Mercurial > emacs
comparison src/fileio.c @ 87302:591bf917aa89
(Finsert_file_contents): Fix overflow check to not
depend on undefined integer overflow.
author | Andreas Schwab <schwab@suse.de> |
---|---|
date | Sun, 16 Dec 2007 10:51:02 +0000 |
parents | b31c7731df51 |
children | d40e3ce78801 |
comparison
equal
deleted
inserted
replaced
87301:1d6e3255f024 | 87302:591bf917aa89 |
---|---|
19 along with GNU Emacs; see the file COPYING. If not, write to | 19 along with GNU Emacs; see the file COPYING. If not, write to |
20 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | 20 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, |
21 Boston, MA 02110-1301, USA. */ | 21 Boston, MA 02110-1301, USA. */ |
22 | 22 |
23 #include <config.h> | 23 #include <config.h> |
24 #include <limits.h> | |
24 | 25 |
25 #ifdef HAVE_FCNTL_H | 26 #ifdef HAVE_FCNTL_H |
26 #include <fcntl.h> | 27 #include <fcntl.h> |
27 #endif | 28 #endif |
28 | 29 |
3691 | 3692 |
3692 | 3693 |
3693 DEFUN ("insert-file-contents", Finsert_file_contents, Sinsert_file_contents, | 3694 DEFUN ("insert-file-contents", Finsert_file_contents, Sinsert_file_contents, |
3694 1, 5, 0, | 3695 1, 5, 0, |
3695 doc: /* Insert contents of file FILENAME after point. | 3696 doc: /* Insert contents of file FILENAME after point. |
3696 Returns list of absolute file name and number of characters inserted. | 3697 Returns list of absolute file name and number of characters inserted. |
3697 If second argument VISIT is non-nil, the buffer's visited filename and | 3698 If second argument VISIT is non-nil, the buffer's visited filename and |
3698 last save file modtime are set, and it is marked unmodified. If | 3699 last save file modtime are set, and it is marked unmodified. If |
3699 visiting and the file does not exist, visiting is completed before the | 3700 visiting and the file does not exist, visiting is completed before the |
3700 error is signaled. | 3701 error is signaled. |
3701 | 3702 |
3702 The optional third and fourth arguments BEG and END specify what portion | 3703 The optional third and fourth arguments BEG and END specify what portion |
3703 of the file to insert. These arguments count bytes in the file, not | 3704 of the file to insert. These arguments count bytes in the file, not |
3704 characters in the buffer. If VISIT is non-nil, BEG and END must be nil. | 3705 characters in the buffer. If VISIT is non-nil, BEG and END must be nil. |
3705 | 3706 |
3706 If optional fifth argument REPLACE is non-nil, replace the current | 3707 If optional fifth argument REPLACE is non-nil, replace the current |
3707 buffer contents (in the accessible portion) with the file contents. | 3708 buffer contents (in the accessible portion) with the file contents. |
3708 This is better than simply deleting and inserting the whole thing | 3709 This is better than simply deleting and inserting the whole thing |
3709 because (1) it preserves some marker positions and (2) it puts less data | 3710 because (1) it preserves some marker positions and (2) it puts less data |
3710 in the undo list. When REPLACE is non-nil, the second return value is | 3711 in the undo list. When REPLACE is non-nil, the second return value is |
3711 the number of characters that replace previous buffer contents. | 3712 the number of characters that replace previous buffer contents. |
3712 | 3713 |
3713 This function does code conversion according to the value of | 3714 This function does code conversion according to the value of |
3714 `coding-system-for-read' or `file-coding-system-alist', and sets the | 3715 `coding-system-for-read' or `file-coding-system-alist', and sets the |
3715 variable `last-coding-system-used' to the coding system actually used. */) | 3716 variable `last-coding-system-used' to the coding system actually used. */) |
3716 (filename, visit, beg, end, replace) | 3717 (filename, visit, beg, end, replace) |
3717 Lisp_Object filename, visit, beg, end, replace; | 3718 Lisp_Object filename, visit, beg, end, replace; |
3718 { | 3719 { |
3719 struct stat st; | 3720 struct stat st; |
3720 register int fd; | 3721 register int fd; |
3861 /* Arithmetic overflow can occur if an Emacs integer cannot | 3862 /* Arithmetic overflow can occur if an Emacs integer cannot |
3862 represent the file size, or if the calculations below | 3863 represent the file size, or if the calculations below |
3863 overflow. The calculations below double the file size | 3864 overflow. The calculations below double the file size |
3864 twice, so check that it can be multiplied by 4 safely. */ | 3865 twice, so check that it can be multiplied by 4 safely. */ |
3865 if (XINT (end) != st.st_size | 3866 if (XINT (end) != st.st_size |
3866 || ((int) st.st_size * 4) / 4 != st.st_size) | 3867 || st.st_size > INT_MAX / 4) |
3867 error ("Maximum buffer size exceeded"); | 3868 error ("Maximum buffer size exceeded"); |
3868 | 3869 |
3869 /* The file size returned from stat may be zero, but data | 3870 /* The file size returned from stat may be zero, but data |
3870 may be readable nonetheless, for example when this is a | 3871 may be readable nonetheless, for example when this is a |
3871 file in the /proc filesystem. */ | 3872 file in the /proc filesystem. */ |