From 1087305574fd61256d66eb0c995f8bb74bd91afe Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 8 Nov 2015 22:47:01 -0800 Subject: Use INT_ADD_WRAPV etc. to check integer overflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * src/alloc.c (xnmalloc, xnrealloc, xpalloc, Fmake_string): * src/buffer.c (record_overlay_string, overlay_strings): * src/casefiddle.c (casify_object): * src/ccl.c (Fccl_execute_on_string): * src/character.c (char_width, c_string_width, lisp_string_width) (count_size_as_multibyte, string_escape_byte8): * src/coding.c (coding_alloc_by_realloc, produce_chars): * src/data.c (arith_driver): * src/dispnew.c (realloc_glyph_pool, init_display): * src/editfns.c (styled_format): * src/fns.c (Ffillarray): * src/ftfont.c (ftfont_shape_by_flt): * src/gnutls.c (gnutls_hex_string): * src/gtkutil.c (get_utf8_string): * src/image.c (x_to_xcolors, x_detect_edges, png_load_body): * src/keymap.c (Fkey_description): * src/lisp.h (SAFE_ALLOCA_LISP): * src/term.c (encode_terminal_code): * src/tparam.c (tparam1): * src/xselect.c (x_property_data_to_lisp): * src/xsmfns.c (smc_save_yourself_CB): * src/xterm.c (x_term_init): When checking for integer overflow, prefer INT_MULTIPLY_WRAPV to more-complicated code involving division and/or INT_MULTIPLY_OVERFLOW, and similarly for INT_ADD_WRAPV and subtraction and/or INT_ADD_OVERFLOW. * src/casefiddle.c (casify_object): Simplify multibyte size check. * src/character.c: Remove some obsolete ‘#ifdef emacs’s. * src/data.c (arith_driver): Also check for division overflow, as that’s now possible given that the accumulator can now contain any Emacs integer. * src/lisp.h (lisp_word_count): Remove; no longer used. --- src/gtkutil.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src/gtkutil.c') diff --git a/src/gtkutil.c b/src/gtkutil.c index 701bcab7060..90683eba7b8 100644 --- a/src/gtkutil.c +++ b/src/gtkutil.c @@ -517,9 +517,12 @@ get_utf8_string (const char *str) if (cp) g_free (cp); len = strlen (str); - if ((min (PTRDIFF_MAX, SIZE_MAX) - len - 1) / 4 < nr_bad) + ptrdiff_t alloc; + if (INT_MULTIPLY_WRAPV (nr_bad, 4, &alloc) + || INT_ADD_WRAPV (len + 1, alloc, &alloc) + || SIZE_MAX < alloc) memory_full (SIZE_MAX); - up = utf8_str = xmalloc (len + nr_bad * 4 + 1); + up = utf8_str = xmalloc (alloc); p = (unsigned char *)str; while (! (cp = g_locale_to_utf8 ((char *)p, -1, &bytes_read, -- cgit v1.2.1