Commit 6efdadfd authored by Paul Eggert's avatar Paul Eggert

* lread.c: Fix off-by-one error that can read outside a buffer.

parent 43f6f8d5
2011-10-23 Paul Eggert <eggert@cs.ucla.edu>
2011-10-24 Paul Eggert <eggert@cs.ucla.edu>
Fix integer width and related bugs.
* alloc.c (pure_bytes_used_lisp, pure_bytes_used_non_lisp):
......@@ -495,6 +495,7 @@
(openp): Check for out-of-range argument to 'access'.
(read1): Use int, not EMACS_INT, where int is wide enough.
Don't assume fixnum fits into int.
Fix off-by-one error that can read outside a buffer.
(read_filtered_event): Use duration_to_sec_usec
to do proper overflow checking on durations.
* macros.c (Fstart_kbd_macro): Use xpalloc to check for overflow
......
......@@ -2508,11 +2508,13 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list)
ptrdiff_t size;
tmp = read_vector (readcharfun, 0);
size = ASIZE (tmp);
if (size == 0)
error ("Invalid size char-table");
if (! RANGED_INTEGERP (1, AREF (tmp, 0), 3))
error ("Invalid depth in char-table");
depth = XINT (AREF (tmp, 0));
size = ASIZE (tmp) - 2;
if (chartab_size [depth] != size)
if (chartab_size[depth] != size - 2)
error ("Invalid size char-table");
XSETPVECTYPE (XVECTOR (tmp), PVEC_SUB_CHAR_TABLE);
return tmp;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment