* buffer.c (record_overlay_string): Check for size-calculation overflow.

(struct sortstrlist.size, struct sortlist.used): Don't truncate size to int.

* buffer.c (record_overlay_string): Check for size-calculation overflow.
(struct sortstrlist.size, struct sortlist.used): Don't truncate size to int.
67c36fce · Paul Eggert · 93cb6be3 · 67c36fce · 67c36fce
Commit 67c36fce authored Jun 17, 2011 by Paul Eggert
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 4 deletions

src/ChangeLog src/ChangeLog +4 -1

src/buffer.c src/buffer.c +6 -3

No files found.
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -3,7 +3,10 @@
 	* buffer.c (struct sortvec.priority, struct sortstr.priority):
 	Now EMACS_INT, not int.
 	(compare_overlays, cmp_for_strings): Avoid subtraction overflow.
-	(struct sortstr.size, record_overlay_string): Don't truncate size to int.
+	(struct sortstr.size, record_overlay_string)
+	(struct sortstrlist.size, struct sortlist.used):
+	Don't truncate size to int.
+	(record_overlay_string): Check for size-calculation overflow.

 2011-06-16  Paul Eggert  <eggert@cs.ucla.edu>


--- a/src/buffer.c
+++ b/src/buffer.c
@@ -2933,8 +2933,8 @@ struct sortstr
 struct sortstrlist
 {
  struct sortstr *buf;	/* An array that expands as needed; never freed.  */
-  int size;		/* Allocated length of that array.  */
-  int used;		/* How much of the array is currently in use.  */
+  ptrdiff_t size;	/* Allocated length of that array.  */
+  ptrdiff_t used;	/* How much of the array is currently in use.  */
  EMACS_INT bytes;		/* Total length of the strings in buf.  */
 };

@@ -2969,7 +2969,10 @@ record_overlay_string (struct sortstrlist *ssl, Lisp_Object str,

  if (ssl->used == ssl->size)
    {
-      if (ssl->buf)
+      if (min (PTRDIFF_MAX, SIZE_MAX) / (sizeof (struct sortstr) * 2)
+	  < ssl->size)
+	memory_full (SIZE_MAX);
+      else if (0 < ssl->size)
 	ssl->size *= 2;
      else
 	ssl->size = 5;