diff options
| author | Paul Eggert <[email protected]> | 2011-09-27 08:58:20 -0700 |
|---|---|---|
| committer | Paul Eggert <[email protected]> | 2011-09-27 08:58:20 -0700 |
| commit | 2c6a9faaaebb2fca42c4f020865c7c077864cad8 (patch) | |
| tree | feee8819c9f6c93244985b5bb2ea2b91424c333e /src | |
| parent | c801946a9290fe742d87053615495e68d04ec6be (diff) | |
* coding.c: Integer and buffer overflow fixes.
(Funencodable_char_position, Fcheck_coding_systems_region)
(get_translation, handle_composition_annotation, consume_chars):
Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts.
(consume_chars): Rewrite to avoid calculating an address outside buffer.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ChangeLog | 4 | ||||
| -rw-r--r-- | src/coding.c | 10 |
2 files changed, 8 insertions, 6 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index 696123c6c1..a273fd6ece 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -167,8 +167,10 @@ Don't assume fixnums fit in int. (decode_coding_gap, decode_coding_object, encode_coding_object) (Fread_coding_system, Fdetect_coding_region) - (Funencodable_char_position, Fcheck_coding_systems_region): + (Funencodable_char_position, Fcheck_coding_systems_region) + (get_translation, handle_composition_annotation, consume_chars): Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (consume_chars): Rewrite to avoid calculating an address outside buffer. (Ffind_operation_coding_system): NATNUMP can eval its arg twice. (Fdefine_coding_system_internal): Check for charset-id overflow. (ENCODE_ISO_CHARACTER): Use unsigned, not int, to store the unsigned diff --git a/src/coding.c b/src/coding.c index 4450647679..25ac0e9764 100644 --- a/src/coding.c +++ b/src/coding.c @@ -6613,8 +6613,8 @@ get_translation (Lisp_Object trans, int *buf, int *buf_end) { Lisp_Object val = XCAR (trans); Lisp_Object from = XCAR (val); - int len = ASIZE (from); - int i; + ptrdiff_t len = ASIZE (from); + ptrdiff_t i; for (i = 0; i < len; i++) { @@ -7132,7 +7132,7 @@ handle_composition_annotation (ptrdiff_t pos, ptrdiff_t limit, if (method != COMPOSITION_RELATIVE) { Lisp_Object components; - int len, i, i_byte; + ptrdiff_t i, len, i_byte; components = COMPOSITION_COMPONENTS (prop); if (VECTORP (components)) @@ -7303,7 +7303,7 @@ consume_chars (struct coding_system *coding, Lisp_Object translation_table, *buf++ = c; else { - int from_nchars = 1, to_nchars = 1; + ptrdiff_t from_nchars = 1, to_nchars = 1; int *lookup_buf_end; const unsigned char *p = src; int i; @@ -7324,7 +7324,7 @@ consume_chars (struct coding_system *coding, Lisp_Object translation_table, else { to_nchars = ASIZE (trans); - if (buf + to_nchars > buf_end) + if (buf_end - buf < to_nchars) break; c = XINT (AREF (trans, 0)); } |