[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] master a65c092 2/2: Fix integer overflow in oversize vecto
From: |
Paul Eggert |
Subject: |
[Emacs-diffs] master a65c092 2/2: Fix integer overflow in oversize vectors |
Date: |
Sat, 8 Dec 2018 13:50:22 -0500 (EST) |
branch: master
commit a65c0929ebd6f1980fe0f493a7d623aac63a34bd
Author: Paul Eggert <address@hidden>
Commit: Paul Eggert <address@hidden>
Fix integer overflow in oversize vectors
* src/alloc.c (allocate_vector): Fix integer overflow when
allocating very large vectors, by taking large_vector_offset
into account. Assume C99.
---
src/alloc.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/alloc.c b/src/alloc.c
index 596de3a..8eaa810 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -3388,12 +3388,11 @@ allocate_vectorlike (ptrdiff_t len)
struct Lisp_Vector *
allocate_vector (EMACS_INT len)
{
- struct Lisp_Vector *v;
- ptrdiff_t nbytes_max = min (PTRDIFF_MAX, SIZE_MAX);
-
- if (min ((nbytes_max - header_size) / word_size, MOST_POSITIVE_FIXNUM) < len)
+ ptrdiff_t wordbytes_max = (min (PTRDIFF_MAX, SIZE_MAX)
+ - header_size - large_vector_offset);
+ if (min (wordbytes_max / word_size, MOST_POSITIVE_FIXNUM) < len)
memory_full (SIZE_MAX);
- v = allocate_vectorlike (len);
+ struct Lisp_Vector *v = allocate_vectorlike (len);
if (len)
v->header.size = len;
return v;