From 7d56f940979701a930cf9a7bc753fb9f39ce508b Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Thu, 28 Jul 2011 18:10:08 -0700 Subject: [PATCH] * region-cache.c (move_cache_gap): Check for size calculation overflow. --- src/ChangeLog | 2 ++ src/region-cache.c | 13 +++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 46d2cdb82f7..662d03aaf3d 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-07-29 Paul Eggert + * region-cache.c (move_cache_gap): Check for size calculation overflow. + * process.c (Fnetwork_interface_list): Check for overflow in size calculation. diff --git a/src/region-cache.c b/src/region-cache.c index d701f4d71b0..e6cec96171d 100644 --- a/src/region-cache.c +++ b/src/region-cache.c @@ -247,11 +247,16 @@ move_cache_gap (struct region_cache *c, EMACS_INT pos, EMACS_INT min_size) if (gap_len < min_size) { EMACS_INT i; + ptrdiff_t cache_len_max = + min (PTRDIFF_MAX, SIZE_MAX) / sizeof *c->boundaries; + ptrdiff_t min_size_max = cache_len_max - c->cache_len; - /* Always make at least NEW_CACHE_GAP elements, as long as we're - expanding anyway. */ - if (min_size < NEW_CACHE_GAP) - min_size = NEW_CACHE_GAP; + if (min_size_max < min_size) + memory_full (SIZE_MAX); + + /* Unless running out of space, make at least NEW_CACHE_GAP + elements, as long as we're expanding anyway. */ + min_size = max (min_size, min (min_size_max, NEW_CACHE_GAP)); c->boundaries = (struct boundary *) xrealloc (c->boundaries, -- 2.39.2