[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] master 1a4c6e6: Fix read buffer overrun on overflowed inte
From: |
Paul Eggert |
Subject: |
[Emacs-diffs] master 1a4c6e6: Fix read buffer overrun on overflowed integers |
Date: |
Sat, 9 Jun 2018 20:18:35 -0400 (EDT) |
branch: master
commit 1a4c6e69db6f8861271f14338ed67aaf12cbd4c5
Author: Paul Eggert <address@hidden>
Commit: Paul Eggert <address@hidden>
Fix read buffer overrun on overflowed integers
* src/lread.c (read_integer): Fix off-by-1 buffer overrun
introduced in 2018-04-17T23:23:address@hidden The
bug could occur when Emacs read radixed integers containing
more than 100 digits. Bug caught by AddressSanitizer.
---
src/lread.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lread.c b/src/lread.c
index d2c7eae2..4229ff5 100644
--- a/src/lread.c
+++ b/src/lread.c
@@ -2680,8 +2680,8 @@ read_integer (Lisp_Object readcharfun, EMACS_INT radix)
valid = 0;
if (valid < 0)
valid = 1;
- *p = c;
- p += p < buf + sizeof buf;
+ if (p < buf + sizeof buf)
+ *p++ = c;
c = READCHAR;
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] master 1a4c6e6: Fix read buffer overrun on overflowed integers,
Paul Eggert <=