From: Eli Zaretskii <eliz@gnu.org>
Date: Tue, 6 Aug 2024 18:19:49 +0000 (+0300)
Subject: Avoid crashes in very large buffers with long lines
X-Git-Tag: archive/raspbian/1%30.1+1-3+rpi1^2~2^2~20^2~588
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f1e37ae423f3be6224f88a21f30ed40e73a4ce22;p=emacs.git

Avoid crashes in very large buffers with long lines

* src/xdisp.c (get_large_narrowing_begv, get_large_narrowing_zv)
(get_medium_narrowing_begv, get_medium_narrowing_zv): Use
'ptrdiff_t' instead of 'int', to prevent integer overflow in
large buffers.  (Bug#72497)
---

diff --git a/src/xdisp.c b/src/xdisp.c
index 1dadb372911..5add42ef11b 100644
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -3621,14 +3621,14 @@ get_narrowed_len (struct window *w)
 static ptrdiff_t
 get_medium_narrowing_begv (struct window *w, ptrdiff_t pos)
 {
-  int len = get_narrowed_len (w);
+  ptrdiff_t len = get_narrowed_len (w);
   return max ((pos / len - 1) * len, BEGV);
 }
 
 static ptrdiff_t
 get_medium_narrowing_zv (struct window *w, ptrdiff_t pos)
 {
-  int len = get_narrowed_len (w);
+  ptrdiff_t len = get_narrowed_len (w);
   return min ((pos / len + 1) * len, ZV);
 }
 
@@ -3678,9 +3678,9 @@ get_large_narrowing_begv (ptrdiff_t pos)
 {
   if (long_line_optimizations_region_size <= 0)
     return BEGV;
-  int len = long_line_optimizations_region_size / 2;
-  int begv = max (pos - len, BEGV);
-  int limit = long_line_optimizations_bol_search_limit;
+  ptrdiff_t len = long_line_optimizations_region_size / 2;
+  ptrdiff_t begv = max (pos - len, BEGV);
+  ptrdiff_t limit = long_line_optimizations_bol_search_limit;
   while (limit > 0)
     {
       if (begv == BEGV || FETCH_BYTE (CHAR_TO_BYTE (begv) - 1) == '\n')
@@ -3696,7 +3696,7 @@ get_large_narrowing_zv (ptrdiff_t pos)
 {
   if (long_line_optimizations_region_size <= 0)
     return ZV;
-  int len = long_line_optimizations_region_size / 2;
+  ptrdiff_t len = long_line_optimizations_region_size / 2;
   return min (pos + len, ZV);
 }