diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2011-04-12 22:02:54 -0700 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2011-04-12 22:02:54 -0700 |
| commit | 273a5f82856e545365fbf9278bd739cb6c5aa35e (patch) | |
| tree | bd7ce9c14b199db74fd95b29fc97bf07fd633eb9 /src/process.c | |
| parent | 3e047f51d5ad36df46d553d1090e28f546af9382 (diff) | |
| download | emacs-273a5f82856e545365fbf9278bd739cb6c5aa35e.tar.gz emacs-273a5f82856e545365fbf9278bd739cb6c5aa35e.tar.bz2 emacs-273a5f82856e545365fbf9278bd739cb6c5aa35e.zip | |
emacs_write: Return size_t, not ssize_t, to avoid overflow issues.
* gnutls.c, gnutls.h (emacs_gnutls_write): Return size_t, not ssize_t.
* sysdep.c, lisp.h (emacs_write): Likewise.
Without the above change, emacs_gnutls_write and emacs_write had
undefined behavior and would typically mistakenly report an error
when writing a buffer whose size exceeds SSIZE_MAX.
(emacs_read, emacs_write): Remove check for negative size, as the
Emacs source code has been audited now.
(emacs_write): Adjust to new signature, making the code look more
like that of emacs_gnutls_write.
* process.c (send_process): Adjust to the new signatures of
emacs_write and emacs_gnutls_write. Do not attempt to store
a byte offset into an 'int'; it might overflow.
Diffstat (limited to 'src/process.c')
| -rw-r--r-- | src/process.c | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/src/process.c b/src/process.c index 624610069d8..2eed7b4654f 100644 --- a/src/process.c +++ b/src/process.c @@ -5367,6 +5367,7 @@ send_process (volatile Lisp_Object proc, const char *volatile buf, /* Send this batch, using one or more write calls. */ while (this > 0) { + size_t written = 0; int outfd = p->outfd; old_sigpipe = (void (*) (int)) signal (SIGPIPE, send_process_trap); #ifdef DATAGRAM_SOCKETS @@ -5375,7 +5376,9 @@ send_process (volatile Lisp_Object proc, const char *volatile buf, rv = sendto (outfd, buf, this, 0, datagram_address[outfd].sa, datagram_address[outfd].len); - if (rv < 0 && errno == EMSGSIZE) + if (0 <= rv) + written = rv; + else if (errno == EMSGSIZE) { signal (SIGPIPE, old_sigpipe); report_file_error ("sending datagram", @@ -5387,12 +5390,13 @@ send_process (volatile Lisp_Object proc, const char *volatile buf, { #ifdef HAVE_GNUTLS if (XPROCESS (proc)->gnutls_p) - rv = emacs_gnutls_write (outfd, - XPROCESS (proc), - buf, this); + written = emacs_gnutls_write (outfd, + XPROCESS (proc), + buf, this); else #endif - rv = emacs_write (outfd, buf, this); + written = emacs_write (outfd, buf, this); + rv = (written == this ? 0 : -1); #ifdef ADAPTIVE_READ_BUFFERING if (p->read_output_delay > 0 && p->adaptive_read_buffering == 1) @@ -5419,7 +5423,7 @@ send_process (volatile Lisp_Object proc, const char *volatile buf, that may allow the program to finish doing output and read more. */ { - int offset = 0; + size_t offset = 0; #ifdef BROKEN_PTY_READ_AFTER_EAGAIN /* A gross hack to work around a bug in FreeBSD. @@ -5465,16 +5469,14 @@ send_process (volatile Lisp_Object proc, const char *volatile buf, offset); else if (STRINGP (object)) buf = offset + SSDATA (object); - - rv = 0; } else /* This is a real error. */ report_file_error ("writing to process", Fcons (proc, Qnil)); } - buf += rv; - len -= rv; - this -= rv; + buf += written; + len -= written; + this -= written; } } } |