Check for buffer and string overflow more precisely.

* buffer.h (BUF_BYTES_MAX): New macro. * lisp.h (STRING_BYTES_MAX): New macro. * alloc.c (Fmake_string): * character.c (string_escape_byte8): * coding.c (coding_alloc_by_realloc): * doprnt.c (doprnt): * editfns.c (Fformat): * eval.c (verror): Use STRING_BYTES_MAX, not MOST_POSITIVE_FIXNUM, since they may not be the same number. * editfns.c (Finsert_char): * fileio.c (Finsert_file_contents): Likewise for BUF_BYTES_MAX.
author: Paul Eggert 2011-06-05 23:16:12 -0700
committer: Paul Eggert 2011-06-05 23:16:12 -0700
commit: d1f3d2afe1057a99b9dec6d1bd5b57bfee81fdff (patch)
tree: f471bdf3143b2d4ba0cf2d4c4e530304b7a67c88 /src/editfns.c
parent: dd52fcea063f37a9875bf9196dbe11a442e8adfc (diff)
download: emacs-d1f3d2afe1057a99b9dec6d1bd5b57bfee81fdff.tar.gz
emacs-d1f3d2afe1057a99b9dec6d1bd5b57bfee81fdff.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/editfns.c b/src/editfns.c
index b961e602e4c..b4ce9a1c571 100644
--- a/src/editfns.c
+++ b/src/editfns.c
@@ -2342,7 +2342,7 @@ from adjoining text, if those properties are sticky.  */)
    len = CHAR_STRING (XFASTINT (character), str);
  else
    str[0] = XFASTINT (character), len = 1;
-  if (MOST_POSITIVE_FIXNUM / len < XINT (count))
+  if (BUF_BYTES_MAX / len < XINT (count))
    error ("Maximum buffer size would be exceeded");
  n = XINT (count) * len;
  if (n <= 0)
@@ -3589,7 +3589,7 @@ usage: (format STRING &rest OBJECTS)  */)
  char initial_buffer[4000];
  char *buf = initial_buffer;
  EMACS_INT bufsize = sizeof initial_buffer;
-  EMACS_INT max_bufsize = min (MOST_POSITIVE_FIXNUM + 1, SIZE_MAX);
+  EMACS_INT max_bufsize = STRING_BYTES_MAX + 1;
  char *p;
  Lisp_Object buf_save_value IF_LINT (= {0});
  register char *format, *end, *format_start;
author	Paul Eggert	2011-06-05 23:16:12 -0700
committer	Paul Eggert	2011-06-05 23:16:12 -0700
commit	d1f3d2afe1057a99b9dec6d1bd5b57bfee81fdff (patch)
tree	f471bdf3143b2d4ba0cf2d4c4e530304b7a67c88 /src/editfns.c
parent	dd52fcea063f37a9875bf9196dbe11a442e8adfc (diff)
download	emacs-d1f3d2afe1057a99b9dec6d1bd5b57bfee81fdff.tar.gz emacs-d1f3d2afe1057a99b9dec6d1bd5b57bfee81fdff.zip

diff --git a/src/editfns.c b/src/editfns.c index b961e602e4c..b4ce9a1c571 100644 --- a/src/editfns.c +++ b/src/editfns.c
@@ -2342,7 +2342,7 @@ from adjoining text, if those properties are sticky. */)
2342	len = CHAR_STRING (XFASTINT (character), str);	2342	len = CHAR_STRING (XFASTINT (character), str);
2343	else	2343	else
2344	str[0] = XFASTINT (character), len = 1;	2344	str[0] = XFASTINT (character), len = 1;
2345	if (MOST_POSITIVE_FIXNUM / len < XINT (count))	2345	if (BUF_BYTES_MAX / len < XINT (count))
2346	error ("Maximum buffer size would be exceeded");	2346	error ("Maximum buffer size would be exceeded");
2347	n = XINT (count) * len;	2347	n = XINT (count) * len;
2348	if (n <= 0)	2348	if (n <= 0)
@@ -3589,7 +3589,7 @@ usage: (format STRING &rest OBJECTS) */)
3589	char initial_buffer[4000];	3589	char initial_buffer[4000];
3590	char *buf = initial_buffer;	3590	char *buf = initial_buffer;
3591	EMACS_INT bufsize = sizeof initial_buffer;	3591	EMACS_INT bufsize = sizeof initial_buffer;
3592	EMACS_INT max_bufsize = min (MOST_POSITIVE_FIXNUM + 1, SIZE_MAX);	3592	EMACS_INT max_bufsize = STRING_BYTES_MAX + 1;
3593	char *p;	3593	char *p;
3594	Lisp_Object buf_save_value IF_LINT (= {0});	3594	Lisp_Object buf_save_value IF_LINT (= {0});
3595	register char format, end, *format_start;	3595	register char format, end, *format_start;