Improve buffer-overflow checking (Bug#8873).

author: Paul Eggert 2011-06-16 14:25:42 -0700
committer: Paul Eggert 2011-06-16 14:25:42 -0700
commit: 393d71f34cd42b77afe78fbd174f2b1377182232 (patch)
tree: bb4efa252030d2a65cbf521bf603e9bc403c7c16 /src/ChangeLog
parent: 0cca0a78a4ee6b761c2fd91ee5a6628f23e3368c (diff)
parent: 4847e3f0a94e3f24b40b060af528cf4b51d788c5 (diff)
download: emacs-393d71f34cd42b77afe78fbd174f2b1377182232.tar.gz
emacs-393d71f34cd42b77afe78fbd174f2b1377182232.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 59fb2d89b24..ae1a00cf173 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,29 @@
+2011-06-16  Paul Eggert  <eggert@cs.ucla.edu>
+        Improve buffer-overflow checking (Bug#8873).
+        * fileio.c (Finsert_file_contents):
+        * insdel.c (insert_from_buffer_1, replace_range, replace_range_2):
+        Remove the old (too-loose) buffer overflow checks.
+        They weren't needed, since make_gap checks for buffer overflow.
+        * insdel.c (make_gap_larger): Catch buffer overflows that were missed.
+        The old code merely checked for Emacs fixnum overflow, and relied
+        on undefined (wraparound) behavior.  The new code avoids undefined
+        behavior, and also checks for ptrdiff_t and/or size_t overflow.
+        * editfns.c (Finsert_char): Don't dump core with very negative counts.
+        Tune.  Don't use wider integers than needed.  Don't use alloca.
+        Use a bigger 'string' buffer.  Rewrite to avoid 'n > 0' test.
+        * insdel.c (replace_range): Fix buf overflow when insbytes < outgoing.
+        * insdel.c, lisp.h (buffer_overflow): New function.
+        (insert_from_buffer_1, replace_range, replace_range_2):
+        * insdel.c (make_gap_larger):
+        * editfns.c (Finsert_char):
+        * fileio.c (Finsert_file_contents): Use it, to normalize wording.
+        * buffer.h (BUF_BYTES_MAX): Cast to ptrdiff_t so that it's signed.
 2011-06-15  Paul Eggert  <eggert@cs.ucla.edu>
        Integer overflow and signedness fixes (Bug#8873).
author	Paul Eggert	2011-06-16 14:25:42 -0700
committer	Paul Eggert	2011-06-16 14:25:42 -0700
commit	393d71f34cd42b77afe78fbd174f2b1377182232 (patch)
tree	bb4efa252030d2a65cbf521bf603e9bc403c7c16 /src/ChangeLog
parent	0cca0a78a4ee6b761c2fd91ee5a6628f23e3368c (diff)
parent	4847e3f0a94e3f24b40b060af528cf4b51d788c5 (diff)
download	emacs-393d71f34cd42b77afe78fbd174f2b1377182232.tar.gz emacs-393d71f34cd42b77afe78fbd174f2b1377182232.zip

diff --git a/src/ChangeLog b/src/ChangeLog index 59fb2d89b24..ae1a00cf173 100644 --- a/src/ChangeLog +++ b/src/ChangeLog
@@ -1,3 +1,29 @@
		1	2011-06-16 Paul Eggert <eggert@cs.ucla.edu>
		2
		3	Improve buffer-overflow checking (Bug#8873).
		4	* fileio.c (Finsert_file_contents):
		5	* insdel.c (insert_from_buffer_1, replace_range, replace_range_2):
		6	Remove the old (too-loose) buffer overflow checks.
		7	They weren't needed, since make_gap checks for buffer overflow.
		8	* insdel.c (make_gap_larger): Catch buffer overflows that were missed.
		9	The old code merely checked for Emacs fixnum overflow, and relied
		10	on undefined (wraparound) behavior. The new code avoids undefined
		11	behavior, and also checks for ptrdiff_t and/or size_t overflow.
		12
		13	* editfns.c (Finsert_char): Don't dump core with very negative counts.
		14	Tune. Don't use wider integers than needed. Don't use alloca.
		15	Use a bigger 'string' buffer. Rewrite to avoid 'n > 0' test.
		16
		17	* insdel.c (replace_range): Fix buf overflow when insbytes < outgoing.
		18
		19	* insdel.c, lisp.h (buffer_overflow): New function.
		20	(insert_from_buffer_1, replace_range, replace_range_2):
		21	* insdel.c (make_gap_larger):
		22	* editfns.c (Finsert_char):
		23	* fileio.c (Finsert_file_contents): Use it, to normalize wording.
		24
		25	* buffer.h (BUF_BYTES_MAX): Cast to ptrdiff_t so that it's signed.
		26
1	2011-06-15 Paul Eggert <eggert@cs.ucla.edu>	27	2011-06-15 Paul Eggert <eggert@cs.ucla.edu>
2		28
3	Integer overflow and signedness fixes (Bug#8873).	29	Integer overflow and signedness fixes (Bug#8873).