* charset.c (Fdefine_charset_internal): Check for integer overflow.

Add a FIXME comment about memory leaks. (syms_of_charset): Don't assume xmalloc returns.

* charset.c (Fdefine_charset_internal): Check for integer overflow.
Add a FIXME comment about memory leaks. (syms_of_charset): Don't assume xmalloc returns.
e097a6fa · Paul Eggert · 5637687f · e097a6fa · e097a6fa
Commit e097a6fa authored Jul 18, 2011 by Paul Eggert
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 3 deletions

src/ChangeLog src/ChangeLog +4 -0

src/charset.c src/charset.c +17 -3

No files found.
--- a/src/ChangeLog
+++ b/src/ChangeLog
 2011-07-19  Paul Eggert  <eggert@cs.ucla.edu>

+	* charset.c (Fdefine_charset_internal): Check for integer overflow.
+	Add a FIXME comment about memory leaks.
+	(syms_of_charset): Don't assume xmalloc returns.
+
 	Don't assume that stated character widths fit in int.
 	* character.c (Fchar_width, c_string_width, lisp_string_width):
 	* character.h (CHAR_WIDTH):

--- a/src/charset.c
+++ b/src/charset.c
@@ -1150,13 +1150,28 @@ usage: (define-charset-internal ...)  */)
 				     hash_code);
      if (charset_table_used == charset_table_size)
 	{
-	  struct charset *new_table
+	  struct charset *new_table;
+	  /* Ensure that charset IDs fit into 'int' as well as into the
+	     restriction imposed by fixnums, ptrdiff_t, and size_t.
+	     Although the 'int' restriction could be removed, too much other
+	     code would need altering; for example, the IDs are stuffed into
+	     struct coding_system.charbuf[i] entries, which are 'int'.  */
+	  int charset_table_size_max =
+	    min (min (INT_MAX, MOST_POSITIVE_FIXNUM),
+		 min (PTRDIFF_MAX, SIZE_MAX) / sizeof (struct charset));
+	  if (charset_table_size_max - 16 < charset_table_size)
+	    memory_full (SIZE_MAX);
+	  new_table
 	    = (struct charset *) xmalloc (sizeof (struct charset)
 					  * (charset_table_size + 16));
 	  memcpy (new_table, charset_table,
 		  sizeof (struct charset) * charset_table_size);
 	  charset_table_size += 16;
 	  charset_table = new_table;
+	  /* FIXME: Doesn't this leak memory?  The old charset_table
+	     becomes unreachable.  If the memory leak is intentional,
+	     a comment should be added to explain this.  If not, the
+	     old charset_table should be freed, using xfree.  */
 	}
      id = charset_table_used++;
      new_definition_p = 1;
@@ -2347,9 +2362,8 @@ syms_of_charset (void)
    Vcharset_hash_table = Fmake_hash_table (2, args);
  }

+  charset_table = (struct charset *) xmalloc (sizeof (struct charset) * 128);
  charset_table_size = 128;
-  charset_table = ((struct charset *)
-		   xmalloc (sizeof (struct charset) * charset_table_size));
  charset_table_used = 0;

  defsubr (&Scharsetp);