diff options
Diffstat (limited to 'src/coding.c')
| -rw-r--r-- | src/coding.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/coding.c b/src/coding.c index c129c94203c..d17346efdcb 100644 --- a/src/coding.c +++ b/src/coding.c | |||
| @@ -1071,6 +1071,8 @@ coding_set_destination (struct coding_system *coding) | |||
| 1071 | static void | 1071 | static void |
| 1072 | coding_alloc_by_realloc (struct coding_system *coding, EMACS_INT bytes) | 1072 | coding_alloc_by_realloc (struct coding_system *coding, EMACS_INT bytes) |
| 1073 | { | 1073 | { |
| 1074 | if (coding->dst_bytes >= MOST_POSITIVE_FIXNUM - bytes) | ||
| 1075 | error ("Maximum size of buffer or string exceeded"); | ||
| 1074 | coding->destination = (unsigned char *) xrealloc (coding->destination, | 1076 | coding->destination = (unsigned char *) xrealloc (coding->destination, |
| 1075 | coding->dst_bytes + bytes); | 1077 | coding->dst_bytes + bytes); |
| 1076 | coding->dst_bytes += bytes; | 1078 | coding->dst_bytes += bytes; |
| @@ -2333,7 +2335,9 @@ decode_coding_emacs_mule (struct coding_system *coding) | |||
| 2333 | /* We may produce two annotations (charset and composition) in one | 2335 | /* We may produce two annotations (charset and composition) in one |
| 2334 | loop and one more charset annotation at the end. */ | 2336 | loop and one more charset annotation at the end. */ |
| 2335 | int *charbuf_end | 2337 | int *charbuf_end |
| 2336 | = coding->charbuf + coding->charbuf_size - (MAX_ANNOTATION_LENGTH * 3); | 2338 | = coding->charbuf + coding->charbuf_size - (MAX_ANNOTATION_LENGTH * 3) |
| 2339 | /* We can produce up to 2 characters in a loop. */ | ||
| 2340 | - 1; | ||
| 2337 | EMACS_INT consumed_chars = 0, consumed_chars_base; | 2341 | EMACS_INT consumed_chars = 0, consumed_chars_base; |
| 2338 | int multibytep = coding->src_multibyte; | 2342 | int multibytep = coding->src_multibyte; |
| 2339 | EMACS_INT char_offset = coding->produced_char; | 2343 | EMACS_INT char_offset = coding->produced_char; |
| @@ -2348,6 +2352,8 @@ decode_coding_emacs_mule (struct coding_system *coding) | |||
| 2348 | { | 2352 | { |
| 2349 | int i; | 2353 | int i; |
| 2350 | 2354 | ||
| 2355 | if (charbuf_end - charbuf < cmp_status->length) | ||
| 2356 | abort (); | ||
| 2351 | for (i = 0; i < cmp_status->length; i++) | 2357 | for (i = 0; i < cmp_status->length; i++) |
| 2352 | *charbuf++ = cmp_status->carryover[i]; | 2358 | *charbuf++ = cmp_status->carryover[i]; |
| 2353 | coding->annotated = 1; | 2359 | coding->annotated = 1; |
| @@ -3479,6 +3485,8 @@ decode_coding_iso_2022 (struct coding_system *coding) | |||
| 3479 | 3485 | ||
| 3480 | if (cmp_status->state != COMPOSING_NO) | 3486 | if (cmp_status->state != COMPOSING_NO) |
| 3481 | { | 3487 | { |
| 3488 | if (charbuf_end - charbuf < cmp_status->length) | ||
| 3489 | abort (); | ||
| 3482 | for (i = 0; i < cmp_status->length; i++) | 3490 | for (i = 0; i < cmp_status->length; i++) |
| 3483 | *charbuf++ = cmp_status->carryover[i]; | 3491 | *charbuf++ = cmp_status->carryover[i]; |
| 3484 | coding->annotated = 1; | 3492 | coding->annotated = 1; |