From 171e2a582e4c7d6bfd6d6ff0373720b59568bcb2 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Mon, 20 Jun 2011 00:21:06 -0700 Subject: [PATCH] * termcap.c: Don't assume sizes fit in int and never overflow. (struct termcap_buffer, tgetent): Use ptrdiff_t, not int, for sizes. (gobble_line): Check for size-calculation overflow. --- src/ChangeLog | 4 ++++ src/termcap.c | 9 +++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 238e37a43a1..21daa1c8e3b 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,9 @@ 2011-06-20 Paul Eggert + * termcap.c: Don't assume sizes fit in int and never overflow. + (struct termcap_buffer, tgetent): Use ptrdiff_t, not int, for sizes. + (gobble_line): Check for size-calculation overflow. + * minibuf.c (Fread_buffer): * lread.c (intern, intern_c_string): * image.c (xpm_scan) [HAVE_NS && !HAVE_XPM]: diff --git a/src/termcap.c b/src/termcap.c index 5b71ad229d7..e191f6b3af3 100644 --- a/src/termcap.c +++ b/src/termcap.c @@ -323,10 +323,10 @@ tputs (register const char *str, int nlines, int (*outfun) (int)) struct termcap_buffer { char *beg; - int size; + ptrdiff_t size; char *ptr; int ateof; - int full; + ptrdiff_t full; }; /* Forward declarations of static functions. */ @@ -367,7 +367,7 @@ tgetent (char *bp, const char *name) register char *bp1; char *tc_search_point; char *term; - int malloc_size = 0; + ptrdiff_t malloc_size = 0; register int c; char *tcenv = NULL; /* TERMCAP value, if it contains :tc=. */ char *indirect = NULL; /* Terminal type in :tc= in TERMCAP value. */ @@ -637,6 +637,8 @@ gobble_line (int fd, register struct termcap_buffer *bufp, char *append_end) { if (bufp->full == bufp->size) { + if ((PTRDIFF_MAX - 1) / 2 < bufp->size) + memory_full (SIZE_MAX); bufp->size *= 2; /* Add 1 to size to ensure room for terminating null. */ tem = (char *) xrealloc (buf, bufp->size + 1); @@ -715,4 +717,3 @@ tprint (cap) } #endif /* TEST */ - -- 2.39.2