From 37d0112bcfc0b2fb426821afc9d409236acab381 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 28 Jul 2011 17:59:16 -0700
Subject: [PATCH] * lread.c (read1, init_obarray): Don't update size until
 alloc done.

---
 src/ChangeLog |  2 ++
 src/lread.c   | 20 ++++++++++++--------
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index f1c7f11c7f6..24d67e2463e 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,7 @@
 2011-07-29  Paul Eggert  <eggert@cs.ucla.edu>
 
+	* lread.c (read1, init_obarray): Don't update size until alloc done.
+
 	* keymap.c: Integer overflow fixes.
 	(cmm_size, current_minor_maps): Use ptrdiff_t, not int, to count maps.
 	(current_minor_maps): Check for size calculation overflow.
diff --git a/src/lread.c b/src/lread.c
index 0613ad037bf..3703fdf5d3e 100644
--- a/src/lread.c
+++ b/src/lread.c
@@ -2613,14 +2613,14 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list)
 
 	      if (saved_doc_string_size == 0)
 		{
+		  saved_doc_string = (char *) xmalloc (nskip + extra);
 		  saved_doc_string_size = nskip + extra;
-		  saved_doc_string = (char *) xmalloc (saved_doc_string_size);
 		}
 	      if (nskip > saved_doc_string_size)
 		{
-		  saved_doc_string_size = nskip + extra;
 		  saved_doc_string = (char *) xrealloc (saved_doc_string,
-							saved_doc_string_size);
+							nskip + extra);
+		  saved_doc_string_size = nskip + extra;
 		}
 
 	      saved_doc_string_position = file_tell (instream);
@@ -2880,7 +2880,8 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list)
 		if (min (PTRDIFF_MAX, SIZE_MAX) / 2 < read_buffer_size)
 		  memory_full (SIZE_MAX);
 		read_buffer = (char *) xrealloc (read_buffer,
-						 read_buffer_size *= 2);
+						 read_buffer_size * 2);
+		read_buffer_size *= 2;
 		p = read_buffer + offset;
 		end = read_buffer + read_buffer_size;
 	      }
@@ -3023,7 +3024,8 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list)
 		  if (min (PTRDIFF_MAX, SIZE_MAX) / 2 < read_buffer_size)
 		    memory_full (SIZE_MAX);
 		  read_buffer = (char *) xrealloc (read_buffer,
-						   read_buffer_size *= 2);
+						   read_buffer_size * 2);
+		  read_buffer_size *= 2;
 		  p = read_buffer + offset;
 		  end = read_buffer + read_buffer_size;
 		}
@@ -3053,7 +3055,8 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list)
 	      if (min (PTRDIFF_MAX, SIZE_MAX) / 2 < read_buffer_size)
 		memory_full (SIZE_MAX);
 	      read_buffer = (char *) xrealloc (read_buffer,
-					       read_buffer_size *= 2);
+					       read_buffer_size * 2);
+	      read_buffer_size *= 2;
 	      p = read_buffer + offset;
 	      end = read_buffer + read_buffer_size;
 	    }
@@ -3935,6 +3938,7 @@ void
 init_obarray (void)
 {
   Lisp_Object oblength;
+  ptrdiff_t size = 100 + MAX_MULTIBYTE_LENGTH;
 
   XSETFASTINT (oblength, OBARRAY_SIZE);
 
@@ -3967,8 +3971,8 @@ init_obarray (void)
 
   DEFSYM (Qvariable_documentation, "variable-documentation");
 
-  read_buffer_size = 100 + MAX_MULTIBYTE_LENGTH;
-  read_buffer = (char *) xmalloc (read_buffer_size);
+  read_buffer = (char *) xmalloc (size);
+  read_buffer_size = size;
 }
 
 void
-- 
2.39.2