From 2a47c44da27ce75e5ecae75a8006127439b25392 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 2 Apr 2011 01:00:56 -0700 Subject: [PATCH] * fileio.c (Finsert_file_contents): Avoid signed integer overflow. --- src/ChangeLog | 2 ++ src/fileio.c | 25 ++++++++++--------------- 2 files changed, 12 insertions(+), 15 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 73be884837f..ff9b70cec2b 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-04-02 Paul Eggert + * fileio.c (Finsert_file_contents): Avoid signed integer overflow. + * minibuf.c (read_minibuf_noninteractive): Use size_t for sizes. Check for integer overflow on size calculations. diff --git a/src/fileio.c b/src/fileio.c index 552044f7272..676eb7f53ac 100644 --- a/src/fileio.c +++ b/src/fileio.c @@ -3239,9 +3239,16 @@ variable `last-coding-system-used' to the coding system actually used. */) record_unwind_protect (close_file_unwind, make_number (fd)); - /* Can happen on any platform that uses long as type of off_t, but allows - file sizes to exceed 2Gb, so give a suitable message. */ - if (! not_regular && st.st_size < 0) + + /* Arithmetic overflow can occur if an Emacs integer cannot represent the + file size, or if the calculations below overflow. The calculations below + double the file size twice, so check that it can be multiplied by 4 + safely. + + Also check whether the size is negative, which can happen on a platform + that allows file sizes greater than the maximum off_t value. */ + if (! not_regular + && ! (0 <= st.st_size && st.st_size <= MOST_POSITIVE_FIXNUM / 4)) error ("Maximum buffer size exceeded"); /* Prevent redisplay optimizations. */ @@ -3268,18 +3275,6 @@ variable `last-coding-system-used' to the coding system actually used. */) { XSETINT (end, st.st_size); - /* Arithmetic overflow can occur if an Emacs integer cannot - represent the file size, or if the calculations below - overflow. The calculations below double the file size - twice, so check that it can be multiplied by 4 safely. */ - if (XINT (end) != st.st_size - /* Actually, it should test either INT_MAX or LONG_MAX - depending on which one is used for EMACS_INT. But in - any case, in practice, this test is redundant with the - one above. - || st.st_size > INT_MAX / 4 */) - error ("Maximum buffer size exceeded"); - /* The file size returned from stat may be zero, but data may be readable nonetheless, for example when this is a file in the /proc filesystem. */ -- 2.39.2