diff options
| author | Paul Eggert | 2015-11-08 22:47:01 -0800 |
|---|---|---|
| committer | Paul Eggert | 2015-11-08 22:48:28 -0800 |
| commit | 1087305574fd61256d66eb0c995f8bb74bd91afe (patch) | |
| tree | 9f0052e41a56c785575727931ff4abb8e7dfa7e0 /src/editfns.c | |
| parent | bcca6a2a028d05af3cb5b31a5a2c997f3f1f1d31 (diff) | |
| download | emacs-1087305574fd61256d66eb0c995f8bb74bd91afe.tar.gz emacs-1087305574fd61256d66eb0c995f8bb74bd91afe.zip | |
Use INT_ADD_WRAPV etc. to check integer overflow
* src/alloc.c (xnmalloc, xnrealloc, xpalloc, Fmake_string):
* src/buffer.c (record_overlay_string, overlay_strings):
* src/casefiddle.c (casify_object):
* src/ccl.c (Fccl_execute_on_string):
* src/character.c (char_width, c_string_width, lisp_string_width)
(count_size_as_multibyte, string_escape_byte8):
* src/coding.c (coding_alloc_by_realloc, produce_chars):
* src/data.c (arith_driver):
* src/dispnew.c (realloc_glyph_pool, init_display):
* src/editfns.c (styled_format):
* src/fns.c (Ffillarray):
* src/ftfont.c (ftfont_shape_by_flt):
* src/gnutls.c (gnutls_hex_string):
* src/gtkutil.c (get_utf8_string):
* src/image.c (x_to_xcolors, x_detect_edges, png_load_body):
* src/keymap.c (Fkey_description):
* src/lisp.h (SAFE_ALLOCA_LISP):
* src/term.c (encode_terminal_code):
* src/tparam.c (tparam1):
* src/xselect.c (x_property_data_to_lisp):
* src/xsmfns.c (smc_save_yourself_CB):
* src/xterm.c (x_term_init):
When checking for integer overflow, prefer INT_MULTIPLY_WRAPV to
more-complicated code involving division and/or
INT_MULTIPLY_OVERFLOW, and similarly for INT_ADD_WRAPV and
subtraction and/or INT_ADD_OVERFLOW.
* src/casefiddle.c (casify_object): Simplify multibyte size check.
* src/character.c: Remove some obsolete ‘#ifdef emacs’s.
* src/data.c (arith_driver): Also check for division overflow,
as that’s now possible given that the accumulator can now contain
any Emacs integer.
* src/lisp.h (lisp_word_count): Remove; no longer used.
Diffstat (limited to 'src/editfns.c')
| -rw-r--r-- | src/editfns.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/editfns.c b/src/editfns.c index 050eb2ac6ec..316d9408065 100644 --- a/src/editfns.c +++ b/src/editfns.c | |||
| @@ -3887,9 +3887,12 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message) | |||
| 3887 | ptrdiff_t formatlen = SBYTES (args[0]); | 3887 | ptrdiff_t formatlen = SBYTES (args[0]); |
| 3888 | 3888 | ||
| 3889 | /* Allocate the info and discarded tables. */ | 3889 | /* Allocate the info and discarded tables. */ |
| 3890 | if ((SIZE_MAX - formatlen) / sizeof (struct info) <= nargs) | 3890 | ptrdiff_t alloca_size; |
| 3891 | if (INT_MULTIPLY_WRAPV (nargs, sizeof *info, &alloca_size) | ||
| 3892 | || INT_ADD_WRAPV (sizeof *info, alloca_size, &alloca_size) | ||
| 3893 | || INT_ADD_WRAPV (formatlen, alloca_size, &alloca_size) | ||
| 3894 | || SIZE_MAX < alloca_size) | ||
| 3891 | memory_full (SIZE_MAX); | 3895 | memory_full (SIZE_MAX); |
| 3892 | size_t alloca_size = (nargs + 1) * sizeof *info + formatlen; | ||
| 3893 | /* info[0] is unused. Unused elements have -1 for start. */ | 3896 | /* info[0] is unused. Unused elements have -1 for start. */ |
| 3894 | info = SAFE_ALLOCA (alloca_size); | 3897 | info = SAFE_ALLOCA (alloca_size); |
| 3895 | memset (info, 0, alloca_size); | 3898 | memset (info, 0, alloca_size); |