From 98546d9c823db544b62bdba0bb388816ea6dd342 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Wed, 25 Mar 2020 18:20:31 -0700
Subject: [PATCH] Fix integer overflow in internal_self_insert

* src/cmds.c (internal_self_insert): Avoid undefined behavior
on integer overflow by using saturated add.
---
 src/cmds.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/cmds.c b/src/cmds.c
index 5b98a09fda9..c342cd88bd8 100644
--- a/src/cmds.c
+++ b/src/cmds.c
@@ -451,7 +451,10 @@ internal_self_insert (int c, EMACS_INT n)
 	  string = concat2 (string, tem);
 	}
 
-      replace_range (PT, PT + chars_to_delete, string, 1, 1, 1, 0);
+      ptrdiff_t to;
+      if (INT_ADD_WRAPV (PT, chars_to_delete, &to))
+	to = PTRDIFF_MAX;
+      replace_range (PT, to, string, 1, 1, 1, 0);
       Fforward_char (make_fixnum (n));
     }
   else if (n > 1)
-- 
2.39.5