Refactor negative file size checking

* src/fileio.c (Finsert_file_contents): Check for negative file sizes earlier, as it’s easy, avoids some unnecessary work, and will simplify later changes.
author: Paul Eggert 2025-07-12 12:13:32 -0700
committer: Paul Eggert 2025-07-13 21:09:39 -0700
commit: aa172be7d05f537509c37ef557774e550eecda7e (patch)
tree: d67d6974a9edc26abf635374a1d468b0cbc027fa
parent: b1ada33b5dfac62258e9e3cb957dbe722b7c8990 (diff)
download: emacs-aa172be7d05f537509c37ef557774e550eecda7e.tar.gz
emacs-aa172be7d05f537509c37ef557774e550eecda7e.zip
1 files changed, 14 insertions, 10 deletions
diff --git a/src/fileio.c b/src/fileio.c
index 24efff21e4c..ec9ec6bd3c1 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -4092,6 +4092,9 @@ by calling `format-decode', which see.  */)
  ptrdiff_t same_at_end_charpos = ZV;
  bool seekable = true;
+  /* A hint about the file size, or -1 if there is no hint.  */
+  off_t file_size_hint = -1;
  if (current_buffer->base_buffer && ! NILP (visit))
    error ("Cannot do file visiting in an indirect buffer");
@@ -4136,9 +4139,6 @@ by calling `format-decode', which see.  */)
  filename = ENCODE_FILE (filename);
-  /* A hint about the file size, or -1 if there is no hint.  */
-  off_t file_size_hint;
  fd = emacs_fd_open (SSDATA (filename), O_RDONLY, 0);
  if (!emacs_fd_valid_p (fd))
    {
@@ -4146,7 +4146,6 @@ by calling `format-decode', which see.  */)
      if (NILP (visit))
        report_file_error ("Opening input file", orig_filename);
      mtime = time_error_value (save_errno);
-      file_size_hint = -1;
      if (!NILP (Vcoding_system_for_read))
        {
          /* Don't let invalid values into buffer-file-coding-system.  */
@@ -4174,7 +4173,17 @@ by calling `format-decode', which see.  */)
      report_file_error ("Input file status", orig_filename);
    regular = S_ISREG (st.st_mode) != 0;
    bool memory_object = S_TYPEISSHM (&st) || S_TYPEISTMO (&st);
-    file_size_hint = regular | memory_object ? st.st_size : -1;
+    if (regular | memory_object)
+      {
+        file_size_hint = st.st_size;
+        /* A negative size can happen on a platform that allows file
+           sizes greater than the maximum off_t value.  */
+        if (file_size_hint < 0)
+          buffer_overflow ();
+      }
    mtime = (memory_object
             ? make_timespec (0, UNKNOWN_MODTIME_NSECS)
             : get_stat_mtime (&st));
@@ -4221,11 +4230,6 @@ by calling `format-decode', which see.  */)
        {
          end_offset = file_size_hint;
-          /* A negative size can happen on a platform that allows file
-             sizes greater than the maximum off_t value.  */
-          if (end_offset < 0)
-            buffer_overflow ();
          /* The file size returned from fstat may be zero, but data
             may be readable nonetheless, for example when this is a
             file in the /proc filesystem.  */
author	Paul Eggert	2025-07-12 12:13:32 -0700
committer	Paul Eggert	2025-07-13 21:09:39 -0700
commit	aa172be7d05f537509c37ef557774e550eecda7e (patch)
tree	d67d6974a9edc26abf635374a1d468b0cbc027fa
parent	b1ada33b5dfac62258e9e3cb957dbe722b7c8990 (diff)
download	emacs-aa172be7d05f537509c37ef557774e550eecda7e.tar.gz emacs-aa172be7d05f537509c37ef557774e550eecda7e.zip

diff --git a/src/fileio.c b/src/fileio.c index 24efff21e4c..ec9ec6bd3c1 100644 --- a/src/fileio.c +++ b/src/fileio.c
@@ -4092,6 +4092,9 @@ by calling `format-decode', which see. */)
4092	ptrdiff_t same_at_end_charpos = ZV;	4092	ptrdiff_t same_at_end_charpos = ZV;
4093	bool seekable = true;	4093	bool seekable = true;
4094		4094
		4095	/* A hint about the file size, or -1 if there is no hint. */
		4096	off_t file_size_hint = -1;
		4097
4095	if (current_buffer->base_buffer && ! NILP (visit))	4098	if (current_buffer->base_buffer && ! NILP (visit))
4096	error ("Cannot do file visiting in an indirect buffer");	4099	error ("Cannot do file visiting in an indirect buffer");
4097		4100
@@ -4136,9 +4139,6 @@ by calling `format-decode', which see. */)
4136		4139
4137	filename = ENCODE_FILE (filename);	4140	filename = ENCODE_FILE (filename);
4138		4141
4139	/* A hint about the file size, or -1 if there is no hint. */
4140	off_t file_size_hint;
4141
4142	fd = emacs_fd_open (SSDATA (filename), O_RDONLY, 0);	4142	fd = emacs_fd_open (SSDATA (filename), O_RDONLY, 0);
4143	if (!emacs_fd_valid_p (fd))	4143	if (!emacs_fd_valid_p (fd))
4144	{	4144	{
@@ -4146,7 +4146,6 @@ by calling `format-decode', which see. */)
4146	if (NILP (visit))	4146	if (NILP (visit))
4147	report_file_error ("Opening input file", orig_filename);	4147	report_file_error ("Opening input file", orig_filename);
4148	mtime = time_error_value (save_errno);	4148	mtime = time_error_value (save_errno);
4149	file_size_hint = -1;
4150	if (!NILP (Vcoding_system_for_read))	4149	if (!NILP (Vcoding_system_for_read))
4151	{	4150	{
4152	/* Don't let invalid values into buffer-file-coding-system. */	4151	/* Don't let invalid values into buffer-file-coding-system. */
@@ -4174,7 +4173,17 @@ by calling `format-decode', which see. */)
4174	report_file_error ("Input file status", orig_filename);	4173	report_file_error ("Input file status", orig_filename);
4175	regular = S_ISREG (st.st_mode) != 0;	4174	regular = S_ISREG (st.st_mode) != 0;
4176	bool memory_object = S_TYPEISSHM (&st) \|\| S_TYPEISTMO (&st);	4175	bool memory_object = S_TYPEISSHM (&st) \|\| S_TYPEISTMO (&st);
4177	file_size_hint = regular \| memory_object ? st.st_size : -1;	4176
		4177	if (regular \| memory_object)
		4178	{
		4179	file_size_hint = st.st_size;
		4180
		4181	/* A negative size can happen on a platform that allows file
		4182	sizes greater than the maximum off_t value. */
		4183	if (file_size_hint < 0)
		4184	buffer_overflow ();
		4185	}
		4186
4178	mtime = (memory_object	4187	mtime = (memory_object
4179	? make_timespec (0, UNKNOWN_MODTIME_NSECS)	4188	? make_timespec (0, UNKNOWN_MODTIME_NSECS)
4180	: get_stat_mtime (&st));	4189	: get_stat_mtime (&st));
@@ -4221,11 +4230,6 @@ by calling `format-decode', which see. */)
4221	{	4230	{
4222	end_offset = file_size_hint;	4231	end_offset = file_size_hint;
4223		4232
4224	/* A negative size can happen on a platform that allows file
4225	sizes greater than the maximum off_t value. */
4226	if (end_offset < 0)
4227	buffer_overflow ();
4228
4229	/* The file size returned from fstat may be zero, but data	4233	/* The file size returned from fstat may be zero, but data
4230	may be readable nonetheless, for example when this is a	4234	may be readable nonetheless, for example when this is a
4231	file in the /proc filesystem. */	4235	file in the /proc filesystem. */