[Emacs-diffs] /srv/bzr/emacs/trunk r104057: Lift the MOST_POSITIVE

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] /srv/bzr/emacs/trunk r104057: Lift the MOST_POSITIVE_FIXNU

From:	Eli Zaretskii
Subject:	[Emacs-diffs] /srv/bzr/emacs/trunk r104057: Lift the MOST_POSITIVE_FIXNUM/4 limitation on visited files (bug#8528).
Date:	Fri, 29 Apr 2011 22:47:29 +0300
User-agent:	Bazaar (2.3.1)

------------------------------------------------------------
revno: 104057
fixes bug(s): http://debbugs.gnu.org/8528
committer: Eli Zaretskii <address@hidden>
branch nick: trunk
timestamp: Fri 2011-04-29 22:47:29 +0300
message:
  Lift the MOST_POSITIVE_FIXNUM/4 limitation on visited files (bug#8528).
  
   src/fileio.c (Finsert_file_contents): Don't limit file size to 1/4
   of MOST_POSITIVE_FIXNUM.
   src/coding.c (coding_alloc_by_realloc): Error out if destination
   will grow beyond MOST_POSITIVE_FIXNUM.
   (decode_coding_emacs_mule): Abort if there isn't enough place in
   charbuf for the composition carryover bytes.  Reserve an extra
   space for up to 2 characters produced in a loop.
   (decode_coding_iso_2022): Abort if there isn't enough place in
   charbuf for the composition carryover bytes.
modified:
  src/ChangeLog
  src/coding.c
  src/fileio.c

=== modified file 'src/ChangeLog'
--- a/src/ChangeLog     2011-04-29 19:34:06 +0000
+++ b/src/ChangeLog     2011-04-29 19:47:29 +0000
@@ -1,4 +1,18 @@
-2011-04-29  Eli Zaretskii  <address@hidden>
+2011-04-21  Eli Zaretskii  <address@hidden>
+
+       Lift the MOST_POSITIVE_FIXNUM/4 limitation on visited files.
+       * fileio.c (Finsert_file_contents): Don't limit file size to 1/4
+       of MOST_POSITIVE_FIXNUM.  (Bug#8528)
+
+       * coding.c (coding_alloc_by_realloc): Error out if destination
+       will grow beyond MOST_POSITIVE_FIXNUM.
+       (decode_coding_emacs_mule): Abort if there isn't enough place in
+       charbuf for the composition carryover bytes.  Reserve an extra
+       space for up to 2 characters produced in a loop.
+       (decode_coding_iso_2022): Abort if there isn't enough place in
+       charbuf for the composition carryover bytes.
+
+2011-04-21  Eli Zaretskii  <address@hidden>
 
        * doprnt.c (doprnt) [!HAVE_LONG_LONG_INT]: Error out instead of
        aborting when %lld or %lll format is passed.

=== modified file 'src/coding.c'
--- a/src/coding.c      2011-04-27 18:15:29 +0000
+++ b/src/coding.c      2011-04-29 19:47:29 +0000
@@ -1071,6 +1071,8 @@
 static void
 coding_alloc_by_realloc (struct coding_system *coding, EMACS_INT bytes)
 {
+  if (coding->dst_bytes >= MOST_POSITIVE_FIXNUM - bytes)
+    error ("Maximum size of buffer or string exceeded");
   coding->destination = (unsigned char *) xrealloc (coding->destination,
                                                    coding->dst_bytes + bytes);
   coding->dst_bytes += bytes;
@@ -2333,7 +2335,9 @@
   /* We may produce two annotations (charset and composition) in one
      loop and one more charset annotation at the end.  */
   int *charbuf_end
-    = coding->charbuf + coding->charbuf_size - (MAX_ANNOTATION_LENGTH * 3);
+    = coding->charbuf + coding->charbuf_size - (MAX_ANNOTATION_LENGTH * 3)
+      /* We can produce up to 2 characters in a loop.  */
+      - 1;
   EMACS_INT consumed_chars = 0, consumed_chars_base;
   int multibytep = coding->src_multibyte;
   EMACS_INT char_offset = coding->produced_char;
@@ -2348,6 +2352,8 @@
     {
       int i;
 
+      if (charbuf_end - charbuf < cmp_status->length)
+       abort ();
       for (i = 0; i < cmp_status->length; i++)
        *charbuf++ = cmp_status->carryover[i];
       coding->annotated = 1;
@@ -3479,6 +3485,8 @@
 
   if (cmp_status->state != COMPOSING_NO)
     {
+      if (charbuf_end - charbuf < cmp_status->length)
+       abort ();
       for (i = 0; i < cmp_status->length; i++)
        *charbuf++ = cmp_status->carryover[i];
       coding->annotated = 1;

=== modified file 'src/fileio.c'
--- a/src/fileio.c      2011-04-14 20:20:17 +0000
+++ b/src/fileio.c      2011-04-29 19:47:29 +0000
@@ -3245,15 +3245,10 @@
   record_unwind_protect (close_file_unwind, make_number (fd));
 
 
-  /* Arithmetic overflow can occur if an Emacs integer cannot represent the
-     file size, or if the calculations below overflow.  The calculations below
-     double the file size twice, so check that it can be multiplied by 4
-     safely.
-
-     Also check whether the size is negative, which can happen on a platform
-     that allows file sizes greater than the maximum off_t value.  */
+  /* Check whether the size is too large or negative, which can happen on a
+     platform that allows file sizes greater than the maximum off_t value.  */
   if (! not_regular
-      && ! (0 <= st.st_size && st.st_size <= MOST_POSITIVE_FIXNUM / 4))
+      && ! (0 <= st.st_size && st.st_size <= MOST_POSITIVE_FIXNUM))
     error ("Maximum buffer size exceeded");
 
   /* Prevent redisplay optimizations.  */

[Prev in Thread]

Current Thread

[Next in Thread]

[Emacs-diffs] /srv/bzr/emacs/trunk r104057: Lift the MOST_POSITIVE_FIXNUM/4 limitation on visited files (bug#8528)., Eli Zaretskii <=

Prev by Date: [Emacs-diffs] /srv/bzr/emacs/trunk r104056: Don't abort in doprnt when passed unsupported %ll modifier.
Next by Date: [Emacs-diffs] /srv/bzr/emacs/trunk r104058: shr.el (shr-strike-through): New face.
Previous by thread: [Emacs-diffs] /srv/bzr/emacs/trunk r104056: Don't abort in doprnt when passed unsupported %ll modifier.
Next by thread: [Emacs-diffs] /srv/bzr/emacs/trunk r104058: shr.el (shr-strike-through): New face.
Index(es):
- Date
- Thread