From 67c36fce599fc28e5ae3eca371d034c600265dd2 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Jun 2011 01:10:34 -0700 Subject: [PATCH] * buffer.c (record_overlay_string): Check for size-calculation overflow. (struct sortstrlist.size, struct sortlist.used): Don't truncate size to int. --- src/ChangeLog | 5 ++++- src/buffer.c | 9 ++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index fcb6f66c279..a82ba93320a 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -3,7 +3,10 @@ * buffer.c (struct sortvec.priority, struct sortstr.priority): Now EMACS_INT, not int. (compare_overlays, cmp_for_strings): Avoid subtraction overflow. - (struct sortstr.size, record_overlay_string): Don't truncate size to int. + (struct sortstr.size, record_overlay_string) + (struct sortstrlist.size, struct sortlist.used): + Don't truncate size to int. + (record_overlay_string): Check for size-calculation overflow. 2011-06-16 Paul Eggert diff --git a/src/buffer.c b/src/buffer.c index 90a10ec2a34..93f739c0d4b 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -2933,8 +2933,8 @@ struct sortstr struct sortstrlist { struct sortstr *buf; /* An array that expands as needed; never freed. */ - int size; /* Allocated length of that array. */ - int used; /* How much of the array is currently in use. */ + ptrdiff_t size; /* Allocated length of that array. */ + ptrdiff_t used; /* How much of the array is currently in use. */ EMACS_INT bytes; /* Total length of the strings in buf. */ }; @@ -2969,7 +2969,10 @@ record_overlay_string (struct sortstrlist *ssl, Lisp_Object str, if (ssl->used == ssl->size) { - if (ssl->buf) + if (min (PTRDIFF_MAX, SIZE_MAX) / (sizeof (struct sortstr) * 2) + < ssl->size) + memory_full (SIZE_MAX); + else if (0 < ssl->size) ssl->size *= 2; else ssl->size = 5; -- 2.39.2