[Emacs-diffs] master 1a4c6e6: Fix read buffer overrun on overflowed inte

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] master 1a4c6e6: Fix read buffer overrun on overflowed inte

From:	Paul Eggert
Subject:	[Emacs-diffs] master 1a4c6e6: Fix read buffer overrun on overflowed integers
Date:	Sat, 9 Jun 2018 20:18:35 -0400 (EDT)

branch: master
commit 1a4c6e69db6f8861271f14338ed67aaf12cbd4c5
Author: Paul Eggert <address@hidden>
Commit: Paul Eggert <address@hidden>

    Fix read buffer overrun on overflowed integers
    
    * src/lread.c (read_integer): Fix off-by-1 buffer overrun
    introduced in 2018-04-17T23:23:address@hidden  The
    bug could occur when Emacs read radixed integers containing
    more than 100 digits.  Bug caught by AddressSanitizer.
---
 src/lread.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lread.c b/src/lread.c
index d2c7eae2..4229ff5 100644
--- a/src/lread.c
+++ b/src/lread.c
@@ -2680,8 +2680,8 @@ read_integer (Lisp_Object readcharfun, EMACS_INT radix)
            valid = 0;
          if (valid < 0)
            valid = 1;
-         *p = c;
-         p += p < buf + sizeof buf;
+         if (p < buf + sizeof buf)
+           *p++ = c;
          c = READCHAR;
        }

[Prev in Thread]

Current Thread

[Next in Thread]

[Emacs-diffs] master 1a4c6e6: Fix read buffer overrun on overflowed integers, Paul Eggert <=

Prev by Date: [Emacs-diffs] master 89e2683: Implement the C++11 "using" type definition.
Next by Date: [Emacs-diffs] master updated (1a4c6e6 -> d12924c)
Previous by thread: [Emacs-diffs] master 89e2683: Implement the C++11 "using" type definition.
Next by thread: [Emacs-diffs] master updated (1a4c6e6 -> d12924c)
Index(es):
- Date
- Thread