Avoid crashes in very large buffers with long lines

* src/xdisp.c (get_large_narrowing_begv, get_large_narrowing_zv) (get_medium_narrowing_begv, get_medium_narrowing_zv): Use 'ptrdiff_t' instead of 'int', to prevent integer overflow in large buffers. (Bug#72497)
2024-08-06 21:19:49 +03:00 · 2024-08-06 21:19:49 +03:00 · f1e37ae423
commit f1e37ae423
parent 3817355aed
1 changed files with 6 additions and 6 deletions
--- a/src/xdisp.c
+++ b/src/xdisp.c
@ -3621,14 +3621,14 @@ get_narrowed_len (struct window *w)
 static ptrdiff_t
 get_medium_narrowing_begv (struct window *w, ptrdiff_t pos)
 {
-  int len = get_narrowed_len (w);
+  ptrdiff_t len = get_narrowed_len (w);
  return max ((pos / len - 1) * len, BEGV);
 }

 static ptrdiff_t
 get_medium_narrowing_zv (struct window *w, ptrdiff_t pos)
 {
-  int len = get_narrowed_len (w);
+  ptrdiff_t len = get_narrowed_len (w);
  return min ((pos / len + 1) * len, ZV);
 }

@ -3678,9 +3678,9 @@ get_large_narrowing_begv (ptrdiff_t pos)
 {
  if (long_line_optimizations_region_size <= 0)
    return BEGV;
-  int len = long_line_optimizations_region_size / 2;
-  int begv = max (pos - len, BEGV);
-  int limit = long_line_optimizations_bol_search_limit;
+  ptrdiff_t len = long_line_optimizations_region_size / 2;
+  ptrdiff_t begv = max (pos - len, BEGV);
+  ptrdiff_t limit = long_line_optimizations_bol_search_limit;
  while (limit > 0)
    {
      if (begv == BEGV || FETCH_BYTE (CHAR_TO_BYTE (begv) - 1) == '\n')
@ -3696,7 +3696,7 @@ get_large_narrowing_zv (ptrdiff_t pos)
 {
  if (long_line_optimizations_region_size <= 0)
    return ZV;
-  int len = long_line_optimizations_region_size / 2;
+  ptrdiff_t len = long_line_optimizations_region_size / 2;
  return min (pos + len, ZV);
 }