Commit f0eb61e9 authored by Paul Eggert's avatar Paul Eggert
Browse files

* bidi.c (bidi_cache_ensure_space): Also check that the bidi cache size

does not exceed that of the largest Lisp string or buffer.  See Eli
Zaretskii in <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=9079#29>.
parent 39e378da
......@@ -15,6 +15,9 @@
Don't set bidi_cache_size until after xrealloc returns, because it
might not return.
(bidi_dump_cached_states): Use ptrdiff_t, not int, to avoid overflow.
(bidi_cache_ensure_space): Also check that the bidi cache size
does not exceed that of the largest Lisp string or buffer. See Eli
Zaretskii in <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=9079#29>.
* alloc.c (__malloc_size_t): Remove.
All uses replaced by size_t. See Andreas Schwab's note
......
......@@ -464,9 +464,16 @@ bidi_cache_ensure_space (ptrdiff_t idx)
if (idx >= bidi_cache_size)
{
ptrdiff_t new_size;
ptrdiff_t max_size =
min (PTRDIFF_MAX, SIZE_MAX) / elsz / BIDI_CACHE_CHUNK * BIDI_CACHE_CHUNK;
if (max_size <= idx)
/* The bidi cache cannot be larger than the largest Lisp string
or buffer. */
ptrdiff_t string_or_buffer_bound =
max (BUF_BYTES_MAX, STRING_BYTES_BOUND);
/* Also, it cannot be larger than what C can represent. */
ptrdiff_t c_bound = min (PTRDIFF_MAX, SIZE_MAX) / elsz;
if (min (string_or_buffer_bound, c_bound) <= idx)
memory_full (SIZE_MAX);
new_size = idx - idx % BIDI_CACHE_CHUNK + BIDI_CACHE_CHUNK;
bidi_cache = (struct bidi_it *) xrealloc (bidi_cache, new_size * elsz);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment