* character.c (Fstring): Check for size-calculation overflow.

author Paul Eggert <eggert@cs.ucla.edu>

Thu, 28 Jul 2011 20:30:20 +0000 (13:30 -0700)

committer Paul Eggert <eggert@cs.ucla.edu>

Thu, 28 Jul 2011 20:30:20 +0000 (13:30 -0700)
author Paul Eggert <eggert@cs.ucla.edu>
Thu, 28 Jul 2011 20:30:20 +0000 (13:30 -0700)
committer Paul Eggert <eggert@cs.ucla.edu>
Thu, 28 Jul 2011 20:30:20 +0000 (13:30 -0700)
diff --git a/src/ChangeLog b/src/ChangeLog

index b35f560..9f50e92 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,7 @@
  2011-07-28  Paul Eggert  <eggert@cs.ucla.edu>
  
+       * character.c (Fstring): Check for size-calculation overflow.
+
         * ccl.c: Integer and memory overflow fixes.
         (Fccl_execute_on_string): Check for memory overflow.
         Use ptrdiff_t rather than EMACS_INT where ptrdiff_t will do.
diff --git a/src/character.c b/src/character.c

index 5e2eccf..50b5b25 100644 (file)
--- a/src/character.c
+++ b/src/character.c
@@ -902,6 +902,8 @@ usage: (string &rest CHARACTERS)  */)
    Lisp_Object str;
    USE_SAFE_ALLOCA;
  
+  if (min (PTRDIFF_MAX, SIZE_MAX) / MAX_MULTIBYTE_LENGTH < n)
+    memory_full (SIZE_MAX);
    SAFE_ALLOCA (buf, unsigned char *, MAX_MULTIBYTE_LENGTH * n);
    p = buf;
author	Paul Eggert <eggert@cs.ucla.edu>
	Thu, 28 Jul 2011 20:30:20 +0000 (13:30 -0700)
committer	Paul Eggert <eggert@cs.ucla.edu>
	Thu, 28 Jul 2011 20:30:20 +0000 (13:30 -0700)
src/ChangeLog		patch \| blob \| blame \| history
src/character.c		patch \| blob \| blame \| history