(align): If the argument SIZE would overflow

__malloc_ptrdiff_t, fail right away.
author: Eli Zaretskii 2001-04-09 10:53:42 +0000
committer: Eli Zaretskii 2001-04-09 10:53:42 +0000
commit: ceeb3d7db5c33884003f280ddfaa1c50a70cc7ad (patch)
tree: c1fad19f2d0666c16818560895fdb233c3d9f183 /src
parent: 9f9a5e7a8c7650f0c45404cb8762c5eabc57ba79 (diff)
download: emacs-ceeb3d7db5c33884003f280ddfaa1c50a70cc7ad.tar.gz
emacs-ceeb3d7db5c33884003f280ddfaa1c50a70cc7ad.zip
2 files changed, 13 insertions, 1 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index ed4535c28d9..048eedf14fa 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2001-04-09  Eli Zaretskii  <eliz@is.elta.co.il>
+        * gmalloc.c (align): If the argument SIZE would overflow
+        __malloc_ptrdiff_t, fail right away.
 2001-04-06  Gerd Moellmann  <gerd@gnu.org>
        * xfns.c (compute_tip_xy): Add parameters WIDTH and HEIGHT.
diff --git a/src/gmalloc.c b/src/gmalloc.c
index 751e90baf13..3508304da33 100644
--- a/src/gmalloc.c
+++ b/src/gmalloc.c
@@ -437,7 +437,14 @@ align (size)
  __ptr_t result;
  unsigned long int adj;
-  result = (*__morecore) (size);
+  /* align accepts an unsigned argument, but __morecore accepts a
+     signed one.  This could lead to trouble if SIZE overflows a
+     signed int type accepted by __morecore.  We just punt in that
+     case, since they are requesting a ludicrous amount anyway.  */
+  if ((__malloc_ptrdiff_t)size < 0)
+    result = 0;
+  else
+    result = (*__morecore) (size);
  adj = (unsigned long int) ((unsigned long int) ((char *) result -
                                                  (char *) NULL)) % BLOCKSIZE;
  if (adj != 0)
author	Eli Zaretskii	2001-04-09 10:53:42 +0000
committer	Eli Zaretskii	2001-04-09 10:53:42 +0000
commit	ceeb3d7db5c33884003f280ddfaa1c50a70cc7ad (patch)
tree	c1fad19f2d0666c16818560895fdb233c3d9f183 /src
parent	9f9a5e7a8c7650f0c45404cb8762c5eabc57ba79 (diff)
download	emacs-ceeb3d7db5c33884003f280ddfaa1c50a70cc7ad.tar.gz emacs-ceeb3d7db5c33884003f280ddfaa1c50a70cc7ad.zip

diff --git a/src/ChangeLog b/src/ChangeLog index ed4535c28d9..048eedf14fa 100644 --- a/src/ChangeLog +++ b/src/ChangeLog
@@ -1,3 +1,8 @@
		1	2001-04-09 Eli Zaretskii <eliz@is.elta.co.il>
		2
		3	* gmalloc.c (align): If the argument SIZE would overflow
		4	__malloc_ptrdiff_t, fail right away.
		5
1	2001-04-06 Gerd Moellmann <gerd@gnu.org>	6	2001-04-06 Gerd Moellmann <gerd@gnu.org>
2		7
3	* xfns.c (compute_tip_xy): Add parameters WIDTH and HEIGHT.	8	* xfns.c (compute_tip_xy): Add parameters WIDTH and HEIGHT.


diff --git a/src/gmalloc.c b/src/gmalloc.c index 751e90baf13..3508304da33 100644 --- a/src/gmalloc.c +++ b/src/gmalloc.c
@@ -437,7 +437,14 @@ align (size)
437	__ptr_t result;	437	__ptr_t result;
438	unsigned long int adj;	438	unsigned long int adj;
439		439
440	result = (*__morecore) (size);	440	/* align accepts an unsigned argument, but __morecore accepts a
		441	signed one. This could lead to trouble if SIZE overflows a
		442	signed int type accepted by __morecore. We just punt in that
		443	case, since they are requesting a ludicrous amount anyway. */
		444	if ((__malloc_ptrdiff_t)size < 0)
		445	result = 0;
		446	else
		447	result = (*__morecore) (size);
441	adj = (unsigned long int) ((unsigned long int) ((char *) result -	448	adj = (unsigned long int) ((unsigned long int) ((char *) result -
442	(char *) NULL)) % BLOCKSIZE;	449	(char *) NULL)) % BLOCKSIZE;
443	if (adj != 0)	450	if (adj != 0)