aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Eggert2011-07-17 23:44:01 -0700
committerPaul Eggert2011-07-17 23:44:01 -0700
commitcaeeedc1afd7205303a99ef8ce7e4ce7d2055042 (patch)
treea7d77fb5203b1f2b1ed0d3d79fda29587e0540d2
parent50849c52f8cf342b81c1db12b13f866ec6c049fc (diff)
downloademacs-caeeedc1afd7205303a99ef8ce7e4ce7d2055042.tar.gz
emacs-caeeedc1afd7205303a99ef8ce7e4ce7d2055042.zip
* charset.c (read_hex): New arg OVERFLOW. All uses changed.
Remove unreachable code. (read_hex, load_charset_map_from_file): Check for integer overflow.
Diffstat
-rw-r--r--src/ChangeLog6
-rw-r--r--src/charset.c35
2 files changed, 26 insertions, 15 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 940beee887d..869e2637cf4 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
12011-07-18 Paul Eggert <eggert@cs.ucla.edu>
2
3 * charset.c (read_hex): New arg OVERFLOW. All uses changed.
4 Remove unreachable code.
5 (read_hex, load_charset_map_from_file): Check for integer overflow.
6
12011-07-17 Paul Eggert <eggert@cs.ucla.edu> 72011-07-17 Paul Eggert <eggert@cs.ucla.edu>
2 8
3 * xterm.c: don't go over XClientMessageEvent limit 9 * xterm.c: don't go over XClientMessageEvent limit
diff --git a/src/charset.c b/src/charset.c
index 55234aa76aa..e2bfcd08671 100644
--- a/src/charset.c
+++ b/src/charset.c
@@ -419,7 +419,7 @@ load_charset_map (struct charset *charset, struct charset_map_entries *entries,
419 paying attention to comment character '#'. */ 419 paying attention to comment character '#'. */
420 420
421static inline unsigned 421static inline unsigned
422read_hex (FILE *fp, int *eof) 422read_hex (FILE *fp, int *eof, int *overflow)
423{ 423{
424 int c; 424 int c;
425 unsigned n; 425 unsigned n;
@@ -441,15 +441,16 @@ read_hex (FILE *fp, int *eof)
441 *eof = 1; 441 *eof = 1;
442 return 0; 442 return 0;
443 } 443 }
444 *eof = 0;
445 n = 0; 444 n = 0;
446 if (c == 'x') 445 while (isxdigit (c = getc (fp)))
447 while ((c = getc (fp)) != EOF && isxdigit (c)) 446 {
447 if (UINT_MAX >> 4 < n)
448 *overflow = 1;
448 n = ((n << 4) 449 n = ((n << 4)
449 | (c <= '9' ? c - '0' : c <= 'F' ? c - 'A' + 10 : c - 'a' + 10)); 450 | (c - ('0' <= c && c <= '9' ? '0'
450 else 451 : 'A' <= c && c <= 'F' ? 'A' - 10
451 while ((c = getc (fp)) != EOF && isdigit (c)) 452 : 'a' - 10)));
452 n = (n * 10) + c - '0'; 453 }
453 if (c != EOF) 454 if (c != EOF)
454 ungetc (c, fp); 455 ungetc (c, fp);
455 return n; 456 return n;
@@ -479,7 +480,6 @@ load_charset_map_from_file (struct charset *charset, Lisp_Object mapfile, int co
479 unsigned max_code = CHARSET_MAX_CODE (charset); 480 unsigned max_code = CHARSET_MAX_CODE (charset);
480 int fd; 481 int fd;
481 FILE *fp; 482 FILE *fp;
482 int eof;
483 Lisp_Object suffixes; 483 Lisp_Object suffixes;
484 struct charset_map_entries *head, *entries; 484 struct charset_map_entries *head, *entries;
485 int n_entries, count; 485 int n_entries, count;
@@ -504,22 +504,27 @@ load_charset_map_from_file (struct charset *charset, Lisp_Object mapfile, int co
504 memset (entries, 0, sizeof (struct charset_map_entries)); 504 memset (entries, 0, sizeof (struct charset_map_entries));
505 505
506 n_entries = 0; 506 n_entries = 0;
507 eof = 0;
508 while (1) 507 while (1)
509 { 508 {
510 unsigned from, to; 509 unsigned from, to, c;
511 int c;
512 int idx; 510 int idx;
511 int eof = 0, overflow = 0;
513 512
514 from = read_hex (fp, &eof); 513 from = read_hex (fp, &eof, &overflow);
515 if (eof) 514 if (eof)
516 break; 515 break;
517 if (getc (fp) == '-') 516 if (getc (fp) == '-')
518 to = read_hex (fp, &eof); 517 to = read_hex (fp, &eof, &overflow);
519 else 518 else
520 to = from; 519 to = from;
521 c = (int) read_hex (fp, &eof); 520 if (eof)
521 break;
522 c = read_hex (fp, &eof, &overflow);
523 if (eof)
524 break;
522 525
526 if (overflow)
527 continue;
523 if (from < min_code || to > max_code || from > to || c > MAX_CHAR) 528 if (from < min_code || to > max_code || from > to || c > MAX_CHAR)
524 continue; 529 continue;
525 530
generated by cgit v1.2.1 (git 2.18.0) at 2026-01-20 02:17:33 +0000