Commit 67c36fce authored by Paul Eggert's avatar Paul Eggert

* buffer.c (record_overlay_string): Check for size-calculation overflow.

(struct sortstrlist.size, struct sortlist.used): Don't truncate size to int.
parent 93cb6be3
......@@ -3,7 +3,10 @@
* buffer.c (struct sortvec.priority, struct sortstr.priority):
Now EMACS_INT, not int.
(compare_overlays, cmp_for_strings): Avoid subtraction overflow.
(struct sortstr.size, record_overlay_string): Don't truncate size to int.
(struct sortstr.size, record_overlay_string)
(struct sortstrlist.size, struct sortlist.used):
Don't truncate size to int.
(record_overlay_string): Check for size-calculation overflow.
2011-06-16 Paul Eggert <eggert@cs.ucla.edu>
......
......@@ -2933,8 +2933,8 @@ struct sortstr
struct sortstrlist
{
struct sortstr *buf; /* An array that expands as needed; never freed. */
int size; /* Allocated length of that array. */
int used; /* How much of the array is currently in use. */
ptrdiff_t size; /* Allocated length of that array. */
ptrdiff_t used; /* How much of the array is currently in use. */
EMACS_INT bytes; /* Total length of the strings in buf. */
};
......@@ -2969,7 +2969,10 @@ record_overlay_string (struct sortstrlist *ssl, Lisp_Object str,
if (ssl->used == ssl->size)
{
if (ssl->buf)
if (min (PTRDIFF_MAX, SIZE_MAX) / (sizeof (struct sortstr) * 2)
< ssl->size)
memory_full (SIZE_MAX);
else if (0 < ssl->size)
ssl->size *= 2;
else
ssl->size = 5;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment