From a0efffc812bd88fd3a710c84ae3bf0db989298e1 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 4 Sep 2011 10:27:38 -0700 Subject: [PATCH] * search.c: Integer overflow fixes (Freplace_match): Use ptrdiff_t, not int, for indexes that can exceed INT_MAX. Check that EMACS_INT value is in range before assigning it to the (possibly-narrower) index. (match_limit): Don't assume that a fixnum can fit in 'int'. --- src/ChangeLog | 6 ++++++ src/search.c | 10 +++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index cbd8cd2c219..101fa7ceab7 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,11 @@ 2011-09-04 Paul Eggert + * search.c: Integer overflow fixes + (Freplace_match): Use ptrdiff_t, not int, for indexes that can + exceed INT_MAX. Check that EMACS_INT value is in range before + assigning it to the (possibly-narrower) index. + (match_limit): Don't assume that a fixnum can fit in 'int'. + * print.c: Integer overflow fix. (print_object): Use ptrdiff_t, not int, for index that can exceed INT_MAX. diff --git a/src/search.c b/src/search.c index d892792cbaa..b3d67e6c431 100644 --- a/src/search.c +++ b/src/search.c @@ -2404,7 +2404,7 @@ since only regular expressions have distinguished subexpressions. */) int some_uppercase; int some_nonuppercase_initial; register int c, prevc; - int sub; + ptrdiff_t sub; EMACS_INT opoint, newpoint; CHECK_STRING (newtext); @@ -2423,9 +2423,9 @@ since only regular expressions have distinguished subexpressions. */) else { CHECK_NUMBER (subexp); - sub = XINT (subexp); - if (sub < 0 || sub >= search_regs.num_regs) + if (! (0 <= XINT (subexp) && XINT (subexp) < search_regs.num_regs)) args_out_of_range (subexp, make_number (search_regs.num_regs)); + sub = XINT (subexp); } if (NILP (string)) @@ -2662,7 +2662,7 @@ since only regular expressions have distinguished subexpressions. */) unsigned char str[MAX_MULTIBYTE_LENGTH]; const unsigned char *add_stuff = NULL; ptrdiff_t add_len = 0; - int idx = -1; + ptrdiff_t idx = -1; if (str_multibyte) { @@ -2813,7 +2813,7 @@ since only regular expressions have distinguished subexpressions. */) static Lisp_Object match_limit (Lisp_Object num, int beginningp) { - register int n; + EMACS_INT n; CHECK_NUMBER (num); n = XINT (num); -- 2.39.2