From c86960f076fd12d743da2b30768323efb9c22bbf Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 28 Jul 2011 18:00:29 -0700
Subject: [PATCH] * macros.c: Integer and memory overflow fixes.

(Fstart_kbd_macro): Don't update size until alloc done.
(store_kbd_macro_char): Reorder multiplicands to avoid overflow.
---
 src/ChangeLog | 4 ++++
 src/macros.c  | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 24d67e2463e..435d883e14f 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,9 @@
 2011-07-29  Paul Eggert  <eggert@cs.ucla.edu>
 
+	* macros.c: Integer and memory overflow fixes.
+	(Fstart_kbd_macro): Don't update size until alloc done.
+	(store_kbd_macro_char): Reorder multiplicands to avoid overflow.
+
 	* lread.c (read1, init_obarray): Don't update size until alloc done.
 
 	* keymap.c: Integer overflow fixes.
diff --git a/src/macros.c b/src/macros.c
index 60f30c3fbbe..f6cd3a3ccad 100644
--- a/src/macros.c
+++ b/src/macros.c
@@ -62,9 +62,9 @@ macro before appending to it. */)
 
   if (!current_kboard->kbd_macro_buffer)
     {
-      current_kboard->kbd_macro_bufsize = 30;
       current_kboard->kbd_macro_buffer
 	= (Lisp_Object *)xmalloc (30 * sizeof (Lisp_Object));
+      current_kboard->kbd_macro_bufsize = 30;
     }
   update_mode_lines++;
   if (NILP (append))
@@ -202,7 +202,7 @@ store_kbd_macro_char (Lisp_Object c)
 	  if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof *kb->kbd_macro_buffer / 2
 	      < kb->kbd_macro_bufsize)
 	    memory_full (SIZE_MAX);
-	  nbytes = kb->kbd_macro_bufsize * 2 * sizeof *kb->kbd_macro_buffer;
+	  nbytes = kb->kbd_macro_bufsize * (2 * sizeof *kb->kbd_macro_buffer);
 	  kb->kbd_macro_buffer
 	    = (Lisp_Object *) xrealloc (kb->kbd_macro_buffer, nbytes);
 	  kb->kbd_macro_bufsize *= 2;
-- 
2.39.2