=emacs.git * alloc.c: Check that resized vectors' lengths fit in fixnums. (header_size, word_size): New constants. (allocate_vectorlike): Don't check size overflow here. (allocate_vector): Check it here instead, since this is the only caller of allocate_vectorlike that could cause overflow. Check that the new vector's length is representable as a fixnum. --- diff --git a/src/ChangeLog b/src/ChangeLog index 7bd1d47b328..dd61843bc85 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,12 @@ 2011-06-14 Paul Eggert + * alloc.c: Check that resized vectors' lengths fit in fixnums. + (header_size, word_size): New constants. + (allocate_vectorlike): Don't check size overflow here. + (allocate_vector): Check it here instead, since this is the only + caller of allocate_vectorlike that could cause overflow. + Check that the new vector's length is representable as a fixnum. + * fns.c (next_almost_prime): Don't return a multiple of 3 or 5. The previous code was bogus. For example, next_almost_prime (32) returned 39, which is undesirable as it is a multiple of 3; and diff --git a/src/alloc.c b/src/alloc.c index 56e8eb4d465..00d330c1b6a 100644 --- a/src/alloc.c +++ b/src/alloc.c @@ -2767,6 +2767,12 @@ DEFUN ("make-list", Fmake_list, Smake_list, 2, 2, 0, static struct Lisp_Vector *all_vectors; +/* Handy constants for vectorlike objects. */ +enum + { + header_size = offsetof (struct Lisp_Vector, contents), + word_size = sizeof (Lisp_Object) + }; /* Value is a pointer to a newly allocated Lisp_Vector structure with room for LEN Lisp_Objects. */ @@ -2776,12 +2782,6 @@ allocate_vectorlike (EMACS_INT len) { struct Lisp_Vector *p; size_t nbytes; - ptrdiff_t nbytes_max = min (PTRDIFF_MAX, SIZE_MAX); - int header_size = offsetof (struct Lisp_Vector, contents); - int word_size = sizeof p->contents[0]; - - if ((nbytes_max - header_size) / word_size < len) - memory_full (SIZE_MAX); MALLOC_BLOCK_INPUT; @@ -2815,13 +2815,18 @@ allocate_vectorlike (EMACS_INT len) } -/* Allocate a vector with NSLOTS slots. */ +/* Allocate a vector with LEN slots. */ struct Lisp_Vector * -allocate_vector (EMACS_INT nslots) +allocate_vector (EMACS_INT len) { - struct Lisp_Vector *v = allocate_vectorlike (nslots); - v->header.size = nslots; + struct Lisp_Vector *v; + ptrdiff_t nbytes_max = min (PTRDIFF_MAX, SIZE_MAX); + + if (min ((nbytes_max - header_size) / word_size, MOST_POSITIVE_FIXNUM) < len) + memory_full (SIZE_MAX); + v = allocate_vectorlike (len); + v->header.size = len; return v; }