bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#9079: integer overflow etc. issues (e.g., image crashes Emacs)

From: Paul Eggert
Subject: bug#9079: integer overflow etc. issues (e.g., image crashes Emacs)
Date: Fri, 15 Jul 2011 00:22:44 -0700
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110516 Thunderbird/3.1.10 
On 07/14/11 22:46, Eli Zaretskii wrote:

> why is it a good idea to use ptrdiff_t instead of EMACS_INT?

Normally, ptrdiff_t and EMACS_INT are the same, but if --with-wide-int
is specified on a 32-bit host, ptrdiff_t is half the size of EMACS_INT
and is therefore more efficient.  That is, if a value is guaranteed
to fit within both ptrdiff_t and EMACS_INT ranges, then it's typically
better to store it in a ptrdiff_t variable.

> the bidi cache can never be longer than the longest Lisp
> string or buffer.  So having a cache longer than that is already a
> bug, and we should announce memory full when a Lisp integer overflows.

Thanks, I didn't know about that constraint.  More precisely, we
should announce memory full when either (1) the size of the longest
Lisp string or buffer is exceeded, or (2) the limits of the bidi
cache's underlying C representation are exceeded.  The code was
already doing (2) but it was not doing (1).

A further patch to do that is below.


* bidi.c (bidi_cache_ensure_space): Also check that the bidi cache size
does not exceed that of the largest Lisp string or buffer.  See Eli
Zaretskii in <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=9079#29>.
=== modified file 'src/bidi.c'
--- src/bidi.c  2011-07-14 21:57:00 +0000
+++ src/bidi.c  2011-07-15 06:43:47 +0000
@@ -464,9 +464,16 @@
   if (idx >= bidi_cache_size)
     {
       ptrdiff_t new_size;
-      ptrdiff_t max_size =
-       min (PTRDIFF_MAX, SIZE_MAX) / elsz / BIDI_CACHE_CHUNK * 
BIDI_CACHE_CHUNK;
-      if (max_size <= idx)
+
+      /* The bidi cache cannot be larger than the largest Lisp string
+        or buffer.  */
+      ptrdiff_t string_or_buffer_bound =
+       max (BUF_BYTES_MAX, STRING_BYTES_BOUND);
+
+      /* Also, it cannot be larger than what C can represent.  */
+      ptrdiff_t c_bound = min (PTRDIFF_MAX, SIZE_MAX) / elsz;
+
+      if (min (string_or_buffer_bound, c_bound) <= idx)
        memory_full (SIZE_MAX);
       new_size = idx - idx % BIDI_CACHE_CHUNK + BIDI_CACHE_CHUNK;
       bidi_cache = (struct bidi_it *) xrealloc (bidi_cache, new_size * elsz);
reply via email to
[Prev in Thread] Current Thread [Next in Thread]