diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2011-06-05 23:16:12 -0700 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2011-06-05 23:16:12 -0700 |
| commit | d1f3d2afe1057a99b9dec6d1bd5b57bfee81fdff (patch) | |
| tree | f471bdf3143b2d4ba0cf2d4c4e530304b7a67c88 /src/lisp.h | |
| parent | dd52fcea063f37a9875bf9196dbe11a442e8adfc (diff) | |
| download | emacs-d1f3d2afe1057a99b9dec6d1bd5b57bfee81fdff.tar.gz | |
Check for buffer and string overflow more precisely.
* buffer.h (BUF_BYTES_MAX): New macro.
* lisp.h (STRING_BYTES_MAX): New macro.
* alloc.c (Fmake_string):
* character.c (string_escape_byte8):
* coding.c (coding_alloc_by_realloc):
* doprnt.c (doprnt):
* editfns.c (Fformat):
* eval.c (verror):
Use STRING_BYTES_MAX, not MOST_POSITIVE_FIXNUM,
since they may not be the same number.
* editfns.c (Finsert_char):
* fileio.c (Finsert_file_contents):
Likewise for BUF_BYTES_MAX.
Diffstat (limited to 'src/lisp.h')
| -rw-r--r-- | src/lisp.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lisp.h b/src/lisp.h index a9e7354f9fc..a46436e718b 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -763,6 +763,12 @@ extern EMACS_INT string_bytes (struct Lisp_String *); #endif /* not GC_CHECK_STRING_BYTES */ +/* A string cannot contain more bytes than a fixnum can represent, + nor can it be so long that C pointer arithmetic stops working on + the string plus a terminating null. */ +#define STRING_BYTES_MAX \ + min (MOST_POSITIVE_FIXNUM, min (SIZE_MAX, PTRDIFF_MAX) - 1) + /* Mark STR as a unibyte string. */ #define STRING_SET_UNIBYTE(STR) \ do { if (EQ (STR, empty_multibyte_string)) \ |