From 39019e542536660936a5fd1a7369ae54fdc6ddd2 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Wed, 22 Jun 2011 15:39:06 -0700
Subject: [PATCH] * lread.c (read_escape): Check for hex character overflow.

---
 src/ChangeLog | 1 +
 src/lread.c   | 7 +++----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index f0a48ed75ab..e1e9e24fcba 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -7,6 +7,7 @@
 	(read1): Don't assume doc string length fits in int.  Check for
 	out-of-range doc string lengths.
 	(read_list): Don't assume file position fits in int.
+	(read_escape): Check for hex character overflow.
 
 	Fixes for GLYPH_DEBUG found by GCC 4.6.0 static checking.
 	The following patches are for when GLYPH_DEBUG && !XASSERT.
diff --git a/src/lread.c b/src/lread.c
index 42ddbfd188d..a2f78f848ae 100644
--- a/src/lread.c
+++ b/src/lread.c
@@ -2208,6 +2208,8 @@ read_escape (Lisp_Object readcharfun, int stringp)
 		UNREAD (c);
 		break;
 	      }
+	    if (MAX_CHAR < i)
+	      error ("Hex character out of range: \\x%x...", i);
 	    count++;
 	  }
 
@@ -2236,10 +2238,7 @@ read_escape (Lisp_Object readcharfun, int stringp)
 	    else if (c >= 'a' && c <= 'f')  i = (i << 4) + (c - 'a') + 10;
             else if (c >= 'A' && c <= 'F')  i = (i << 4) + (c - 'A') + 10;
 	    else
-	      {
-		error ("Non-hex digit used for Unicode escape");
-		break;
-	      }
+	      error ("Non-hex digit used for Unicode escape");
 	  }
 	if (i > 0x10FFFF)
 	  error ("Non-Unicode character: 0x%x", i);
-- 
2.39.2