* image.c (cache_image): Check for size arithmetic overflow.

author Paul Eggert <eggert@cs.ucla.edu>

Thu, 23 Jun 2011 00:46:41 +0000 (17:46 -0700)

committer Paul Eggert <eggert@cs.ucla.edu>

Thu, 23 Jun 2011 00:46:41 +0000 (17:46 -0700)
author Paul Eggert <eggert@cs.ucla.edu>
Thu, 23 Jun 2011 00:46:41 +0000 (17:46 -0700)
committer Paul Eggert <eggert@cs.ucla.edu>
Thu, 23 Jun 2011 00:46:41 +0000 (17:46 -0700)
diff --git a/src/ChangeLog b/src/ChangeLog

index e1e9e24..7f174bf 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2011-06-23  Paul Eggert  <eggert@cs.ucla.edu>
+
+       * image.c (cache_image): Check for size arithmetic overflow.
+
  2011-06-22  Paul Eggert  <eggert@cs.ucla.edu>
  
         * lread.c: Integer overflow issues.
diff --git a/src/image.c b/src/image.c

index a9785e5..6e8440f 100644 (file)
--- a/src/image.c
+++ b/src/image.c
@@ -1836,6 +1836,8 @@ cache_image (struct frame *f, struct image *img)
    /* If no free slot found, maybe enlarge c->images.  */
    if (i == c->used && c->used == c->size)
      {
+      if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof *c->images / 2 < c->size)
+       memory_full (SIZE_MAX);
        c->size *= 2;
        c->images = (struct image **) xrealloc (c->images,
                                               c->size * sizeof *c->images);
author	Paul Eggert <eggert@cs.ucla.edu>
	Thu, 23 Jun 2011 00:46:41 +0000 (17:46 -0700)
committer	Paul Eggert <eggert@cs.ucla.edu>
	Thu, 23 Jun 2011 00:46:41 +0000 (17:46 -0700)
src/ChangeLog		patch \| blob \| blame \| history
src/image.c		patch \| blob \| blame \| history