diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2011-07-28 14:38:23 -0700 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2011-07-28 14:38:23 -0700 |
| commit | b4fb63147af14661b28c59d07987f8306deb5ed1 (patch) | |
| tree | d08ec36b66ae41e36f8004f2e196c85372ba0d84 | |
| parent | c9f8d652ab67b148cd0a1cb375b0e51e673c4094 (diff) | |
| download | emacs-b4fb63147af14661b28c59d07987f8306deb5ed1.tar.gz | |
* emacs.c (main, sort_args): Check for size-calculation overflow.
| -rw-r--r-- | src/ChangeLog | 2 | ||||
| -rw-r--r-- | src/emacs.c | 15 |
2 files changed, 14 insertions, 3 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index b823dd54498..52f1a76e54c 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-07-28 Paul Eggert <eggert@cs.ucla.edu> + * emacs.c (main, sort_args): Check for size-calculation overflow. + * editfns.c: Integer and memory overflow fixes. (set_time_zone_rule): Don't assume environment length fits in int. (message_length): Now ptrdiff_t, not int. diff --git a/src/emacs.c b/src/emacs.c index 39870ec0079..4de567a5588 100644 --- a/src/emacs.c +++ b/src/emacs.c @@ -1360,9 +1360,12 @@ Using an Emacs configured with --with-x-toolkit=lucid does not have this problem This requires inserting a new element into argv. */ if (displayname != 0 && skip_args - count_before == 1) { - char **new = (char **) xmalloc (sizeof (char *) * (argc + 2)); + char **new; int j; + if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof (char *) - 2 < argc) + memory_full (SIZE_MAX); + new = (char **) xmalloc (sizeof *new * argc + sizeof *new * 2); for (j = 0; j < count_before + 1; j++) new[j] = argv[j]; new[count_before + 1] = (char *) "-d"; @@ -1838,13 +1841,19 @@ sort_args (int argc, char **argv) 0 for an option that takes no arguments, 1 for an option that takes one argument, etc. -1 for an ordinary non-option argument. */ - int *options = (int *) xmalloc (sizeof (int) * argc); - int *priority = (int *) xmalloc (sizeof (int) * argc); + int *options; + int *priority; int to = 1; int incoming_used = 1; int from; int i; + if (sizeof (char *) < sizeof (int) + && min (PTRDIFF_MAX, SIZE_MAX) / sizeof (int) < argc) + memory_full (SIZE_MAX); + options = (int *) xmalloc (sizeof (int) * argc); + priority = (int *) xmalloc (sizeof (int) * argc); + /* Categorize all the options, and figure out which argv elts are option arguments. */ for (from = 1; from < argc; from++) |