From 1d526e2f33eb2615944717c9231bc1d27aef1117 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Thu, 28 Jul 2011 22:09:32 -0700 Subject: [PATCH] * xsmfns.c (smc_save_yourself_CB): Check for size calc overflow. --- src/ChangeLog | 2 ++ src/xsmfns.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/src/ChangeLog b/src/ChangeLog index f8e5ca78b33..1f288a48f2f 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-07-29 Paul Eggert + * xsmfns.c (smc_save_yourself_CB): Check for size calc overflow. + * xselect.c: Integer and memory overflow issues. (X_LONG_SIZE, X_USHRT_MAX, X_ULONG_MAX): New macros. Use them to make the following changes clearer. diff --git a/src/xsmfns.c b/src/xsmfns.c index cb56ae648d1..217087dbae7 100644 --- a/src/xsmfns.c +++ b/src/xsmfns.c @@ -223,6 +223,9 @@ smc_save_yourself_CB (SmcConn smcConn, props[props_idx]->name = xstrdup (SmRestartCommand); props[props_idx]->type = xstrdup (SmLISTofARRAY8); /* /path/to/emacs, --smid=xxx --no-splash --chdir=dir ... */ + if (min (INT_MAX, min (PTRDIFF_MAX, SIZE_MAX) / sizeof *vp) - 3 + < initial_argc) + memory_full (SIZE_MAX); i = 3 + initial_argc; props[props_idx]->num_vals = i; vp = (SmPropValue *) xmalloc (i * sizeof(*vp)); -- 2.11.4.GIT