Merge: Integer overflow fixes.

author: Paul Eggert 2011-05-27 12:37:32 -0700
committer: Paul Eggert 2011-05-27 12:37:32 -0700
commit: 0f6990a78ae5016d8ae73253cdb4739adf0197e7 (patch)
tree: 78c7860e14d7cf6bc73526174493a02e606dfc13 /src/data.c
parent: fb1ac845caea7da6ba98b93c3d67fa67c651b8ef (diff)
parent: b57f7e0a357aacf98ec5be826f7227f37e9806b8 (diff)
download: emacs-0f6990a78ae5016d8ae73253cdb4739adf0197e7.tar.gz
emacs-0f6990a78ae5016d8ae73253cdb4739adf0197e7.zip
1 files changed, 37 insertions, 4 deletions
diff --git a/src/data.c b/src/data.c
index 577ae777d89..ce0e8e40f51 100644
--- a/src/data.c
+++ b/src/data.c
@@ -22,6 +22,9 @@ along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.  */
 #include <signal.h>
 #include <stdio.h>
 #include <setjmp.h>
+#include <intprops.h>
 #include "lisp.h"
 #include "puresize.h"
 #include "character.h"
@@ -2431,6 +2434,10 @@ arith_driver (enum arithop code, size_t nargs, register Lisp_Object *args)
  register EMACS_INT accum = 0;
  register EMACS_INT next;
+  int overflow = 0;
+  size_t ok_args;
+  EMACS_INT ok_accum;
  switch (SWITCH_ENUM_CAST (code))
    {
    case Alogior:
@@ -2451,25 +2458,48 @@ arith_driver (enum arithop code, size_t nargs, register Lisp_Object *args)
  for (argnum = 0; argnum < nargs; argnum++)
    {
+      if (! overflow)
+        {
+          ok_args = argnum;
+          ok_accum = accum;
+        }
      /* Using args[argnum] as argument to CHECK_NUMBER_... */
      val = args[argnum];
      CHECK_NUMBER_OR_FLOAT_COERCE_MARKER (val);
      if (FLOATP (val))
-        return float_arith_driver ((double) accum, argnum, code,
+        return float_arith_driver (ok_accum, ok_args, code,
                                   nargs, args);
      args[argnum] = val;
      next = XINT (args[argnum]);
      switch (SWITCH_ENUM_CAST (code))
        {
        case Aadd:
+          if (INT_ADD_OVERFLOW (accum, next))
+            {
+              overflow = 1;
+              accum &= INTMASK;
+            }
          accum += next;
          break;
        case Asub:
+          if (INT_SUBTRACT_OVERFLOW (accum, next))
+            {
+              overflow = 1;
+              accum &= INTMASK;
+            }
          accum = argnum ? accum - next : nargs == 1 ? - next : next;
          break;
        case Amult:
-          accum *= next;
+          if (INT_MULTIPLY_OVERFLOW (accum, next))
+            {
+              EMACS_UINT a = accum, b = next, ab = a * b;
+              overflow = 1;
+              accum = ab & INTMASK;
+            }
+          else
+            accum *= next;
          break;
        case Adiv:
          if (!argnum)
@@ -2501,6 +2531,9 @@ arith_driver (enum arithop code, size_t nargs, register Lisp_Object *args)
        }
    }
+  accum &= INTMASK;
+  if (MOST_POSITIVE_FIXNUM < accum)
+    accum += MOST_NEGATIVE_FIXNUM - (MOST_POSITIVE_FIXNUM + 1);
  XSETINT (val, accum);
  return val;
 }
@@ -2760,11 +2793,11 @@ In this case, zeros are shifted in on the left.  */)
  if (XINT (count) >= BITS_PER_EMACS_INT)
    XSETINT (val, 0);
  else if (XINT (count) > 0)
-    XSETINT (val, (EMACS_UINT) XUINT (value) << XFASTINT (count));
+    XSETINT (val, XUINT (value) << XFASTINT (count));
  else if (XINT (count) <= -BITS_PER_EMACS_INT)
    XSETINT (val, 0);
  else
-    XSETINT (val, (EMACS_UINT) XUINT (value) >> -XINT (count));
+    XSETINT (val, XUINT (value) >> -XINT (count));
  return val;
 }
author	Paul Eggert	2011-05-27 12:37:32 -0700
committer	Paul Eggert	2011-05-27 12:37:32 -0700
commit	0f6990a78ae5016d8ae73253cdb4739adf0197e7 (patch)
tree	78c7860e14d7cf6bc73526174493a02e606dfc13 /src/data.c
parent	fb1ac845caea7da6ba98b93c3d67fa67c651b8ef (diff)
parent	b57f7e0a357aacf98ec5be826f7227f37e9806b8 (diff)
download	emacs-0f6990a78ae5016d8ae73253cdb4739adf0197e7.tar.gz emacs-0f6990a78ae5016d8ae73253cdb4739adf0197e7.zip