diff options
| author | Eli Zaretskii | 2011-04-29 22:47:29 +0300 |
|---|---|---|
| committer | Eli Zaretskii | 2011-04-29 22:47:29 +0300 |
| commit | 15cbd324fd48e47abd57b8d92c3406c866169d21 (patch) | |
| tree | aa05b809dcec4391837ac2f4a41d1b8fdc93cbc2 /src | |
| parent | ae940ccad19a554e1134b7ae443716e46c72366d (diff) | |
| download | emacs-15cbd324fd48e47abd57b8d92c3406c866169d21.tar.gz emacs-15cbd324fd48e47abd57b8d92c3406c866169d21.zip | |
Lift the MOST_POSITIVE_FIXNUM/4 limitation on visited files (bug#8528).
src/fileio.c (Finsert_file_contents): Don't limit file size to 1/4
of MOST_POSITIVE_FIXNUM.
src/coding.c (coding_alloc_by_realloc): Error out if destination
will grow beyond MOST_POSITIVE_FIXNUM.
(decode_coding_emacs_mule): Abort if there isn't enough place in
charbuf for the composition carryover bytes. Reserve an extra
space for up to 2 characters produced in a loop.
(decode_coding_iso_2022): Abort if there isn't enough place in
charbuf for the composition carryover bytes.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ChangeLog | 16 | ||||
| -rw-r--r-- | src/coding.c | 10 | ||||
| -rw-r--r-- | src/fileio.c | 11 |
3 files changed, 27 insertions, 10 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index 14d5ac9de48..7bfb291707b 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -1,4 +1,18 @@ | |||
| 1 | 2011-04-29 Eli Zaretskii <eliz@gnu.org> | 1 | 2011-04-21 Eli Zaretskii <eliz@gnu.org> |
| 2 | |||
| 3 | Lift the MOST_POSITIVE_FIXNUM/4 limitation on visited files. | ||
| 4 | * fileio.c (Finsert_file_contents): Don't limit file size to 1/4 | ||
| 5 | of MOST_POSITIVE_FIXNUM. (Bug#8528) | ||
| 6 | |||
| 7 | * coding.c (coding_alloc_by_realloc): Error out if destination | ||
| 8 | will grow beyond MOST_POSITIVE_FIXNUM. | ||
| 9 | (decode_coding_emacs_mule): Abort if there isn't enough place in | ||
| 10 | charbuf for the composition carryover bytes. Reserve an extra | ||
| 11 | space for up to 2 characters produced in a loop. | ||
| 12 | (decode_coding_iso_2022): Abort if there isn't enough place in | ||
| 13 | charbuf for the composition carryover bytes. | ||
| 14 | |||
| 15 | 2011-04-21 Eli Zaretskii <eliz@gnu.org> | ||
| 2 | 16 | ||
| 3 | * doprnt.c (doprnt) [!HAVE_LONG_LONG_INT]: Error out instead of | 17 | * doprnt.c (doprnt) [!HAVE_LONG_LONG_INT]: Error out instead of |
| 4 | aborting when %lld or %lll format is passed. | 18 | aborting when %lld or %lll format is passed. |
diff --git a/src/coding.c b/src/coding.c index c129c94203c..d17346efdcb 100644 --- a/src/coding.c +++ b/src/coding.c | |||
| @@ -1071,6 +1071,8 @@ coding_set_destination (struct coding_system *coding) | |||
| 1071 | static void | 1071 | static void |
| 1072 | coding_alloc_by_realloc (struct coding_system *coding, EMACS_INT bytes) | 1072 | coding_alloc_by_realloc (struct coding_system *coding, EMACS_INT bytes) |
| 1073 | { | 1073 | { |
| 1074 | if (coding->dst_bytes >= MOST_POSITIVE_FIXNUM - bytes) | ||
| 1075 | error ("Maximum size of buffer or string exceeded"); | ||
| 1074 | coding->destination = (unsigned char *) xrealloc (coding->destination, | 1076 | coding->destination = (unsigned char *) xrealloc (coding->destination, |
| 1075 | coding->dst_bytes + bytes); | 1077 | coding->dst_bytes + bytes); |
| 1076 | coding->dst_bytes += bytes; | 1078 | coding->dst_bytes += bytes; |
| @@ -2333,7 +2335,9 @@ decode_coding_emacs_mule (struct coding_system *coding) | |||
| 2333 | /* We may produce two annotations (charset and composition) in one | 2335 | /* We may produce two annotations (charset and composition) in one |
| 2334 | loop and one more charset annotation at the end. */ | 2336 | loop and one more charset annotation at the end. */ |
| 2335 | int *charbuf_end | 2337 | int *charbuf_end |
| 2336 | = coding->charbuf + coding->charbuf_size - (MAX_ANNOTATION_LENGTH * 3); | 2338 | = coding->charbuf + coding->charbuf_size - (MAX_ANNOTATION_LENGTH * 3) |
| 2339 | /* We can produce up to 2 characters in a loop. */ | ||
| 2340 | - 1; | ||
| 2337 | EMACS_INT consumed_chars = 0, consumed_chars_base; | 2341 | EMACS_INT consumed_chars = 0, consumed_chars_base; |
| 2338 | int multibytep = coding->src_multibyte; | 2342 | int multibytep = coding->src_multibyte; |
| 2339 | EMACS_INT char_offset = coding->produced_char; | 2343 | EMACS_INT char_offset = coding->produced_char; |
| @@ -2348,6 +2352,8 @@ decode_coding_emacs_mule (struct coding_system *coding) | |||
| 2348 | { | 2352 | { |
| 2349 | int i; | 2353 | int i; |
| 2350 | 2354 | ||
| 2355 | if (charbuf_end - charbuf < cmp_status->length) | ||
| 2356 | abort (); | ||
| 2351 | for (i = 0; i < cmp_status->length; i++) | 2357 | for (i = 0; i < cmp_status->length; i++) |
| 2352 | *charbuf++ = cmp_status->carryover[i]; | 2358 | *charbuf++ = cmp_status->carryover[i]; |
| 2353 | coding->annotated = 1; | 2359 | coding->annotated = 1; |
| @@ -3479,6 +3485,8 @@ decode_coding_iso_2022 (struct coding_system *coding) | |||
| 3479 | 3485 | ||
| 3480 | if (cmp_status->state != COMPOSING_NO) | 3486 | if (cmp_status->state != COMPOSING_NO) |
| 3481 | { | 3487 | { |
| 3488 | if (charbuf_end - charbuf < cmp_status->length) | ||
| 3489 | abort (); | ||
| 3482 | for (i = 0; i < cmp_status->length; i++) | 3490 | for (i = 0; i < cmp_status->length; i++) |
| 3483 | *charbuf++ = cmp_status->carryover[i]; | 3491 | *charbuf++ = cmp_status->carryover[i]; |
| 3484 | coding->annotated = 1; | 3492 | coding->annotated = 1; |
diff --git a/src/fileio.c b/src/fileio.c index dcba6b6c0ae..7e6fd8c82a8 100644 --- a/src/fileio.c +++ b/src/fileio.c | |||
| @@ -3245,15 +3245,10 @@ variable `last-coding-system-used' to the coding system actually used. */) | |||
| 3245 | record_unwind_protect (close_file_unwind, make_number (fd)); | 3245 | record_unwind_protect (close_file_unwind, make_number (fd)); |
| 3246 | 3246 | ||
| 3247 | 3247 | ||
| 3248 | /* Arithmetic overflow can occur if an Emacs integer cannot represent the | 3248 | /* Check whether the size is too large or negative, which can happen on a |
| 3249 | file size, or if the calculations below overflow. The calculations below | 3249 | platform that allows file sizes greater than the maximum off_t value. */ |
| 3250 | double the file size twice, so check that it can be multiplied by 4 | ||
| 3251 | safely. | ||
| 3252 | |||
| 3253 | Also check whether the size is negative, which can happen on a platform | ||
| 3254 | that allows file sizes greater than the maximum off_t value. */ | ||
| 3255 | if (! not_regular | 3250 | if (! not_regular |
| 3256 | && ! (0 <= st.st_size && st.st_size <= MOST_POSITIVE_FIXNUM / 4)) | 3251 | && ! (0 <= st.st_size && st.st_size <= MOST_POSITIVE_FIXNUM)) |
| 3257 | error ("Maximum buffer size exceeded"); | 3252 | error ("Maximum buffer size exceeded"); |
| 3258 | 3253 | ||
| 3259 | /* Prevent redisplay optimizations. */ | 3254 | /* Prevent redisplay optimizations. */ |