* region-cache.c (move_cache_gap): Check for size calculation overflow.

author: Paul Eggert 2011-07-28 18:10:08 -0700
committer: Paul Eggert 2011-07-28 18:10:08 -0700
commit: 7d56f940979701a930cf9a7bc753fb9f39ce508b (patch)
tree: 84c43a98f09f4fca9179e4ab2aac7f1391df53e0
parent: bf2da747e95a3902bf715076aeee947d657c94cd (diff)
download: emacs-7d56f940979701a930cf9a7bc753fb9f39ce508b.tar.gz
emacs-7d56f940979701a930cf9a7bc753fb9f39ce508b.zip
2 files changed, 11 insertions, 4 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 46d2cdb82f7..662d03aaf3d 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,7 @@
 2011-07-29  Paul Eggert  <eggert@cs.ucla.edu>
+        * region-cache.c (move_cache_gap): Check for size calculation overflow.
        * process.c (Fnetwork_interface_list): Check for overflow
        in size calculation.
diff --git a/src/region-cache.c b/src/region-cache.c
index d701f4d71b0..e6cec96171d 100644
--- a/src/region-cache.c
+++ b/src/region-cache.c
@@ -247,11 +247,16 @@ move_cache_gap (struct region_cache *c, EMACS_INT pos, EMACS_INT min_size)
  if (gap_len < min_size)
    {
      EMACS_INT i;
+      ptrdiff_t cache_len_max =
+        min (PTRDIFF_MAX, SIZE_MAX) / sizeof *c->boundaries;
+      ptrdiff_t min_size_max = cache_len_max - c->cache_len;
-      /* Always make at least NEW_CACHE_GAP elements, as long as we're
+      if (min_size_max < min_size)
-         expanding anyway.  */
+        memory_full (SIZE_MAX);
-      if (min_size < NEW_CACHE_GAP)
-        min_size = NEW_CACHE_GAP;
+      /* Unless running out of space, make at least NEW_CACHE_GAP
+         elements, as long as we're expanding anyway.  */
+      min_size = max (min_size, min (min_size_max, NEW_CACHE_GAP));
      c->boundaries =
        (struct boundary *) xrealloc (c->boundaries,
author	Paul Eggert	2011-07-28 18:10:08 -0700
committer	Paul Eggert	2011-07-28 18:10:08 -0700
commit	7d56f940979701a930cf9a7bc753fb9f39ce508b (patch)
tree	84c43a98f09f4fca9179e4ab2aac7f1391df53e0
parent	bf2da747e95a3902bf715076aeee947d657c94cd (diff)
download	emacs-7d56f940979701a930cf9a7bc753fb9f39ce508b.tar.gz emacs-7d56f940979701a930cf9a7bc753fb9f39ce508b.zip

diff --git a/src/ChangeLog b/src/ChangeLog index 46d2cdb82f7..662d03aaf3d 100644 --- a/src/ChangeLog +++ b/src/ChangeLog
@@ -1,5 +1,7 @@
1	2011-07-29 Paul Eggert <eggert@cs.ucla.edu>	1	2011-07-29 Paul Eggert <eggert@cs.ucla.edu>
2		2
		3	* region-cache.c (move_cache_gap): Check for size calculation overflow.
		4
3	* process.c (Fnetwork_interface_list): Check for overflow	5	* process.c (Fnetwork_interface_list): Check for overflow
4	in size calculation.	6	in size calculation.
5		7


diff --git a/src/region-cache.c b/src/region-cache.c index d701f4d71b0..e6cec96171d 100644 --- a/src/region-cache.c +++ b/src/region-cache.c
@@ -247,11 +247,16 @@ move_cache_gap (struct region_cache *c, EMACS_INT pos, EMACS_INT min_size)
247	if (gap_len < min_size)	247	if (gap_len < min_size)
248	{	248	{
249	EMACS_INT i;	249	EMACS_INT i;
		250	ptrdiff_t cache_len_max =
		251	min (PTRDIFF_MAX, SIZE_MAX) / sizeof *c->boundaries;
		252	ptrdiff_t min_size_max = cache_len_max - c->cache_len;
250		253
251	/* Always make at least NEW_CACHE_GAP elements, as long as we're	254	if (min_size_max < min_size)
252	expanding anyway. */	255	memory_full (SIZE_MAX);
253	if (min_size < NEW_CACHE_GAP)	256
254	min_size = NEW_CACHE_GAP;	257	/* Unless running out of space, make at least NEW_CACHE_GAP
		258	elements, as long as we're expanding anyway. */
		259	min_size = max (min_size, min (min_size_max, NEW_CACHE_GAP));
255		260
256	c->boundaries =	261	c->boundaries =
257	(struct boundary *) xrealloc (c->boundaries,	262	(struct boundary *) xrealloc (c->boundaries,