diff options
| author | Paul Eggert | 2011-06-21 16:16:43 -0700 |
|---|---|---|
| committer | Paul Eggert | 2011-06-21 16:16:43 -0700 |
| commit | 21514da7b21e248fa5046ab27834fa431a34204c (patch) | |
| tree | 3ba29fda6630d14d1bef231199847bd4d42bd311 /src/buffer.c | |
| parent | b081724f64cbb2bf1f12efdb4d446c1de9bf3c0c (diff) | |
| download | emacs-21514da7b21e248fa5046ab27834fa431a34204c.tar.gz emacs-21514da7b21e248fa5046ab27834fa431a34204c.zip | |
* buffer.c (OVERLAY_COUNT_MAX): New macro.
(overlays_in, mouse_face_overlay_overlaps, Foverlays_in):
Use ptrdiff_t, not int, for sizes.
(overlays_in): Check for size-calculation overflow.
Diffstat (limited to 'src/buffer.c')
| -rw-r--r-- | src/buffer.c | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/src/buffer.c b/src/buffer.c index b8f85d1a1cd..238923a2ba0 100644 --- a/src/buffer.c +++ b/src/buffer.c | |||
| @@ -94,6 +94,11 @@ static Lisp_Object Vbuffer_local_symbols; | |||
| 94 | #define PER_BUFFER_SYMBOL(OFFSET) \ | 94 | #define PER_BUFFER_SYMBOL(OFFSET) \ |
| 95 | (*(Lisp_Object *)((OFFSET) + (char *) &buffer_local_symbols)) | 95 | (*(Lisp_Object *)((OFFSET) + (char *) &buffer_local_symbols)) |
| 96 | 96 | ||
| 97 | /* Maximum length of an overlay vector. */ | ||
| 98 | #define OVERLAY_COUNT_MAX \ | ||
| 99 | ((ptrdiff_t) min (MOST_POSITIVE_FIXNUM, \ | ||
| 100 | min (PTRDIFF_MAX, SIZE_MAX) / sizeof (Lisp_Object))) | ||
| 101 | |||
| 97 | /* Flags indicating which built-in buffer-local variables | 102 | /* Flags indicating which built-in buffer-local variables |
| 98 | are permanent locals. */ | 103 | are permanent locals. */ |
| 99 | static char buffer_permanent_local_flags[MAX_PER_BUFFER_VARS]; | 104 | static char buffer_permanent_local_flags[MAX_PER_BUFFER_VARS]; |
| @@ -2531,8 +2536,6 @@ overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, | |||
| 2531 | EMACS_INT next = ZV; | 2536 | EMACS_INT next = ZV; |
| 2532 | EMACS_INT prev = BEGV; | 2537 | EMACS_INT prev = BEGV; |
| 2533 | int inhibit_storing = 0; | 2538 | int inhibit_storing = 0; |
| 2534 | ptrdiff_t len_lim = min (MOST_POSITIVE_FIXNUM, | ||
| 2535 | min (PTRDIFF_MAX, SIZE_MAX) / sizeof (Lisp_Object)); | ||
| 2536 | 2539 | ||
| 2537 | for (tail = current_buffer->overlays_before; tail; tail = tail->next) | 2540 | for (tail = current_buffer->overlays_before; tail; tail = tail->next) |
| 2538 | { | 2541 | { |
| @@ -2564,7 +2567,7 @@ overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, | |||
| 2564 | Either make it bigger, or don't store any more in it. */ | 2567 | Either make it bigger, or don't store any more in it. */ |
| 2565 | if (extend) | 2568 | if (extend) |
| 2566 | { | 2569 | { |
| 2567 | if ((len_lim - 4) / 2 < len) | 2570 | if ((OVERLAY_COUNT_MAX - 4) / 2 < len) |
| 2568 | memory_full (SIZE_MAX); | 2571 | memory_full (SIZE_MAX); |
| 2569 | /* Make it work with an initial len == 0. */ | 2572 | /* Make it work with an initial len == 0. */ |
| 2570 | len = len * 2 + 4; | 2573 | len = len * 2 + 4; |
| @@ -2607,7 +2610,7 @@ overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, | |||
| 2607 | { | 2610 | { |
| 2608 | if (extend) | 2611 | if (extend) |
| 2609 | { | 2612 | { |
| 2610 | if ((len_lim - 4) / 2 < len) | 2613 | if ((OVERLAY_COUNT_MAX - 4) / 2 < len) |
| 2611 | memory_full (SIZE_MAX); | 2614 | memory_full (SIZE_MAX); |
| 2612 | /* Make it work with an initial len == 0. */ | 2615 | /* Make it work with an initial len == 0. */ |
| 2613 | len = len * 2 + 4; | 2616 | len = len * 2 + 4; |
| @@ -2660,15 +2663,15 @@ overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, | |||
| 2660 | and we store only as many overlays as will fit. | 2663 | and we store only as many overlays as will fit. |
| 2661 | But we still return the total number of overlays. */ | 2664 | But we still return the total number of overlays. */ |
| 2662 | 2665 | ||
| 2663 | static int | 2666 | static ptrdiff_t |
| 2664 | overlays_in (EMACS_INT beg, EMACS_INT end, int extend, | 2667 | overlays_in (EMACS_INT beg, EMACS_INT end, int extend, |
| 2665 | Lisp_Object **vec_ptr, int *len_ptr, | 2668 | Lisp_Object **vec_ptr, ptrdiff_t *len_ptr, |
| 2666 | EMACS_INT *next_ptr, EMACS_INT *prev_ptr) | 2669 | EMACS_INT *next_ptr, EMACS_INT *prev_ptr) |
| 2667 | { | 2670 | { |
| 2668 | Lisp_Object overlay, ostart, oend; | 2671 | Lisp_Object overlay, ostart, oend; |
| 2669 | struct Lisp_Overlay *tail; | 2672 | struct Lisp_Overlay *tail; |
| 2670 | int idx = 0; | 2673 | ptrdiff_t idx = 0; |
| 2671 | int len = *len_ptr; | 2674 | ptrdiff_t len = *len_ptr; |
| 2672 | Lisp_Object *vec = *vec_ptr; | 2675 | Lisp_Object *vec = *vec_ptr; |
| 2673 | EMACS_INT next = ZV; | 2676 | EMACS_INT next = ZV; |
| 2674 | EMACS_INT prev = BEGV; | 2677 | EMACS_INT prev = BEGV; |
| @@ -2704,10 +2707,10 @@ overlays_in (EMACS_INT beg, EMACS_INT end, int extend, | |||
| 2704 | Either make it bigger, or don't store any more in it. */ | 2707 | Either make it bigger, or don't store any more in it. */ |
| 2705 | if (extend) | 2708 | if (extend) |
| 2706 | { | 2709 | { |
| 2710 | if ((OVERLAY_COUNT_MAX - 4) / 2 < len) | ||
| 2711 | memory_full (SIZE_MAX); | ||
| 2707 | /* Make it work with an initial len == 0. */ | 2712 | /* Make it work with an initial len == 0. */ |
| 2708 | len *= 2; | 2713 | len = len * 2 + 4; |
| 2709 | if (len == 0) | ||
| 2710 | len = 4; | ||
| 2711 | *len_ptr = len; | 2714 | *len_ptr = len; |
| 2712 | vec = (Lisp_Object *) xrealloc (vec, len * sizeof (Lisp_Object)); | 2715 | vec = (Lisp_Object *) xrealloc (vec, len * sizeof (Lisp_Object)); |
| 2713 | *vec_ptr = vec; | 2716 | *vec_ptr = vec; |
| @@ -2752,10 +2755,10 @@ overlays_in (EMACS_INT beg, EMACS_INT end, int extend, | |||
| 2752 | { | 2755 | { |
| 2753 | if (extend) | 2756 | if (extend) |
| 2754 | { | 2757 | { |
| 2758 | if ((OVERLAY_COUNT_MAX - 4) / 2 < len) | ||
| 2759 | memory_full (SIZE_MAX); | ||
| 2755 | /* Make it work with an initial len == 0. */ | 2760 | /* Make it work with an initial len == 0. */ |
| 2756 | len *= 2; | 2761 | len = len * 2 + 4; |
| 2757 | if (len == 0) | ||
| 2758 | len = 4; | ||
| 2759 | *len_ptr = len; | 2762 | *len_ptr = len; |
| 2760 | vec = (Lisp_Object *) xrealloc (vec, len * sizeof (Lisp_Object)); | 2763 | vec = (Lisp_Object *) xrealloc (vec, len * sizeof (Lisp_Object)); |
| 2761 | *vec_ptr = vec; | 2764 | *vec_ptr = vec; |
| @@ -2788,7 +2791,7 @@ mouse_face_overlay_overlaps (Lisp_Object overlay) | |||
| 2788 | { | 2791 | { |
| 2789 | EMACS_INT start = OVERLAY_POSITION (OVERLAY_START (overlay)); | 2792 | EMACS_INT start = OVERLAY_POSITION (OVERLAY_START (overlay)); |
| 2790 | EMACS_INT end = OVERLAY_POSITION (OVERLAY_END (overlay)); | 2793 | EMACS_INT end = OVERLAY_POSITION (OVERLAY_END (overlay)); |
| 2791 | int n, i, size; | 2794 | ptrdiff_t n, i, size; |
| 2792 | Lisp_Object *v, tem; | 2795 | Lisp_Object *v, tem; |
| 2793 | 2796 | ||
| 2794 | size = 10; | 2797 | size = 10; |
| @@ -3914,9 +3917,8 @@ between BEG and END, or at END provided END denotes the position at the | |||
| 3914 | end of the buffer. */) | 3917 | end of the buffer. */) |
| 3915 | (Lisp_Object beg, Lisp_Object end) | 3918 | (Lisp_Object beg, Lisp_Object end) |
| 3916 | { | 3919 | { |
| 3917 | int noverlays; | 3920 | ptrdiff_t len, noverlays; |
| 3918 | Lisp_Object *overlay_vec; | 3921 | Lisp_Object *overlay_vec; |
| 3919 | int len; | ||
| 3920 | Lisp_Object result; | 3922 | Lisp_Object result; |
| 3921 | 3923 | ||
| 3922 | CHECK_NUMBER_COERCE_MARKER (beg); | 3924 | CHECK_NUMBER_COERCE_MARKER (beg); |