* alloc.c: Check that resized vectors' lengths fit in fixnums.

(header_size, word_size): New constants. (allocate_vectorlike): Don't check size overflow here. (allocate_vector): Check it here instead, since this is the only caller of allocate_vectorlike that could cause overflow. Check that the new vector's length is representable as a fixnum.
author: Paul Eggert 2011-06-14 14:30:16 -0700
committer: Paul Eggert 2011-06-14 14:30:16 -0700
commit: dd0b0efbabfc187be6810a0e41b4ac5fdda667af (patch)
tree: 227c0b03effa5d98f23d67e152e8fafb61b9fa63 /src
parent: 86fe5cfe4de95a44b949db9be105e78497318804 (diff)
download: emacs-dd0b0efbabfc187be6810a0e41b4ac5fdda667af.tar.gz
emacs-dd0b0efbabfc187be6810a0e41b4ac5fdda667af.zip
2 files changed, 22 insertions, 10 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 7bd1d47b328..dd61843bc85 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,12 @@
 2011-06-14  Paul Eggert  <eggert@cs.ucla.edu>
+        * alloc.c: Check that resized vectors' lengths fit in fixnums.
+        (header_size, word_size): New constants.
+        (allocate_vectorlike): Don't check size overflow here.
+        (allocate_vector): Check it here instead, since this is the only
+        caller of allocate_vectorlike that could cause overflow.
+        Check that the new vector's length is representable as a fixnum.
        * fns.c (next_almost_prime): Don't return a multiple of 3 or 5.
        The previous code was bogus.  For example, next_almost_prime (32)
        returned 39, which is undesirable as it is a multiple of 3; and
diff --git a/src/alloc.c b/src/alloc.c
index 56e8eb4d465..00d330c1b6a 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -2767,6 +2767,12 @@ DEFUN ("make-list", Fmake_list, Smake_list, 2, 2, 0,
 static struct Lisp_Vector *all_vectors;
+/* Handy constants for vectorlike objects.  */
+enum
+  {
+    header_size = offsetof (struct Lisp_Vector, contents),
+    word_size = sizeof (Lisp_Object)
+  };
 /* Value is a pointer to a newly allocated Lisp_Vector structure
   with room for LEN Lisp_Objects.  */
@@ -2776,12 +2782,6 @@ allocate_vectorlike (EMACS_INT len)
 {
  struct Lisp_Vector *p;
  size_t nbytes;
-  ptrdiff_t nbytes_max = min (PTRDIFF_MAX, SIZE_MAX);
-  int header_size = offsetof (struct Lisp_Vector, contents);
-  int word_size = sizeof p->contents[0];
-  if ((nbytes_max - header_size) / word_size < len)
-    memory_full (SIZE_MAX);
  MALLOC_BLOCK_INPUT;
@@ -2815,13 +2815,18 @@ allocate_vectorlike (EMACS_INT len)
 }
-/* Allocate a vector with NSLOTS slots.  */
+/* Allocate a vector with LEN slots.  */
 struct Lisp_Vector *
-allocate_vector (EMACS_INT nslots)
+allocate_vector (EMACS_INT len)
 {
-  struct Lisp_Vector *v = allocate_vectorlike (nslots);
+  struct Lisp_Vector *v;
-  v->header.size = nslots;
+  ptrdiff_t nbytes_max = min (PTRDIFF_MAX, SIZE_MAX);
+  if (min ((nbytes_max - header_size) / word_size, MOST_POSITIVE_FIXNUM) < len)
+    memory_full (SIZE_MAX);
+  v = allocate_vectorlike (len);
+  v->header.size = len;
  return v;
 }
author	Paul Eggert	2011-06-14 14:30:16 -0700
committer	Paul Eggert	2011-06-14 14:30:16 -0700
commit	dd0b0efbabfc187be6810a0e41b4ac5fdda667af (patch)
tree	227c0b03effa5d98f23d67e152e8fafb61b9fa63 /src
parent	86fe5cfe4de95a44b949db9be105e78497318804 (diff)
download	emacs-dd0b0efbabfc187be6810a0e41b4ac5fdda667af.tar.gz emacs-dd0b0efbabfc187be6810a0e41b4ac5fdda667af.zip