mirrors/emacs
1
Fork 0
mirror of git://git.sv.gnu.org/emacs.git synced 2026-01-09 05:01:02 -08:00
Code Issues Projects Releases Wiki Activity

Fix insert-file-contents integer overflows

Browse source 
* src/fileio.c (Finsert_file_contents): Change ‘total’ from
ptrdiff_t to off_t since it might not fit in ptrdiff_t.
Check for overflow when estimating the insertion size.
This commit is contained in:
Paul Eggert 2025-07-12 14:22:02 -07:00
parent e6c6847973
commit 56091b6d5c
1 changed files with 10 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/fileio.c
View file

@ -4065,7 +4065,7 @@ by calling `format-decode', which see. */)
specpdl_ref count = SPECPDL_INDEX ();
Lisp_Object handler, val, insval, orig_filename, old_undo;
Lisp_Object p;
ptrdiff_t total = 0;
off_t total = 0;
bool regular;
int save_errno = 0;
char read_buf[READ_BUF_SIZE];
@ -4818,10 +4818,16 @@ by calling `format-decode', which see. */)
move_gap_both (PT, PT_BYTE);
/* Ensure the gap is at least one byte larger than needed for the
estimated file size, so that in the usual case we read to EOF
estimated insertion, so that in the usual case we read
without reallocating. */
if (GAP_SIZE <= total)
make_gap (total - GAP_SIZE + 1);
off_t inserted_estimate = min (end_offset, file_size_hint) - beg_offset;
if (GAP_SIZE <= inserted_estimate)
{
ptrdiff_t growth;
if (ckd_sub (&growth, inserted_estimate, GAP_SIZE - 1))
buffer_overflow ();
make_gap (growth);
}
if (beg_offset != 0 || (!NILP (replace)
&& !BASE_EQ (replace, Qunbound)))