From a9a2d4c5ff42df7c7159cd96ca96dc2146aa1d2e Mon Sep 17 00:00:00 2001 From: Eli Zaretskii Date: Tue, 6 Aug 2024 21:19:49 +0300 Subject: [PATCH] Avoid crashes in very large buffers with long lines * src/xdisp.c (get_large_narrowing_begv, get_large_narrowing_zv) (get_medium_narrowing_begv, get_medium_narrowing_zv): Use 'ptrdiff_t' instead of 'int', to prevent integer overflow in large buffers. (Bug#72497) (cherry picked from commit f1e37ae423f3be6224f88a21f30ed40e73a4ce22) --- src/xdisp.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/xdisp.c b/src/xdisp.c index 6f29f159d16..30771a1c83d 100644 --- a/src/xdisp.c +++ b/src/xdisp.c @@ -3647,14 +3647,14 @@ get_narrowed_len (struct window *w) static ptrdiff_t get_medium_narrowing_begv (struct window *w, ptrdiff_t pos) { - int len = get_narrowed_len (w); + ptrdiff_t len = get_narrowed_len (w); return max ((pos / len - 1) * len, BEGV); } static ptrdiff_t get_medium_narrowing_zv (struct window *w, ptrdiff_t pos) { - int len = get_narrowed_len (w); + ptrdiff_t len = get_narrowed_len (w); return min ((pos / len + 1) * len, ZV); } @@ -3704,9 +3704,9 @@ get_large_narrowing_begv (ptrdiff_t pos) { if (long_line_optimizations_region_size <= 0) return BEGV; - int len = long_line_optimizations_region_size / 2; - int begv = max (pos - len, BEGV); - int limit = long_line_optimizations_bol_search_limit; + ptrdiff_t len = long_line_optimizations_region_size / 2; + ptrdiff_t begv = max (pos - len, BEGV); + ptrdiff_t limit = long_line_optimizations_bol_search_limit; while (limit > 0) { if (begv == BEGV || FETCH_BYTE (CHAR_TO_BYTE (begv) - 1) == '\n') @@ -3722,7 +3722,7 @@ get_large_narrowing_zv (ptrdiff_t pos) { if (long_line_optimizations_region_size <= 0) return ZV; - int len = long_line_optimizations_region_size / 2; + ptrdiff_t len = long_line_optimizations_region_size / 2; return min (pos + len, ZV); } -- 2.39.2