diff options
| author | Paul Eggert | 2011-09-04 10:27:38 -0700 |
|---|---|---|
| committer | Paul Eggert | 2011-09-04 10:27:38 -0700 |
| commit | a0efffc812bd88fd3a710c84ae3bf0db989298e1 (patch) | |
| tree | bdecd3cd7f5fbb26aea3bc08769c2a4e0c256704 | |
| parent | 29ebea3b123db665db1267880df65d0ec697aff3 (diff) | |
| download | emacs-a0efffc812bd88fd3a710c84ae3bf0db989298e1.tar.gz emacs-a0efffc812bd88fd3a710c84ae3bf0db989298e1.zip | |
* search.c: Integer overflow fixes
(Freplace_match): Use ptrdiff_t, not int, for indexes that can
exceed INT_MAX. Check that EMACS_INT value is in range before
assigning it to the (possibly-narrower) index.
(match_limit): Don't assume that a fixnum can fit in 'int'.
| -rw-r--r-- | src/ChangeLog | 6 | ||||
| -rw-r--r-- | src/search.c | 10 |
2 files changed, 11 insertions, 5 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index cbd8cd2c219..101fa7ceab7 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -1,5 +1,11 @@ | |||
| 1 | 2011-09-04 Paul Eggert <eggert@cs.ucla.edu> | 1 | 2011-09-04 Paul Eggert <eggert@cs.ucla.edu> |
| 2 | 2 | ||
| 3 | * search.c: Integer overflow fixes | ||
| 4 | (Freplace_match): Use ptrdiff_t, not int, for indexes that can | ||
| 5 | exceed INT_MAX. Check that EMACS_INT value is in range before | ||
| 6 | assigning it to the (possibly-narrower) index. | ||
| 7 | (match_limit): Don't assume that a fixnum can fit in 'int'. | ||
| 8 | |||
| 3 | * print.c: Integer overflow fix. | 9 | * print.c: Integer overflow fix. |
| 4 | (print_object): Use ptrdiff_t, not int, for index that can | 10 | (print_object): Use ptrdiff_t, not int, for index that can |
| 5 | exceed INT_MAX. | 11 | exceed INT_MAX. |
diff --git a/src/search.c b/src/search.c index d892792cbaa..b3d67e6c431 100644 --- a/src/search.c +++ b/src/search.c | |||
| @@ -2404,7 +2404,7 @@ since only regular expressions have distinguished subexpressions. */) | |||
| 2404 | int some_uppercase; | 2404 | int some_uppercase; |
| 2405 | int some_nonuppercase_initial; | 2405 | int some_nonuppercase_initial; |
| 2406 | register int c, prevc; | 2406 | register int c, prevc; |
| 2407 | int sub; | 2407 | ptrdiff_t sub; |
| 2408 | EMACS_INT opoint, newpoint; | 2408 | EMACS_INT opoint, newpoint; |
| 2409 | 2409 | ||
| 2410 | CHECK_STRING (newtext); | 2410 | CHECK_STRING (newtext); |
| @@ -2423,9 +2423,9 @@ since only regular expressions have distinguished subexpressions. */) | |||
| 2423 | else | 2423 | else |
| 2424 | { | 2424 | { |
| 2425 | CHECK_NUMBER (subexp); | 2425 | CHECK_NUMBER (subexp); |
| 2426 | sub = XINT (subexp); | 2426 | if (! (0 <= XINT (subexp) && XINT (subexp) < search_regs.num_regs)) |
| 2427 | if (sub < 0 || sub >= search_regs.num_regs) | ||
| 2428 | args_out_of_range (subexp, make_number (search_regs.num_regs)); | 2427 | args_out_of_range (subexp, make_number (search_regs.num_regs)); |
| 2428 | sub = XINT (subexp); | ||
| 2429 | } | 2429 | } |
| 2430 | 2430 | ||
| 2431 | if (NILP (string)) | 2431 | if (NILP (string)) |
| @@ -2662,7 +2662,7 @@ since only regular expressions have distinguished subexpressions. */) | |||
| 2662 | unsigned char str[MAX_MULTIBYTE_LENGTH]; | 2662 | unsigned char str[MAX_MULTIBYTE_LENGTH]; |
| 2663 | const unsigned char *add_stuff = NULL; | 2663 | const unsigned char *add_stuff = NULL; |
| 2664 | ptrdiff_t add_len = 0; | 2664 | ptrdiff_t add_len = 0; |
| 2665 | int idx = -1; | 2665 | ptrdiff_t idx = -1; |
| 2666 | 2666 | ||
| 2667 | if (str_multibyte) | 2667 | if (str_multibyte) |
| 2668 | { | 2668 | { |
| @@ -2813,7 +2813,7 @@ since only regular expressions have distinguished subexpressions. */) | |||
| 2813 | static Lisp_Object | 2813 | static Lisp_Object |
| 2814 | match_limit (Lisp_Object num, int beginningp) | 2814 | match_limit (Lisp_Object num, int beginningp) |
| 2815 | { | 2815 | { |
| 2816 | register int n; | 2816 | EMACS_INT n; |
| 2817 | 2817 | ||
| 2818 | CHECK_NUMBER (num); | 2818 | CHECK_NUMBER (num); |
| 2819 | n = XINT (num); | 2819 | n = XINT (num); |