From c9f8d652ab67b148cd0a1cb375b0e51e673c4094 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Thu, 28 Jul 2011 14:37:15 -0700 Subject: [PATCH] * editfns.c: Integer and memory overflow fixes. (set_time_zone_rule): Don't assume environment length fits in int. (message_length): Now ptrdiff_t, not int. (Fmessage_box): Don't update size until allocation succeeds. Don't assume message length fits in int. (Fformat): Use ptrdiff_t, not EMACS_INT, where ptrdiff_t will do. --- src/ChangeLog | 7 +++++++ src/editfns.c | 8 ++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 6cf9a1f8622..b823dd54498 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,12 @@ 2011-07-28 Paul Eggert + * editfns.c: Integer and memory overflow fixes. + (set_time_zone_rule): Don't assume environment length fits in int. + (message_length): Now ptrdiff_t, not int. + (Fmessage_box): Don't update size until allocation succeeds. + Don't assume message length fits in int. + (Fformat): Use ptrdiff_t, not EMACS_INT, where ptrdiff_t will do. + * doc.c: Integer and memory overflow fixes. (get_doc_string_buffer_size): Now ptrdiff_t, not int. (get_doc_string): Check for size calculation overflow. diff --git a/src/editfns.c b/src/editfns.c index 18fefa5e3b5..1616305faa3 100644 --- a/src/editfns.c +++ b/src/editfns.c @@ -2105,7 +2105,7 @@ static char set_time_zone_rule_tz2[] = "TZ=GMT+1"; void set_time_zone_rule (const char *tzstring) { - int envptrs; + ptrdiff_t envptrs; char **from, **to, **newenv; /* Make the ENVIRON vector longer with room for TZSTRING. */ @@ -3355,7 +3355,7 @@ usage: (save-restriction &rest BODY) */) static char *message_text; /* Allocated length of that buffer. */ -static int message_length; +static ptrdiff_t message_length; DEFUN ("message", Fmessage, Smessage, 1, MANY, 0, doc: /* Display a message at the bottom of the screen. @@ -3437,8 +3437,8 @@ usage: (message-box FORMAT-STRING &rest ARGS) */) } if (SBYTES (val) > message_length) { + message_text = (char *) xrealloc (message_text, SBYTES (val)); message_length = SBYTES (val); - message_text = (char *)xrealloc (message_text, message_length); } memcpy (message_text, SDATA (val), SBYTES (val)); message2 (message_text, SBYTES (val), @@ -4163,7 +4163,7 @@ usage: (format STRING &rest OBJECTS) */) character. CONVBYTES says how much room is needed. Allocate enough room (and then some) and do it again. */ { - EMACS_INT used = p - buf; + ptrdiff_t used = p - buf; if (max_bufsize - used < convbytes) string_overflow (); -- 2.39.2