2011-07-29 Paul Eggert <eggert@cs.ucla.edu>
+ * search.c: Integer and memory overflow fixes.
+ (Freplace_match): Check for size calculation overflow.
+ (Fset_match_data): Don't assume list lengths fit in 'int'.
+
* scroll.c: Integer and memory overflow fixes.
(do_line_insertion_deletion_costs): Check for size calculation overflow.
Don't bother calling xmalloc when xrealloc will do.
int really_changed = 0;
substed_alloc_size = length * 2 + 100;
+ if (min (PTRDIFF_MAX, SIZE_MAX) - 1 < substed_alloc_size)
+ memory_full (SIZE_MAX);
substed = (unsigned char *) xmalloc (substed_alloc_size + 1);
substed_len = 0;
/* Make sure SUBSTED is big enough. */
if (substed_len + add_len >= substed_alloc_size)
{
+ ptrdiff_t add_len_max =
+ min (PTRDIFF_MAX, SIZE_MAX) - 1 - 500 - substed_len;
+ if (add_len_max < add_len)
+ {
+ xfree (substed);
+ memory_full (SIZE_MAX);
+ }
substed_alloc_size = substed_len + add_len + 500;
substed = (unsigned char *) xrealloc (substed,
substed_alloc_size + 1);
If optional arg RESEAT is non-nil, make markers on LIST point nowhere. */)
(register Lisp_Object list, Lisp_Object reseat)
{
- register int i;
+ ptrdiff_t i;
register Lisp_Object marker;
if (running_asynch_code)
/* Allocate registers if they don't already exist. */
{
- int length = XFASTINT (Flength (list)) / 2;
+ ptrdiff_t length = XFASTINT (Flength (list)) / 2;
if (length > search_regs.num_regs)
{
+ if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof (regoff_t) < length)
+ memory_full (SIZE_MAX);
+
if (search_regs.num_regs == 0)
{
search_regs.start
HCoop / bpt / emacs.git / commitdiff