(make_gap_larger): Make sure buffer size does not overflow range of int.

2024-12-11 09:20:51 +00:00 · 2002-01-06 20:47:00 +00:00 · 2002-01-06 20:47:00 +00:00 · e17144de55
commit e17144de55
parent b4ac0cdbf5
2 changed files with 11 additions and 3 deletions
--- a/src/ChangeLog
+++ b/src/ChangeLog
@ -1,3 +1,8 @@
+2002-01-06  Andreas Schwab  <schwab@suse.de>
+
+	* insdel.c (make_gap_larger): Make sure buffer size does not
+	overflow range of int.
+
 2002-01-05  Jason Rumney  <jasonr@gnu.org>

 	* w32term.c (x_draw_glyphs): Don't call notice_overwritten_cursor if
--- a/src/insdel.c
+++ b/src/insdel.c
@ -533,10 +533,13 @@ make_gap_larger (nbytes_added)

  /* Don't allow a buffer size that won't fit in an int
     even if it will fit in a Lisp integer.
-     That won't work because so many places use `int'.  */
+     That won't work because so many places use `int'.
+
+     Make sure we don't introduce overflows in the calculation.  */
     
-  if (Z_BYTE - BEG_BYTE + GAP_SIZE + nbytes_added
-      >= MOST_POSITIVE_FIXNUM)
+  if (Z_BYTE - BEG_BYTE + GAP_SIZE
+      >= (((EMACS_INT) 1 << (min (VALBITS, BITS_PER_INT) - 1)) - 1
+	  - nbytes_added))
    error ("Buffer exceeds maximum size");

  enlarge_buffer_text (current_buffer, nbytes_added);