On 9/21/13 12:36 AM, Andreas Schwab wrote: > Daniel Colascione writes: > >> +static >> +ptrdiff_t >> +bool_vector_payload_bytes (EMACS_INT length) >> +{ >> + EMACS_INT exact_needed_bytes; >> + EMACS_INT needed_bytes; >> + >> + exact_needed_bytes = (length + CHAR_BIT - 1) / CHAR_BIT; >> + needed_bytes = (exact_needed_bytes + sizeof (size_t) - 1) >> + / sizeof (size_t); >> + >> + needed_bytes *= sizeof (size_t); > > Please check for overflow. It can't overflow. The initial number of bits comes from a Lisp integer, which has a bit less range than an int. What exactly is the routine supposed to do if the value overflows? > Also, the return type should be EMACS_INT, > not ptrdiff_t. Well, vector_nbytes works with ptrdiff_t, and the allocation code works in EMACS_INT. I'm not sure the distinction actually matters in this case.