diff options
| author | Andreas Schwab | 2002-01-06 20:47:00 +0000 |
|---|---|---|
| committer | Andreas Schwab | 2002-01-06 20:47:00 +0000 |
| commit | e17144de551ae57a4ad51f9757b908325c21071a (patch) | |
| tree | 2f9b294ec87268296d53b1cab0e686d3ac8c2346 /src | |
| parent | b4ac0cdbf58a0dc9392164089aaa14c137ae4264 (diff) | |
| download | emacs-e17144de551ae57a4ad51f9757b908325c21071a.tar.gz emacs-e17144de551ae57a4ad51f9757b908325c21071a.zip | |
(make_gap_larger): Make sure buffer size does not overflow range of int.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ChangeLog | 5 | ||||
| -rw-r--r-- | src/insdel.c | 9 |
2 files changed, 11 insertions, 3 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index 1f49d908f91..7206d6f7e03 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -1,3 +1,8 @@ | |||
| 1 | 2002-01-06 Andreas Schwab <schwab@suse.de> | ||
| 2 | |||
| 3 | * insdel.c (make_gap_larger): Make sure buffer size does not | ||
| 4 | overflow range of int. | ||
| 5 | |||
| 1 | 2002-01-05 Jason Rumney <jasonr@gnu.org> | 6 | 2002-01-05 Jason Rumney <jasonr@gnu.org> |
| 2 | 7 | ||
| 3 | * w32term.c (x_draw_glyphs): Don't call notice_overwritten_cursor if | 8 | * w32term.c (x_draw_glyphs): Don't call notice_overwritten_cursor if |
diff --git a/src/insdel.c b/src/insdel.c index efc6aa44b6e..a71afb7258d 100644 --- a/src/insdel.c +++ b/src/insdel.c | |||
| @@ -533,10 +533,13 @@ make_gap_larger (nbytes_added) | |||
| 533 | 533 | ||
| 534 | /* Don't allow a buffer size that won't fit in an int | 534 | /* Don't allow a buffer size that won't fit in an int |
| 535 | even if it will fit in a Lisp integer. | 535 | even if it will fit in a Lisp integer. |
| 536 | That won't work because so many places use `int'. */ | 536 | That won't work because so many places use `int'. |
| 537 | |||
| 538 | Make sure we don't introduce overflows in the calculation. */ | ||
| 537 | 539 | ||
| 538 | if (Z_BYTE - BEG_BYTE + GAP_SIZE + nbytes_added | 540 | if (Z_BYTE - BEG_BYTE + GAP_SIZE |
| 539 | >= MOST_POSITIVE_FIXNUM) | 541 | >= (((EMACS_INT) 1 << (min (VALBITS, BITS_PER_INT) - 1)) - 1 |
| 542 | - nbytes_added)) | ||
| 540 | error ("Buffer exceeds maximum size"); | 543 | error ("Buffer exceeds maximum size"); |
| 541 | 544 | ||
| 542 | enlarge_buffer_text (current_buffer, nbytes_added); | 545 | enlarge_buffer_text (current_buffer, nbytes_added); |