procyberian/emacs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* print.c (printchar, strout): Check for string overflow.

Browse source 
(PRINTPREPARE, printchar, strout):
Don't set size unless allocation succeeds.
This commit is contained in:
Paul Eggert 2011-06-23 00:33:28 -07:00
parent 90532f02fd
commit ff5844ad0b
2 changed files with 23 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/ChangeLog
View file

@ -1,5 +1,9 @@
2011-06-23 Paul Eggert <eggert@cs.ucla.edu>
* print.c (printchar, strout): Check for string overflow.
(PRINTPREPARE, printchar, strout):
Don't set size unless allocation succeeds.
* minibuf.c (read_minibuf_noninteractive): Use ptrdiff_t, not int,
for sizes. Check for string overflow more accurately.
Simplify newline removal at end; this suppresses a GCC 4.6.0 warning.

28
src/print.c
View file

@ -159,8 +159,9 @@ int print_output_debug_flag EXTERNALLY_VISIBLE = 1;
} \
else \
{ \
print_buffer_size = 1000; \
print_buffer = (char *) xmalloc (print_buffer_size); \
ptrdiff_t new_size = 1000; \
print_buffer = (char *) xmalloc (new_size); \
print_buffer_size = new_size; \
free_print_buffer = 1; \
} \
print_buffer_pos = 0; \
@ -235,9 +236,15 @@ printchar (unsigned int ch, Lisp_Object fun)
if (NILP (fun))
{
if (print_buffer_pos_byte + len >= print_buffer_size)
print_buffer = (char *) xrealloc (print_buffer,
print_buffer_size *= 2);
if (print_buffer_size - len <= print_buffer_pos_byte)
{
ptrdiff_t new_size;
if (STRING_BYTES_BOUND / 2 < print_buffer_size)
string_overflow ();
new_size = print_buffer_size * 2;
print_buffer = (char *) xrealloc (print_buffer, new_size);
print_buffer_size = new_size;
}
memcpy (print_buffer + print_buffer_pos_byte, str, len);
print_buffer_pos += 1;
print_buffer_pos_byte += len;
@ -280,11 +287,14 @@ strout (const char *ptr, EMACS_INT size, EMACS_INT size_byte,
if (NILP (printcharfun))
{
if (print_buffer_pos_byte + size_byte > print_buffer_size)
if (print_buffer_size - size_byte < print_buffer_pos_byte)
{
print_buffer_size = print_buffer_size * 2 + size_byte;
print_buffer = (char *) xrealloc (print_buffer,
print_buffer_size);
ptrdiff_t new_size;
if (STRING_BYTES_BOUND / 2 - size_byte < print_buffer_size)
string_overflow ();
new_size = print_buffer_size * 2 + size_byte;
print_buffer = (char *) xrealloc (print_buffer, new_size);
print_buffer_size = new_size;
}
memcpy (print_buffer + print_buffer_pos_byte, ptr, size_byte);
print_buffer_pos += size;