(Finsert_file_contents): Fix overflow check to not

depend on undefined integer overflow.
author: Andreas Schwab 2007-12-16 10:51:12 +0000
committer: Andreas Schwab 2007-12-16 10:51:12 +0000
commit: 77a28bbf178de331eda736dad8ce56d65e3d5f6f (patch)
tree: 333f016e22e86d4c8f0a14e8816afc5d2bfdb981 /src
parent: 47854a55680b5809811caf72f66ecbe8289c2855 (diff)
download: emacs-77a28bbf178de331eda736dad8ce56d65e3d5f6f.tar.gz
emacs-77a28bbf178de331eda736dad8ce56d65e3d5f6f.zip
2 files changed, 27 insertions, 21 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index d5edca82fe9..21e1f9c9df2 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2007-12-16  Andreas Schwab  <schwab@suse.de>
+        * fileio.c (Finsert_file_contents): Fix overflow check to not
+        depend on undefined integer overflow.
 2007-12-14  Jason Rumney  <jasonr@gnu.org>
        * w32term.c (w32_read_socket): Use MULTIBYTE_CHAR_KEYSTROKE_EVENT
diff --git a/src/fileio.c b/src/fileio.c
index 2d6f74a8840..dbdeef7076a 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -21,6 +21,7 @@ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 Boston, MA 02110-1301, USA.  */
 #include <config.h>
+#include <limits.h>
 #ifdef HAVE_FCNTL_H
 #include <fcntl.h>
@@ -3693,26 +3694,26 @@ read_non_regular_quit ()
 DEFUN ("insert-file-contents", Finsert_file_contents, Sinsert_file_contents,
       1, 5, 0,
       doc: /* Insert contents of file FILENAME after point.
-Returns list of absolute file name and number of characters inserted.
+               Returns list of absolute file name and number of characters inserted.
-If second argument VISIT is non-nil, the buffer's visited filename and
+               If second argument VISIT is non-nil, the buffer's visited filename and
-last save file modtime are set, and it is marked unmodified.  If
+               last save file modtime are set, and it is marked unmodified.  If
-visiting and the file does not exist, visiting is completed before the
+               visiting and the file does not exist, visiting is completed before the
-error is signaled.
+               error is signaled.
-The optional third and fourth arguments BEG and END specify what portion
+               The optional third and fourth arguments BEG and END specify what portion
-of the file to insert.  These arguments count bytes in the file, not
+               of the file to insert.  These arguments count bytes in the file, not
-characters in the buffer.  If VISIT is non-nil, BEG and END must be nil.
+               characters in the buffer.  If VISIT is non-nil, BEG and END must be nil.
-If optional fifth argument REPLACE is non-nil, replace the current
+               If optional fifth argument REPLACE is non-nil, replace the current
-buffer contents (in the accessible portion) with the file contents.
+               buffer contents (in the accessible portion) with the file contents.
-This is better than simply deleting and inserting the whole thing
+               This is better than simply deleting and inserting the whole thing
-because (1) it preserves some marker positions and (2) it puts less data
+               because (1) it preserves some marker positions and (2) it puts less data
-in the undo list.  When REPLACE is non-nil, the second return value is
+               in the undo list.  When REPLACE is non-nil, the second return value is
-the number of characters that replace previous buffer contents.
+               the number of characters that replace previous buffer contents.
-This function does code conversion according to the value of
+               This function does code conversion according to the value of
-`coding-system-for-read' or `file-coding-system-alist', and sets the
+               `coding-system-for-read' or `file-coding-system-alist', and sets the
-variable `last-coding-system-used' to the coding system actually used.  */)
+               variable `last-coding-system-used' to the coding system actually used.  */)
     (filename, visit, beg, end, replace)
     Lisp_Object filename, visit, beg, end, replace;
 {
@@ -3863,7 +3864,7 @@ variable `last-coding-system-used' to the coding system actually used.  */)
             overflow.  The calculations below double the file size
             twice, so check that it can be multiplied by 4 safely.  */
          if (XINT (end) != st.st_size
-              || ((int) st.st_size * 4) / 4 != st.st_size)
+              || st.st_size > INT_MAX / 4)
            error ("Maximum buffer size exceeded");
          /* The file size returned from stat may be zero, but data
author	Andreas Schwab	2007-12-16 10:51:12 +0000
committer	Andreas Schwab	2007-12-16 10:51:12 +0000
commit	77a28bbf178de331eda736dad8ce56d65e3d5f6f (patch)
tree	333f016e22e86d4c8f0a14e8816afc5d2bfdb981 /src
parent	47854a55680b5809811caf72f66ecbe8289c2855 (diff)
download	emacs-77a28bbf178de331eda736dad8ce56d65e3d5f6f.tar.gz emacs-77a28bbf178de331eda736dad8ce56d65e3d5f6f.zip

diff --git a/src/ChangeLog b/src/ChangeLog index d5edca82fe9..21e1f9c9df2 100644 --- a/src/ChangeLog +++ b/src/ChangeLog
@@ -1,3 +1,8 @@
		1	2007-12-16 Andreas Schwab <schwab@suse.de>
		2
		3	* fileio.c (Finsert_file_contents): Fix overflow check to not
		4	depend on undefined integer overflow.
		5
1	2007-12-14 Jason Rumney <jasonr@gnu.org>	6	2007-12-14 Jason Rumney <jasonr@gnu.org>
2		7
3	* w32term.c (w32_read_socket): Use MULTIBYTE_CHAR_KEYSTROKE_EVENT	8	* w32term.c (w32_read_socket): Use MULTIBYTE_CHAR_KEYSTROKE_EVENT


diff --git a/src/fileio.c b/src/fileio.c index 2d6f74a8840..dbdeef7076a 100644 --- a/src/fileio.c +++ b/src/fileio.c
@@ -21,6 +21,7 @@ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
21	Boston, MA 02110-1301, USA. */	21	Boston, MA 02110-1301, USA. */
22		22
23	#include <config.h>	23	#include <config.h>
		24	#include <limits.h>
24		25
25	#ifdef HAVE_FCNTL_H	26	#ifdef HAVE_FCNTL_H
26	#include <fcntl.h>	27	#include <fcntl.h>
@@ -3693,26 +3694,26 @@ read_non_regular_quit ()
3693	DEFUN ("insert-file-contents", Finsert_file_contents, Sinsert_file_contents,	3694	DEFUN ("insert-file-contents", Finsert_file_contents, Sinsert_file_contents,
3694	1, 5, 0,	3695	1, 5, 0,
3695	doc: /* Insert contents of file FILENAME after point.	3696	doc: /* Insert contents of file FILENAME after point.
3696	Returns list of absolute file name and number of characters inserted.	3697	Returns list of absolute file name and number of characters inserted.
3697	If second argument VISIT is non-nil, the buffer's visited filename and	3698	If second argument VISIT is non-nil, the buffer's visited filename and
3698	last save file modtime are set, and it is marked unmodified. If	3699	last save file modtime are set, and it is marked unmodified. If
3699	visiting and the file does not exist, visiting is completed before the	3700	visiting and the file does not exist, visiting is completed before the
3700	error is signaled.	3701	error is signaled.
3701		3702
3702	The optional third and fourth arguments BEG and END specify what portion	3703	The optional third and fourth arguments BEG and END specify what portion
3703	of the file to insert. These arguments count bytes in the file, not	3704	of the file to insert. These arguments count bytes in the file, not
3704	characters in the buffer. If VISIT is non-nil, BEG and END must be nil.	3705	characters in the buffer. If VISIT is non-nil, BEG and END must be nil.
3705		3706
3706	If optional fifth argument REPLACE is non-nil, replace the current	3707	If optional fifth argument REPLACE is non-nil, replace the current
3707	buffer contents (in the accessible portion) with the file contents.	3708	buffer contents (in the accessible portion) with the file contents.
3708	This is better than simply deleting and inserting the whole thing	3709	This is better than simply deleting and inserting the whole thing
3709	because (1) it preserves some marker positions and (2) it puts less data	3710	because (1) it preserves some marker positions and (2) it puts less data
3710	in the undo list. When REPLACE is non-nil, the second return value is	3711	in the undo list. When REPLACE is non-nil, the second return value is
3711	the number of characters that replace previous buffer contents.	3712	the number of characters that replace previous buffer contents.
3712		3713
3713	This function does code conversion according to the value of	3714	This function does code conversion according to the value of
3714	`coding-system-for-read' or `file-coding-system-alist', and sets the	3715	`coding-system-for-read' or `file-coding-system-alist', and sets the
3715	variable `last-coding-system-used' to the coding system actually used. */)	3716	variable `last-coding-system-used' to the coding system actually used. */)
3716	(filename, visit, beg, end, replace)	3717	(filename, visit, beg, end, replace)
3717	Lisp_Object filename, visit, beg, end, replace;	3718	Lisp_Object filename, visit, beg, end, replace;
3718	{	3719	{
@@ -3863,7 +3864,7 @@ variable `last-coding-system-used' to the coding system actually used. */)
3863	overflow. The calculations below double the file size	3864	overflow. The calculations below double the file size
3864	twice, so check that it can be multiplied by 4 safely. */	3865	twice, so check that it can be multiplied by 4 safely. */
3865	if (XINT (end) != st.st_size	3866	if (XINT (end) != st.st_size
3866	\|\| ((int) st.st_size * 4) / 4 != st.st_size)	3867	\|\| st.st_size > INT_MAX / 4)
3867	error ("Maximum buffer size exceeded");	3868	error ("Maximum buffer size exceeded");
3868		3869
3869	/* The file size returned from stat may be zero, but data	3870	/* The file size returned from stat may be zero, but data