From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Jan =?UTF-8?Q?Dj=C3=A4rv?= Newsgroups: gmane.emacs.bugs Subject: bug#9196: integer and memory overflow issues (e.g., cut-and-paste crashes Emacs) Date: Sun, 31 Jul 2011 10:57:20 +0200 Message-ID: <4E3518F0.4040002@swipnet.se> References: <4E3256E9.3020208@cs.ucla.edu> <4E3284EB.1010308@swipnet.se> <4E32DE0E.5050208@cs.ucla.edu> <4E32E490.3050002@swipnet.se> <4E332009.3090909@cs.ucla.edu> <4E339C30.9090708@swipnet.se> <4E345892.8010200@cs.ucla.edu> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: dough.gmane.org 1312102678 6215 80.91.229.12 (31 Jul 2011 08:57:58 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 31 Jul 2011 08:57:58 +0000 (UTC) Cc: 9196@debbugs.gnu.org To: Paul Eggert Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Jul 31 10:57:54 2011 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QnRqK-0004yA-U2 for geb-bug-gnu-emacs@m.gmane.org; Sun, 31 Jul 2011 10:57:53 +0200 Original-Received: from localhost ([::1]:47452 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QnRqK-0004eH-8T for geb-bug-gnu-emacs@m.gmane.org; Sun, 31 Jul 2011 04:57:52 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:58326) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QnRqH-0004e8-1s for bug-gnu-emacs@gnu.org; Sun, 31 Jul 2011 04:57:49 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QnRqF-0005rw-QU for bug-gnu-emacs@gnu.org; Sun, 31 Jul 2011 04:57:48 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:59477) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QnRqF-0005rq-Nf for bug-gnu-emacs@gnu.org; Sun, 31 Jul 2011 04:57:47 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1QnRqU-0000am-FR; Sun, 31 Jul 2011 04:58:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Jan =?UTF-8?Q?Dj=C3=A4rv?= Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 31 Jul 2011 08:58:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 9196 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 9196-submit@debbugs.gnu.org id=B9196.13121026612246 (code B ref 9196); Sun, 31 Jul 2011 08:58:02 +0000 Original-Received: (at 9196) by debbugs.gnu.org; 31 Jul 2011 08:57:41 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QnRq8-0000aB-PO for submit@debbugs.gnu.org; Sun, 31 Jul 2011 04:57:41 -0400 Original-Received: from smtprelay-h21.telenor.se ([195.54.99.196]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QnRq6-0000a3-4f for 9196@debbugs.gnu.org; Sun, 31 Jul 2011 04:57:39 -0400 Original-Received: from ipb4.telenor.se (ipb4.telenor.se [195.54.127.167]) by smtprelay-h21.telenor.se (Postfix) with ESMTP id 83688EB51C for <9196@debbugs.gnu.org>; Sun, 31 Jul 2011 10:57:21 +0200 (CEST) X-SENDER-IP: [85.225.45.26] X-LISTENER: [smtp.bredband.net] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AtpiABgYNU5V4S0aPGdsb2JhbABBDoQ5hEeeVQsBAQEBHhkNJYFAAQEFIxUeIgEQCxoCBRYLAgIJAwIBAgEbDAoUBg0BBwEBh2quKZARgSuEB4EQBJgCiyY5 X-IronPort-AV: E=Sophos;i="4.67,295,1309730400"; d="scan'208";a="1751080957" Original-Received: from c-1a2de155.25-1-64736c10.cust.bredbandsbolaget.se (HELO coolsville.localdomain) ([85.225.45.26]) by ipb4.telenor.se with ESMTP; 31 Jul 2011 10:57:21 +0200 Original-Received: from [172.20.199.13] (zeplin [172.20.199.13]) by coolsville.localdomain (Postfix) with ESMTPSA id 91F037FA059; Sun, 31 Jul 2011 10:57:20 +0200 (CEST) User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:5.0) Gecko/20110624 Thunderbird/5.0 In-Reply-To: <4E345892.8010200@cs.ucla.edu> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Sun, 31 Jul 2011 04:58:02 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 1) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:49738 Archived-At: Paul Eggert skrev 2011-07-30 21:16: > I take your point that the checks add clutter, so I'll > revise the patch to address that problem, by adding a > couple of memory allocators that do the proper overflow > checking internally, so that callers don't need to > test for integer overflow. > > This will take a bit of time to prepare and test, so > please bear with me, but to give you a feel here's a draft > of the revised patch to xgselect.c. This simplifies > xgselect.c compared to what's in the trunk now. > That is a good approach, very nice. > --- src/xgselect.c 2011-07-01 09:18:46 +0000 > +++ src/xgselect.c 2011-07-30 18:19:51 +0000 > @@ -54,10 +54,8 @@ > do { > if (n_gfds> gfds_size) > { > - while (n_gfds> gfds_size) > - gfds_size *= 2; > xfree (gfds); > - gfds = xmalloc (sizeof (*gfds) * gfds_size); > + gfds = xpmalloc (&gfds_size, n_gfds - gfds_size, INT_MAX, sizeof *gfds); > } > > n_gfds = g_main_context_query (context, > Jan D.