From f2cad7739d69b5ca0d0f30ece4ba26592988f8c9 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sat, 27 Aug 2011 00:07:32 -0700
Subject: [PATCH] * ccl.c: Improve and simplify overflow checking (Bug#9196).

(ccl_driver): Do not generate an out-of-range pointer.
(Fccl_execute_on_string): Remove unnecessary check for
integer overflow, noted by Stefan Monnier in
<http://lists.gnu.org/archive/html/emacs-devel/2011-08/msg00979.html>.
Remove a FIXME that didn't need fixing.
Simplify the newly-introduced buffer reallocation code.
---
 src/ChangeLog | 10 ++++++++++
 src/ccl.c     | 32 ++++++++++----------------------
 2 files changed, 20 insertions(+), 22 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 901194ed0a0..7eb18593993 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,13 @@
+2011-08-27  Paul Eggert  <eggert@cs.ucla.edu>
+
+	* ccl.c: Improve and simplify overflow checking (Bug#9196).
+	(ccl_driver): Do not generate an out-of-range pointer.
+	(Fccl_execute_on_string): Remove unnecessary check for
+	integer overflow, noted by Stefan Monnier in
+	<http://lists.gnu.org/archive/html/emacs-devel/2011-08/msg00979.html>.
+	Remove a FIXME that didn't need fixing.
+	Simplify the newly-introduced buffer reallocation code.
+
 2011-08-27  Juanma Barranquero  <lekktu@gmail.com>
 
 	* makefile.w32-in ($(BLD)/alloc.$(O)): Depend on lib/verify.h.
diff --git a/src/ccl.c b/src/ccl.c
index dc0adae6877..b28a284f70a 100644
--- a/src/ccl.c
+++ b/src/ccl.c
@@ -1770,7 +1770,7 @@ ccl_driver (struct ccl_program *ccl, int *source, int *destination, int src_size
 	}
 
       msglen = strlen (msg);
-      if (dst + msglen <= dst_end)
+      if (msglen <= dst_end - dst)
 	{
 	  for (i = 0; i < msglen; i++)
 	    *dst++ = msg[i];
@@ -2127,37 +2127,25 @@ usage: (ccl-execute-on-string CCL-PROGRAM STATUS STRING &optional CONTINUE UNIBY
       src_size = j;
       while (1)
 	{
+	  int max_expansion = NILP (unibyte_p) ? MAX_MULTIBYTE_LENGTH : 1;
+	  ptrdiff_t offset, shortfall;
 	  ccl_driver (&ccl, src, destination, src_size, CCL_EXECUTE_BUF_SIZE,
 		      Qnil);
 	  produced_chars += ccl.produced;
+	  offset = outp - outbuf;
+	  shortfall = ccl.produced * max_expansion - (outbufsize - offset);
+	  if (0 < shortfall)
+	    {
+	      outbuf = xpalloc (outbuf, &outbufsize, shortfall, -1, 1);
+	      outp = outbuf + offset;
+	    }
 	  if (NILP (unibyte_p))
 	    {
-	      /* FIXME: Surely this should be buf_magnification instead.
-		 MAX_MULTIBYTE_LENGTH overestimates the storage needed.  */
-	      int magnification = MAX_MULTIBYTE_LENGTH;
-
-	      ptrdiff_t offset = outp - outbuf;
-	      ptrdiff_t shortfall;
-	      if (INT_MULTIPLY_OVERFLOW (ccl.produced, magnification))
-		memory_full (SIZE_MAX);
-	      shortfall = ccl.produced * magnification - (outbufsize - offset);
-	      if (0 < shortfall)
-		{
-		  outbuf = xpalloc (outbuf, &outbufsize, shortfall, -1, 1);
-		  outp = outbuf + offset;
-		}
 	      for (j = 0; j < ccl.produced; j++)
 		CHAR_STRING_ADVANCE (destination[j], outp);
 	    }
 	  else
 	    {
-	      ptrdiff_t offset = outp - outbuf;
-	      ptrdiff_t shortfall = ccl.produced - (outbufsize - offset);
-	      if (0 < shortfall)
-		{
-		  outbuf = xpalloc (outbuf, &outbufsize, shortfall, -1, 1);
-		  outp = outbuf + offset;
-		}
 	      for (j = 0; j < ccl.produced; j++)
 		*outp++ = destination[j];
 	    }
-- 
2.39.2