Commit 86f61a15 authored by Paul Eggert's avatar Paul Eggert
Browse files

* alloc.c (allocate_vectorlike): Check for ptrdiff_t overflow.

parent c78baabf
2011-06-08 Paul Eggert <eggert@cs.ucla.edu>
* alloc.c (Fmake_bool_vector): Don't assume vector size fits in int.
(allocate_vectorlike): Check for ptrdiff_t overflow.
* alloc.c: Catch some string size overflows that we were missing.
(XMALLOC_OVERRUN_CHECK_SIZE) [!XMALLOC_OVERRUN_CHECK]: Define to 0,
......
......@@ -2802,10 +2802,11 @@ allocate_vectorlike (EMACS_INT len)
{
struct Lisp_Vector *p;
size_t nbytes;
ptrdiff_t nbytes_max = min (PTRDIFF_MAX, SIZE_MAX);
int header_size = offsetof (struct Lisp_Vector, contents);
int word_size = sizeof p->contents[0];
if ((SIZE_MAX - header_size) / word_size < len)
if ((nbytes_max - header_size) / word_size < len)
memory_full (SIZE_MAX);
MALLOC_BLOCK_INPUT;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment