* buffer.c (record_overlay_string): Check for size-calculation overflow.

(struct sortstrlist.size, struct sortlist.used): Don't truncate size to int.
author: Paul Eggert <[email protected]> 2011-06-17 01:10:34 -0700
committer: Paul Eggert <[email protected]> 2011-06-17 01:10:34 -0700
commit: 67c36fce599fc28e5ae3eca371d034c600265dd2 (patch)
tree: d33f388c65d9830ef51ed32a608fd1b523081152 /src/buffer.c
parent: 93cb6be35e90f37078276fe60142050d9cff524a (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/src/buffer.c b/src/buffer.c
index 90a10ec2a3..93f739c0d4 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -2933,8 +2933,8 @@ struct sortstr
 struct sortstrlist
 {
   struct sortstr *buf;	/* An array that expands as needed; never freed.  */
-  int size;		/* Allocated length of that array.  */
-  int used;		/* How much of the array is currently in use.  */
+  ptrdiff_t size;	/* Allocated length of that array.  */
+  ptrdiff_t used;	/* How much of the array is currently in use.  */
   EMACS_INT bytes;		/* Total length of the strings in buf.  */
 };
 
@@ -2969,7 +2969,10 @@ record_overlay_string (struct sortstrlist *ssl, Lisp_Object str,
 
   if (ssl->used == ssl->size)
     {
-      if (ssl->buf)
+      if (min (PTRDIFF_MAX, SIZE_MAX) / (sizeof (struct sortstr) * 2)
+	  < ssl->size)
+	memory_full (SIZE_MAX);
+      else if (0 < ssl->size)
 	ssl->size *= 2;
       else
 	ssl->size = 5;
author	Paul Eggert <[email protected]>	2011-06-17 01:10:34 -0700
committer	Paul Eggert <[email protected]>	2011-06-17 01:10:34 -0700
commit	67c36fce599fc28e5ae3eca371d034c600265dd2 (patch)
tree	d33f388c65d9830ef51ed32a608fd1b523081152 /src/buffer.c
parent	93cb6be35e90f37078276fe60142050d9cff524a (diff)