From: Paul Eggert Date: Fri, 15 Jul 2011 06:44:47 +0000 (-0700) Subject: * bidi.c (bidi_cache_ensure_space): Also check that the bidi cache size X-Git-Tag: archive/raspbian/1%29.2+1-2+rpi1~1^2~324^2~2716^2~6 X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/www.github.com/%22bookmarks:///%22http:/www.example.com/cgi/%22https:/www.github.com/%22bookmarks:/?a=commitdiff_plain;h=0567546f8e9173195f40fa5122b7ad93fe17ef8c;p=emacs.git * bidi.c (bidi_cache_ensure_space): Also check that the bidi cache size does not exceed that of the largest Lisp string or buffer. See Eli Zaretskii in . --- diff --git a/src/ChangeLog b/src/ChangeLog index 5d6b5915b9b..e2c1dc7724f 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -15,6 +15,9 @@ Don't set bidi_cache_size until after xrealloc returns, because it might not return. (bidi_dump_cached_states): Use ptrdiff_t, not int, to avoid overflow. + (bidi_cache_ensure_space): Also check that the bidi cache size + does not exceed that of the largest Lisp string or buffer. See Eli + Zaretskii in . * alloc.c (__malloc_size_t): Remove. All uses replaced by size_t. See Andreas Schwab's note diff --git a/src/bidi.c b/src/bidi.c index 1999606639b..697ebb92856 100644 --- a/src/bidi.c +++ b/src/bidi.c @@ -464,9 +464,16 @@ bidi_cache_ensure_space (ptrdiff_t idx) if (idx >= bidi_cache_size) { ptrdiff_t new_size; - ptrdiff_t max_size = - min (PTRDIFF_MAX, SIZE_MAX) / elsz / BIDI_CACHE_CHUNK * BIDI_CACHE_CHUNK; - if (max_size <= idx) + + /* The bidi cache cannot be larger than the largest Lisp string + or buffer. */ + ptrdiff_t string_or_buffer_bound = + max (BUF_BYTES_MAX, STRING_BYTES_BOUND); + + /* Also, it cannot be larger than what C can represent. */ + ptrdiff_t c_bound = min (PTRDIFF_MAX, SIZE_MAX) / elsz; + + if (min (string_or_buffer_bound, c_bound) <= idx) memory_full (SIZE_MAX); new_size = idx - idx % BIDI_CACHE_CHUNK + BIDI_CACHE_CHUNK; bidi_cache = (struct bidi_it *) xrealloc (bidi_cache, new_size * elsz);