Commit 7fcccf1e authored by Paul Eggert's avatar Paul Eggert

* image.c (cache_image): Check for size arithmetic overflow.

parent 39019e54
2011-06-23 Paul Eggert <eggert@cs.ucla.edu>
* image.c (cache_image): Check for size arithmetic overflow.
2011-06-22 Paul Eggert <eggert@cs.ucla.edu>
* lread.c: Integer overflow issues.
......
......@@ -1836,6 +1836,8 @@ cache_image (struct frame *f, struct image *img)
/* If no free slot found, maybe enlarge c->images. */
if (i == c->used && c->used == c->size)
{
if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof *c->images / 2 < c->size)
memory_full (SIZE_MAX);
c->size *= 2;
c->images = (struct image **) xrealloc (c->images,
c->size * sizeof *c->images);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment