commit c51c29052ee4a356d345424249024c67c2ec05ae
parent 68a6e0c0d03af1026f1b903bb071977543b7a939
Author: Russ Cox <rsc@swtch.com>
Date: Tue, 12 Jan 2010 11:16:14 -0800
ed: new append from rob, avoids overflow in pointer arithmetic
R=rsc
http://codereview.appspot.com/188041
Diffstat:
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/src/cmd/ed.c b/src/cmd/ed.c
@@ -829,33 +829,37 @@ putfile(void)
int
append(int (*f)(void), int *a)
{
- int *a1, *a2, *rdot, nline, tl;
+ int *a1, *a2, *rdot, nline, d;
nline = 0;
dot = a;
while((*f)() == 0) {
if((dol-zero) >= nlall) {
nlall += 512;
- a1 = realloc(zero, (nlall+5)*sizeof(int*));
+ a1 = realloc(zero, (nlall+50)*sizeof(int*));
if(a1 == 0) {
error("MEM?");
rescue();
}
- tl = a1 - zero; /* relocate pointers */
- zero += tl;
- addr1 += tl;
- addr2 += tl;
- dol += tl;
- dot += tl;
+ /* relocate pointers; avoid wraparound if sizeof(int) < sizeof(int*) */
+ d = addr1 - zero;
+ addr1 = a1 + d;
+ d = addr2 - zero;
+ addr2 = a1 + d;
+ d = dol - zero;
+ dol = a1 + d;
+ d = dot - zero;
+ dot = a1 + d;
+ zero = a1;
}
- tl = putline();
+ d = putline();
nline++;
a1 = ++dol;
a2 = a1+1;
rdot = ++dot;
while(a1 > rdot)
*--a2 = *--a1;
- *rdot = tl;
+ *rdot = d;
}
return nline;
}
