From c9d624c605059127505b6d4baec8f07d6ff731d9 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Wed, 8 Jun 2011 10:22:24 -0700
Subject: * alloc.c: Catch some string size overflows that we were missing.

(XMALLOC_OVERRUN_CHECK_SIZE) [!XMALLOC_OVERRUN_CHECK]: Define to 0,
for convenience in STRING_BYTES_MAX.
(STRING_BYTES_MAX): New macro, superseding the old one in lisp.h.
The definition here is exact; the one in lisp.h was approximate.
(allocate_string_data): Check for string overflow.  This catches
some instances we weren't catching before.  Also, it catches
size_t overflow on (unusual) hosts where SIZE_MAX <= min
(PTRDIFF_MAX, MOST_POSITIVE_FIXNUM), e.g., when size_t is 32 bits
and ptrdiff_t and EMACS_INT are both 64 bits.
* character.c, coding.c, doprnt.c, editfns.c, eval.c:
All uses of STRING_BYTES_MAX replaced by STRING_BYTES_BOUND.
* lisp.h (STRING_BYTES_BOUND): Renamed from STRING_BYTES_MAX.
---
 src/eval.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/eval.c')

diff --git a/src/eval.c b/src/eval.c
index ef5abac17ae..a9703fc0aa0 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -1994,7 +1994,7 @@ verror (const char *m, va_list ap)
 {
   char buf[4000];
   size_t size = sizeof buf;
-  size_t size_max = STRING_BYTES_MAX + 1;
+  size_t size_max = STRING_BYTES_BOUND + 1;
   size_t mlen = strlen (m);
   char *buffer = buf;
   size_t used;
-- 
cgit v1.2.1