From 17828df2d81aef1c7886cddd881ad6f67f1e4abe Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 28 Jul 2011 13:30:20 -0700
Subject: * character.c (Fstring): Check for size-calculation overflow.

---
 src/character.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/character.c')

diff --git a/src/character.c b/src/character.c
index 5e2eccf54db..50b5b252871 100644
--- a/src/character.c
+++ b/src/character.c
@@ -902,6 +902,8 @@ usage: (string &rest CHARACTERS)  */)
   Lisp_Object str;
   USE_SAFE_ALLOCA;
 
+  if (min (PTRDIFF_MAX, SIZE_MAX) / MAX_MULTIBYTE_LENGTH < n)
+    memory_full (SIZE_MAX);
   SAFE_ALLOCA (buf, unsigned char *, MAX_MULTIBYTE_LENGTH * n);
   p = buf;
 
-- 
cgit v1.2.1