diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2011-06-23 00:33:28 -0700 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2011-06-23 00:33:28 -0700 |
| commit | ff5844ad0bc84ea05e1f57827a040a31f54b8a9c (patch) | |
| tree | 3a3f031629dc86b70285d434b5e27a5ec9f64ff4 /src/print.c | |
| parent | 90532f02fdde568772852dc53be37d36855ef391 (diff) | |
| download | emacs-ff5844ad0bc84ea05e1f57827a040a31f54b8a9c.tar.gz | |
* print.c (printchar, strout): Check for string overflow.
(PRINTPREPARE, printchar, strout):
Don't set size unless allocation succeeds.
Diffstat (limited to 'src/print.c')
| -rw-r--r-- | src/print.c | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/src/print.c b/src/print.c index d07f89702cc..009bea34f65 100644 --- a/src/print.c +++ b/src/print.c @@ -159,8 +159,9 @@ int print_output_debug_flag EXTERNALLY_VISIBLE = 1; } \ else \ { \ - print_buffer_size = 1000; \ - print_buffer = (char *) xmalloc (print_buffer_size); \ + ptrdiff_t new_size = 1000; \ + print_buffer = (char *) xmalloc (new_size); \ + print_buffer_size = new_size; \ free_print_buffer = 1; \ } \ print_buffer_pos = 0; \ @@ -235,9 +236,15 @@ printchar (unsigned int ch, Lisp_Object fun) if (NILP (fun)) { - if (print_buffer_pos_byte + len >= print_buffer_size) - print_buffer = (char *) xrealloc (print_buffer, - print_buffer_size *= 2); + if (print_buffer_size - len <= print_buffer_pos_byte) + { + ptrdiff_t new_size; + if (STRING_BYTES_BOUND / 2 < print_buffer_size) + string_overflow (); + new_size = print_buffer_size * 2; + print_buffer = (char *) xrealloc (print_buffer, new_size); + print_buffer_size = new_size; + } memcpy (print_buffer + print_buffer_pos_byte, str, len); print_buffer_pos += 1; print_buffer_pos_byte += len; @@ -280,11 +287,14 @@ strout (const char *ptr, EMACS_INT size, EMACS_INT size_byte, if (NILP (printcharfun)) { - if (print_buffer_pos_byte + size_byte > print_buffer_size) + if (print_buffer_size - size_byte < print_buffer_pos_byte) { - print_buffer_size = print_buffer_size * 2 + size_byte; - print_buffer = (char *) xrealloc (print_buffer, - print_buffer_size); + ptrdiff_t new_size; + if (STRING_BYTES_BOUND / 2 - size_byte < print_buffer_size) + string_overflow (); + new_size = print_buffer_size * 2 + size_byte; + print_buffer = (char *) xrealloc (print_buffer, new_size); + print_buffer_size = new_size; } memcpy (print_buffer + print_buffer_pos_byte, ptr, size_byte); print_buffer_pos += size; |