* character.c (lisp_string_width): Check for string overflow.

Use EMACS_INT, not int, for string indexes and lengths; in
particular, 2nd arg is now EMACS_INT, not int.  Do not crash if
the resulting string length overflows an EMACS_INT; instead,
report a string overflow if no precision given.  When checking for
precision exhaustion, use a check that cannot possibly have
integer overflow.  (Bug#8675)
* character.h (lisp_string_width): Adjust to new signature.

3 files changed, 26 insertions, 6 deletions

diff --git a/src/ChangeLog b/src/ChangeLog
index 178ebf78932..944a5dfbecb 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,14 @@
 2011-05-16  Paul Eggert  <eggert@cs.ucla.edu>
 
+        * character.c (lisp_string_width): Check for string overflow.
+        Use EMACS_INT, not int, for string indexes and lengths; in
+        particular, 2nd arg is now EMACS_INT, not int.  Do not crash if
+        the resulting string length overflows an EMACS_INT; instead,
+        report a string overflow if no precision given.  When checking for
+        precision exhaustion, use a check that cannot possibly have
+        integer overflow.  (Bug#8675)
+        * character.h (lisp_string_width): Adjust to new signature.
+
         * alloc.c (string_overflow): New function.
         (Fmake_string): Use it.  This doesn't change behavior, but saves
         a few bytes and will simplify future changes.
diff --git a/src/character.c b/src/character.c
index 6a8b86d5d87..a03c081a716 100644
--- a/src/character.c
+++ b/src/character.c
@@ -35,6 +35,7 @@ along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.  */
 
 #include <sys/types.h>
 #include <setjmp.h>
+#include <intprops.h>
 #include "lisp.h"
 #include "character.h"
 #include "buffer.h"
@@ -404,7 +405,7 @@ strwidth (const char *str, EMACS_INT len)
    in *NCHARS and *NBYTES respectively.  */
 
 EMACS_INT
-lisp_string_width (Lisp_Object string, int precision,
+lisp_string_width (Lisp_Object string, EMACS_INT precision,
                    EMACS_INT *nchars, EMACS_INT *nbytes)
 {
   EMACS_INT len = SCHARS (string);
@@ -419,7 +420,7 @@ lisp_string_width (Lisp_Object string, int precision,
 
   while (i < len)
     {
-      int chars, bytes, thiswidth;
+      EMACS_INT chars, bytes, thiswidth;
       Lisp_Object val;
       int cmp_id;
       EMACS_INT ignore, end;
@@ -437,7 +438,11 @@ lisp_string_width (Lisp_Object string, int precision,
           int c;
 
           if (multibyte)
-            c = STRING_CHAR_AND_LENGTH (str + i_byte, bytes);
+            {
+              int cbytes;
+              c = STRING_CHAR_AND_LENGTH (str + i_byte, cbytes);
+              bytes = cbytes;
+            }
           else
             c = str[i_byte], bytes = 1;
           chars = 1;
@@ -455,8 +460,14 @@ lisp_string_width (Lisp_Object string, int precision,
             }
         }
 
-      if (precision > 0
-          && (width + thiswidth > precision))
+      if (precision <= 0)
+        {
+#ifdef emacs
+          if (INT_ADD_OVERFLOW (width, thiswidth))
+            string_overflow ();
+#endif
+        }
+      else if (precision - width < thiswidth)
         {
           *nchars = i;
           *nbytes = i_byte;
diff --git a/src/character.h b/src/character.h
index 864882db7f6..5877d145d9e 100644
--- a/src/character.h
+++ b/src/character.h
@@ -612,7 +612,7 @@ extern EMACS_INT str_to_unibyte (const unsigned char *, unsigned char *,
 extern EMACS_INT strwidth (const char *, EMACS_INT);
 extern EMACS_INT c_string_width (const unsigned char *, EMACS_INT, int,
                                  EMACS_INT *, EMACS_INT *);
-extern EMACS_INT lisp_string_width (Lisp_Object, int,
+extern EMACS_INT lisp_string_width (Lisp_Object, EMACS_INT,
                                     EMACS_INT *, EMACS_INT *);
 
 extern Lisp_Object Qcharacterp;