* scroll.c: Integer and memory overflow fixes.

(do_line_insertion_deletion_costs): Check for size calculation overflow. Don't bother calling xmalloc when xrealloc will do.
author: Paul Eggert <eggert@cs.ucla.edu> 2011-07-28 18:11:37 -0700
committer: Paul Eggert <eggert@cs.ucla.edu> 2011-07-28 18:11:37 -0700
commit: 1d5689025c709551296684432b04d1ad39e90c71 (patch)
tree: 11b6e04dc229193ab101a0792403301fc10a44c3
parent: 7d56f940979701a930cf9a7bc753fb9f39ce508b (diff)
download: emacs-1d5689025c709551296684432b04d1ad39e90c71.tar.gz
emacs-1d5689025c709551296684432b04d1ad39e90c71.tar.bz2
emacs-1d5689025c709551296684432b04d1ad39e90c71.zip
2 files changed, 19 insertions, 26 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 662d03aaf3d..a80c370e0ad 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,9 @@
 2011-07-29  Paul Eggert  <eggert@cs.ucla.edu>
 
+	* scroll.c: Integer and memory overflow fixes.
+	(do_line_insertion_deletion_costs): Check for size calculation overflow.
+	Don't bother calling xmalloc when xrealloc will do.
+
 	* region-cache.c (move_cache_gap): Check for size calculation overflow.
 
 	* process.c (Fnetwork_interface_list): Check for overflow
diff --git a/src/scroll.c b/src/scroll.c
index 6291936a541..9184919f0ce 100644
--- a/src/scroll.c
+++ b/src/scroll.c
@@ -969,32 +969,21 @@ do_line_insertion_deletion_costs (FRAME_PTR frame,
 				  const char *cleanup_string,
 				  int coefficient)
 {
-  if (FRAME_INSERT_COST (frame) != 0)
-    {
-      FRAME_INSERT_COST (frame) =
-	(int *) xrealloc (FRAME_INSERT_COST (frame),
-			  FRAME_LINES (frame) * sizeof (int));
-      FRAME_DELETEN_COST (frame) =
-	(int *) xrealloc (FRAME_DELETEN_COST (frame),
-			  FRAME_LINES (frame) * sizeof (int));
-      FRAME_INSERTN_COST (frame) =
-	(int *) xrealloc (FRAME_INSERTN_COST (frame),
-			  FRAME_LINES (frame) * sizeof (int));
-      FRAME_DELETE_COST (frame) =
-	(int *) xrealloc (FRAME_DELETE_COST (frame),
-			  FRAME_LINES (frame) * sizeof (int));
-    }
-  else
-    {
-      FRAME_INSERT_COST (frame) =
-	(int *) xmalloc (FRAME_LINES (frame) * sizeof (int));
-      FRAME_DELETEN_COST (frame) =
-	(int *) xmalloc (FRAME_LINES (frame) * sizeof (int));
-      FRAME_INSERTN_COST (frame) =
-	(int *) xmalloc (FRAME_LINES (frame) * sizeof (int));
-      FRAME_DELETE_COST (frame) =
-	(int *) xmalloc (FRAME_LINES (frame) * sizeof (int));
-    }
+  if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof (int) < FRAME_LINES (frame))
+    memory_full (SIZE_MAX);
+
+  FRAME_INSERT_COST (frame) =
+    (int *) xrealloc (FRAME_INSERT_COST (frame),
+		      FRAME_LINES (frame) * sizeof (int));
+  FRAME_DELETEN_COST (frame) =
+    (int *) xrealloc (FRAME_DELETEN_COST (frame),
+		      FRAME_LINES (frame) * sizeof (int));
+  FRAME_INSERTN_COST (frame) =
+    (int *) xrealloc (FRAME_INSERTN_COST (frame),
+		      FRAME_LINES (frame) * sizeof (int));
+  FRAME_DELETE_COST (frame) =
+    (int *) xrealloc (FRAME_DELETE_COST (frame),
+		      FRAME_LINES (frame) * sizeof (int));
 
   ins_del_costs (frame,
 		 ins_line_string, multi_ins_string,
author	Paul Eggert <eggert@cs.ucla.edu>	2011-07-28 18:11:37 -0700
committer	Paul Eggert <eggert@cs.ucla.edu>	2011-07-28 18:11:37 -0700
commit	1d5689025c709551296684432b04d1ad39e90c71 (patch)
tree	11b6e04dc229193ab101a0792403301fc10a44c3
parent	7d56f940979701a930cf9a7bc753fb9f39ce508b (diff)
download	emacs-1d5689025c709551296684432b04d1ad39e90c71.tar.gz emacs-1d5689025c709551296684432b04d1ad39e90c71.tar.bz2 emacs-1d5689025c709551296684432b04d1ad39e90c71.zip