* insdel.c (count_size_as_multibyte): Check for string overflow.

diff --git a/src/ChangeLog b/src/ChangeLog
index 944a5df..b7bf459 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,7 @@
 2011-05-16  Paul Eggert  <eggert@cs.ucla.edu>
 
+       * insdel.c (count_size_as_multibyte): Check for string overflow.
+
        * character.c (lisp_string_width): Check for string overflow.
        Use EMACS_INT, not int, for string indexes and lengths; in
        particular, 2nd arg is now EMACS_INT, not int.  Do not crash if

diff --git a/src/insdel.c b/src/insdel.c
index 2662858..de9e8aa 100644 (file)
--- a/src/insdel.c
+++ b/src/insdel.c
@@ -20,6 +20,9 @@ along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.  */
 
 #include <config.h>
 #include <setjmp.h>
+
+#include <intprops.h>
+
 #include "lisp.h"
 #include "intervals.h"
 #include "buffer.h"
@@ -581,14 +584,19 @@ count_size_as_multibyte (const unsigned char *ptr, EMACS_INT nbytes)
   for (i = 0; i < nbytes; i++)
     {
       unsigned int c = *ptr++;
+      int n;
 
       if (ASCII_CHAR_P (c))
-       outgoing_nbytes++;
+       n = 1;
       else
        {
          c = BYTE8_TO_CHAR (c);
-         outgoing_nbytes += CHAR_BYTES (c);
+         n = CHAR_BYTES (c);
        }
+
+      if (INT_ADD_OVERFLOW (outgoing_nbytes, n))
+       string_overflow ();
+      outgoing_nbytes += n;
     }
 
   return outgoing_nbytes;