Mercurial > emacs
comparison src/fileio.c @ 87302:591bf917aa89
(Finsert_file_contents): Fix overflow check to not
depend on undefined integer overflow.
| author | Andreas Schwab <schwab@suse.de> |
|---|---|
| date | Sun, 16 Dec 2007 10:51:02 +0000 |
| parents | b31c7731df51 |
| children | d40e3ce78801 |
comparison
equal
deleted
inserted
replaced
| 87301:1d6e3255f024 | 87302:591bf917aa89 |
|---|---|
| 19 along with GNU Emacs; see the file COPYING. If not, write to | 19 along with GNU Emacs; see the file COPYING. If not, write to |
| 20 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | 20 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, |
| 21 Boston, MA 02110-1301, USA. */ | 21 Boston, MA 02110-1301, USA. */ |
| 22 | 22 |
| 23 #include <config.h> | 23 #include <config.h> |
| 24 #include <limits.h> | |
| 24 | 25 |
| 25 #ifdef HAVE_FCNTL_H | 26 #ifdef HAVE_FCNTL_H |
| 26 #include <fcntl.h> | 27 #include <fcntl.h> |
| 27 #endif | 28 #endif |
| 28 | 29 |
| 3691 | 3692 |
| 3692 | 3693 |
| 3693 DEFUN ("insert-file-contents", Finsert_file_contents, Sinsert_file_contents, | 3694 DEFUN ("insert-file-contents", Finsert_file_contents, Sinsert_file_contents, |
| 3694 1, 5, 0, | 3695 1, 5, 0, |
| 3695 doc: /* Insert contents of file FILENAME after point. | 3696 doc: /* Insert contents of file FILENAME after point. |
| 3696 Returns list of absolute file name and number of characters inserted. | 3697 Returns list of absolute file name and number of characters inserted. |
| 3697 If second argument VISIT is non-nil, the buffer's visited filename and | 3698 If second argument VISIT is non-nil, the buffer's visited filename and |
| 3698 last save file modtime are set, and it is marked unmodified. If | 3699 last save file modtime are set, and it is marked unmodified. If |
| 3699 visiting and the file does not exist, visiting is completed before the | 3700 visiting and the file does not exist, visiting is completed before the |
| 3700 error is signaled. | 3701 error is signaled. |
| 3701 | 3702 |
| 3702 The optional third and fourth arguments BEG and END specify what portion | 3703 The optional third and fourth arguments BEG and END specify what portion |
| 3703 of the file to insert. These arguments count bytes in the file, not | 3704 of the file to insert. These arguments count bytes in the file, not |
| 3704 characters in the buffer. If VISIT is non-nil, BEG and END must be nil. | 3705 characters in the buffer. If VISIT is non-nil, BEG and END must be nil. |
| 3705 | 3706 |
| 3706 If optional fifth argument REPLACE is non-nil, replace the current | 3707 If optional fifth argument REPLACE is non-nil, replace the current |
| 3707 buffer contents (in the accessible portion) with the file contents. | 3708 buffer contents (in the accessible portion) with the file contents. |
| 3708 This is better than simply deleting and inserting the whole thing | 3709 This is better than simply deleting and inserting the whole thing |
| 3709 because (1) it preserves some marker positions and (2) it puts less data | 3710 because (1) it preserves some marker positions and (2) it puts less data |
| 3710 in the undo list. When REPLACE is non-nil, the second return value is | 3711 in the undo list. When REPLACE is non-nil, the second return value is |
| 3711 the number of characters that replace previous buffer contents. | 3712 the number of characters that replace previous buffer contents. |
| 3712 | 3713 |
| 3713 This function does code conversion according to the value of | 3714 This function does code conversion according to the value of |
| 3714 `coding-system-for-read' or `file-coding-system-alist', and sets the | 3715 `coding-system-for-read' or `file-coding-system-alist', and sets the |
| 3715 variable `last-coding-system-used' to the coding system actually used. */) | 3716 variable `last-coding-system-used' to the coding system actually used. */) |
| 3716 (filename, visit, beg, end, replace) | 3717 (filename, visit, beg, end, replace) |
| 3717 Lisp_Object filename, visit, beg, end, replace; | 3718 Lisp_Object filename, visit, beg, end, replace; |
| 3718 { | 3719 { |
| 3719 struct stat st; | 3720 struct stat st; |
| 3720 register int fd; | 3721 register int fd; |
| 3861 /* Arithmetic overflow can occur if an Emacs integer cannot | 3862 /* Arithmetic overflow can occur if an Emacs integer cannot |
| 3862 represent the file size, or if the calculations below | 3863 represent the file size, or if the calculations below |
| 3863 overflow. The calculations below double the file size | 3864 overflow. The calculations below double the file size |
| 3864 twice, so check that it can be multiplied by 4 safely. */ | 3865 twice, so check that it can be multiplied by 4 safely. */ |
| 3865 if (XINT (end) != st.st_size | 3866 if (XINT (end) != st.st_size |
| 3866 || ((int) st.st_size * 4) / 4 != st.st_size) | 3867 || st.st_size > INT_MAX / 4) |
| 3867 error ("Maximum buffer size exceeded"); | 3868 error ("Maximum buffer size exceeded"); |
| 3868 | 3869 |
| 3869 /* The file size returned from stat may be zero, but data | 3870 /* The file size returned from stat may be zero, but data |
| 3870 may be readable nonetheless, for example when this is a | 3871 may be readable nonetheless, for example when this is a |
| 3871 file in the /proc filesystem. */ | 3872 file in the /proc filesystem. */ |