GNU bug report logs - #9196
integer and memory overflow issues (e.g., cut-and-paste crashes Emacs)

Previous Next

Package: emacs;

Reported by: Paul Eggert <eggert <at> cs.ucla.edu>

Date: Fri, 29 Jul 2011 06:47:02 UTC

Severity: normal

Tags: patch

Found in version 24.0.50

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

Message #26 received at 9196 <at> debbugs.gnu.org (full text, mbox):

From: Jan Djärv <jan.h.d <at> swipnet.se>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: 9196 <at> debbugs.gnu.org
Subject: Re: bug#9196: integer and memory overflow issues (e.g., cut-and-paste
	crashes Emacs)
Date: Sun, 31 Jul 2011 10:57:20 +0200


Paul Eggert skrev 2011-07-30 21:16:
> I take your point that the checks add clutter, so I'll
> revise the patch to address that problem, by adding a
> couple of memory allocators that do the proper overflow
> checking internally, so that callers don't need to
> test for integer overflow.
>
> This will take a bit of time to prepare and test, so
> please bear with me, but to give you a feel here's a draft
> of the revised patch to xgselect.c.  This simplifies
> xgselect.c compared to what's in the trunk now.
>

That is a good approach, very nice.

> --- src/xgselect.c	2011-07-01 09:18:46 +0000
> +++ src/xgselect.c	2011-07-30 18:19:51 +0000
> @@ -54,10 +54,8 @@
>     do {
>       if (n_gfds>  gfds_size)
>         {
> -        while (n_gfds>  gfds_size)
> -          gfds_size *= 2;
>           xfree (gfds);
> -        gfds = xmalloc (sizeof (*gfds) * gfds_size);
> +        gfds = xpmalloc (&gfds_size, n_gfds - gfds_size, INT_MAX, sizeof *gfds);
>         }
>
>       n_gfds = g_main_context_query (context,
>

	Jan D.
This bug report was last modified 13 years and 273 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.