From 2b329ed420eb15f6738edd402697ac2876b2aa61 Mon Sep 17 00:00:00 2001 From: Eli Zaretskii Date: Mon, 12 Aug 2019 17:39:09 +0300 Subject: [PATCH] ; Add commentary to recent changes * src/image.c (png_load_body): * src/editfns.c (styled_format): * src/casefiddle.c (do_casify_multibyte_string): * src/alloc.c (free_cons): Comment why we use a signed temporary integer variable. (Bug#37006) --- src/alloc.c | 2 ++ src/casefiddle.c | 2 ++ src/editfns.c | 4 +++- src/image.c | 4 +++- 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/alloc.c b/src/alloc.c index 8227feadae5..39833f8decb 100644 --- a/src/alloc.c +++ b/src/alloc.c @@ -2542,6 +2542,8 @@ free_cons (struct Lisp_Cons *ptr) ptr->u.s.u.chain = cons_free_list; ptr->u.s.car = dead_object (); cons_free_list = ptr; + /* Use a temporary signed variable, since otherwise INT_ADD_WRAPV + might incorrectly return non-zero. */ int incr = sizeof *ptr; if (INT_ADD_WRAPV (consing_until_gc, incr, &consing_until_gc)) consing_until_gc = OBJECT_CT_MAX; diff --git a/src/casefiddle.c b/src/casefiddle.c index 6fcb5852141..741973e40af 100644 --- a/src/casefiddle.c +++ b/src/casefiddle.c @@ -265,6 +265,8 @@ do_casify_multibyte_string (struct casing_context *ctx, Lisp_Object obj) ptrdiff_t size = SCHARS (obj), n; USE_SAFE_ALLOCA; + /* Use a temporary signed variable, since otherwise INT_ADD_WRAPV + might incorrectly return non-zero. */ ptrdiff_t casing_str_buf_size = sizeof (struct casing_str_buf); if (INT_MULTIPLY_WRAPV (size, MAX_MULTIBYTE_LENGTH, &n) || INT_ADD_WRAPV (n, casing_str_buf_size, &n)) diff --git a/src/editfns.c b/src/editfns.c index 25f80bedb1c..19bbfdcd478 100644 --- a/src/editfns.c +++ b/src/editfns.c @@ -3158,12 +3158,14 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message) /* Upper bound on number of format specs. Each uses at least 2 chars. */ ptrdiff_t nspec_bound = SCHARS (args[0]) >> 1; - /* Allocate the info and discarded tables. */ + /* Use a temporary signed variable, since otherwise INT_ADD_WRAPV + might incorrectly return non-zero. */ ptrdiff_t info_size = sizeof *info, alloca_size; if (INT_MULTIPLY_WRAPV (nspec_bound, info_size, &info_size) || INT_ADD_WRAPV (formatlen, info_size, &alloca_size) || SIZE_MAX < alloca_size) memory_full (SIZE_MAX); + /* Allocate the info and discarded tables. */ info = SAFE_ALLOCA (alloca_size); /* discarded[I] is 1 if byte I of the format string was not copied into the output. diff --git a/src/image.c b/src/image.c index a59be0cd8ff..b37851f0963 100644 --- a/src/image.c +++ b/src/image.c @@ -6658,11 +6658,13 @@ png_load_body (struct frame *f, struct image *img, struct png_load_context *c) /* Number of bytes needed for one row of the image. */ row_bytes = png_get_rowbytes (png_ptr, info_ptr); - /* Allocate memory for the image. */ + /* Use a temporary signed variable, since otherwise + INT_MULTIPLY_WRAPV might incorrectly return non-zero. */ ptrdiff_t nbytes = sizeof *pixels; if (INT_MULTIPLY_WRAPV (row_bytes, nbytes, &nbytes) || INT_MULTIPLY_WRAPV (nbytes, height, &nbytes)) memory_full (SIZE_MAX); + /* Allocate memory for the image. */ c->pixels = pixels = xmalloc (nbytes); c->rows = rows = xmalloc (height * sizeof *rows); for (i = 0; i < height; ++i) -- 2.39.2