2011-07-29 Paul Eggert <eggert@cs.ucla.edu>
+ * xfaces.c: Integer and memory overflow fixes.
+ (Finternal_make_lisp_face): Use ptrdiff_t, not int, for sizes.
+ Check for size calculation overflow.
+ (cache_face): Do not overflow in size calculation.
+
* xdisp.c: Integer and memory overflow fixes.
(store_mode_line_noprop_char, x_consider_frame_title):
Use ptrdiff_t, not int, for sizes.
property `face' of the Lisp face name. */
if (next_lface_id == lface_id_to_name_size)
{
- int new_size = max (50, 2 * lface_id_to_name_size);
- int sz = new_size * sizeof *lface_id_to_name;
+ ptrdiff_t new_size, sz;
+ if (min (min (PTRDIFF_MAX, SIZE_MAX) / 2 / sizeof *lface_id_to_name,
+ MOST_POSITIVE_FIXNUM)
+ < lface_id_to_name_size)
+ memory_full (SIZE_MAX);
+ new_size = max (50, 2 * lface_id_to_name_size);
+ sz = new_size * sizeof *lface_id_to_name;
lface_id_to_name = (Lisp_Object *) xrealloc (lface_id_to_name, sz);
lface_id_to_name_size = new_size;
}
if (c->used == c->size)
{
int new_size, sz;
- new_size = min (2 * c->size, MAX_FACE_ID);
+ new_size =
+ min (2 * c->size,
+ min (MAX_FACE_ID,
+ min (PTRDIFF_MAX, SIZE_MAX) / sizeof *c->faces_by_id));
if (new_size == c->size)
abort (); /* Alternatives? ++kfs */
sz = new_size * sizeof *c->faces_by_id;
HCoop / bpt / emacs.git / commitdiff