* editfns.c: Integer and memory overflow fixes.

(set_time_zone_rule): Don't assume environment length fits in int.
(message_length): Now ptrdiff_t, not int.
(Fmessage_box): Don't update size until allocation succeeds.
Don't assume message length fits in int.
(Fformat): Use ptrdiff_t, not EMACS_INT, where ptrdiff_t will do.

1 files changed, 4 insertions, 4 deletions

diff --git a/src/editfns.c b/src/editfns.c
index 18fefa5e3b..1616305faa 100644
--- a/src/editfns.c
+++ b/src/editfns.c
@@ -2105,7 +2105,7 @@ static char set_time_zone_rule_tz2[] = "TZ=GMT+1";
 void
 set_time_zone_rule (const char *tzstring)
 {
-  int envptrs;
+  ptrdiff_t envptrs;
   char **from, **to, **newenv;
 
   /* Make the ENVIRON vector longer with room for TZSTRING.  */
@@ -3355,7 +3355,7 @@ usage: (save-restriction &rest BODY)  */)
 static char *message_text;
 
 /* Allocated length of that buffer.  */
-static int message_length;
+static ptrdiff_t message_length;
 
 DEFUN ("message", Fmessage, Smessage, 1, MANY, 0,
        doc: /* Display a message at the bottom of the screen.
@@ -3437,8 +3437,8 @@ usage: (message-box FORMAT-STRING &rest ARGS)  */)
 	}
       if (SBYTES (val) > message_length)
 	{
+	  message_text = (char *) xrealloc (message_text, SBYTES (val));
 	  message_length = SBYTES (val);
-	  message_text = (char *)xrealloc (message_text, message_length);
 	}
       memcpy (message_text, SDATA (val), SBYTES (val));
       message2 (message_text, SBYTES (val),
@@ -4163,7 +4163,7 @@ usage: (format STRING &rest OBJECTS)  */)
 	 character.  CONVBYTES says how much room is needed.  Allocate
 	 enough room (and then some) and do it again.  */
       {
-	EMACS_INT used = p - buf;
+	ptrdiff_t used = p - buf;
 
 	if (max_bufsize - used < convbytes)
 	  string_overflow ();