(make_gap_larger): Make sure buffer size does not overflow range of int.

diff --git a/src/ChangeLog b/src/ChangeLog
index 1f49d90..7206d6f 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2002-01-06  Andreas Schwab  <schwab@suse.de>
+
+       * insdel.c (make_gap_larger): Make sure buffer size does not
+       overflow range of int.
+
 2002-01-05  Jason Rumney  <jasonr@gnu.org>
 
        * w32term.c (x_draw_glyphs): Don't call notice_overwritten_cursor if

diff --git a/src/insdel.c b/src/insdel.c
index efc6aa4..a71afb7 100644 (file)
--- a/src/insdel.c
+++ b/src/insdel.c
@@ -533,10 +533,13 @@ make_gap_larger (nbytes_added)
 
   /* Don't allow a buffer size that won't fit in an int
      even if it will fit in a Lisp integer.
-     That won't work because so many places use `int'.  */
+     That won't work because so many places use `int'.
+
+     Make sure we don't introduce overflows in the calculation.  */
      
-  if (Z_BYTE - BEG_BYTE + GAP_SIZE + nbytes_added
-      >= MOST_POSITIVE_FIXNUM)
+  if (Z_BYTE - BEG_BYTE + GAP_SIZE
+      >= (((EMACS_INT) 1 << (min (VALBITS, BITS_PER_INT) - 1)) - 1
+         - nbytes_added))
     error ("Buffer exceeds maximum size");
 
   enlarge_buffer_text (current_buffer, nbytes_added);