From: Paul Eggert Date: Fri, 15 Jul 2011 06:44:47 +0000 (-0700) Subject: * bidi.c (bidi_cache_ensure_space): Also check that the bidi cache size X-Git-Tag: emacs-pretest-24.0.90~104^2~159^2~9^2~6 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=f0eb61e99dce9005dc94c909046f6130b3d4a97c;p=emacs.git * bidi.c (bidi_cache_ensure_space): Also check that the bidi cache size does not exceed that of the largest Lisp string or buffer. See Eli Zaretskii in . --- diff --git a/src/ChangeLog b/src/ChangeLog index c19786fb72c..493b3277f52 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -15,6 +15,9 @@ Don't set bidi_cache_size until after xrealloc returns, because it might not return. (bidi_dump_cached_states): Use ptrdiff_t, not int, to avoid overflow. + (bidi_cache_ensure_space): Also check that the bidi cache size + does not exceed that of the largest Lisp string or buffer. See Eli + Zaretskii in . * alloc.c (__malloc_size_t): Remove. All uses replaced by size_t. See Andreas Schwab's note diff --git a/src/bidi.c b/src/bidi.c index 1999606639b..697ebb92856 100644 --- a/src/bidi.c +++ b/src/bidi.c @@ -464,9 +464,16 @@ bidi_cache_ensure_space (ptrdiff_t idx) if (idx >= bidi_cache_size) { ptrdiff_t new_size; - ptrdiff_t max_size = - min (PTRDIFF_MAX, SIZE_MAX) / elsz / BIDI_CACHE_CHUNK * BIDI_CACHE_CHUNK; - if (max_size <= idx) + + /* The bidi cache cannot be larger than the largest Lisp string + or buffer. */ + ptrdiff_t string_or_buffer_bound = + max (BUF_BYTES_MAX, STRING_BYTES_BOUND); + + /* Also, it cannot be larger than what C can represent. */ + ptrdiff_t c_bound = min (PTRDIFF_MAX, SIZE_MAX) / elsz; + + if (min (string_or_buffer_bound, c_bound) <= idx) memory_full (SIZE_MAX); new_size = idx - idx % BIDI_CACHE_CHUNK + BIDI_CACHE_CHUNK; bidi_cache = (struct bidi_it *) xrealloc (bidi_cache, new_size * elsz);