From a5a5cbd4e3e55e5dd2afc6826f572c8520350855 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Thu, 28 Jul 2011 18:50:56 -0700 Subject: [PATCH] * xdisp.c: Integer and memory overflow fixes. (store_mode_line_noprop_char, x_consider_frame_title): Use ptrdiff_t, not int, for sizes. (store_mode_line_noprop_char): Don't update size until alloc done. --- src/ChangeLog | 5 +++++ src/xdisp.c | 12 ++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 144ec31c518..a7bc6bdd461 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,10 @@ 2011-07-29 Paul Eggert + * xdisp.c: Integer and memory overflow fixes. + (store_mode_line_noprop_char, x_consider_frame_title): + Use ptrdiff_t, not int, for sizes. + (store_mode_line_noprop_char): Don't update size until alloc done. + * tparam.c: Integer and memory overflow fixes. (tparam1): Use ptrdiff_t, not int, for sizes. Don't update size until alloc done. diff --git a/src/xdisp.c b/src/xdisp.c index 55296db0b8f..92a7b200846 100644 --- a/src/xdisp.c +++ b/src/xdisp.c @@ -10252,8 +10252,12 @@ store_mode_line_noprop_char (char c) double the buffer's size. */ if (mode_line_noprop_ptr == mode_line_noprop_buf_end) { - int len = MODE_LINE_NOPROP_LEN (0); - int new_size = 2 * len * sizeof *mode_line_noprop_buf; + ptrdiff_t len = MODE_LINE_NOPROP_LEN (0); + ptrdiff_t new_size; + + if (STRING_BYTES_BOUND / 2 < len) + memory_full (SIZE_MAX); + new_size = 2 * len; mode_line_noprop_buf = (char *) xrealloc (mode_line_noprop_buf, new_size); mode_line_noprop_buf_end = mode_line_noprop_buf + new_size; mode_line_noprop_ptr = mode_line_noprop_buf + len; @@ -10317,9 +10321,9 @@ x_consider_frame_title (Lisp_Object frame) /* Do we have more than one visible frame on this X display? */ Lisp_Object tail; Lisp_Object fmt; - int title_start; + ptrdiff_t title_start; char *title; - int len; + ptrdiff_t len; struct it it; int count = SPECPDL_INDEX (); -- 2.39.2