o5r/plan9port
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ed: new append from rob, avoids overflow in pointer arithmetic

Browse source 
R=rsc
http://codereview.appspot.com/188041
This commit is contained in:
Russ Cox 2010-01-12 11:16:14 -08:00
parent 68a6e0c0d0
commit c51c29052e
1 changed files with 14 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

24
src/cmd/ed.c
View file

@ -829,33 +829,37 @@ putfile(void)
int int
append(int (*f)(void), int *a) append(int (*f)(void), int *a)
{ {
int *a1, *a2, *rdot, nline, tl; int *a1, *a2, *rdot, nline, d;
nline = 0; nline = 0;
dot = a; dot = a;
while((*f)() == 0) { while((*f)() == 0) {
if((dol-zero) >= nlall) { if((dol-zero) >= nlall) {
nlall += 512; nlall += 512;
a1 = realloc(zero, (nlall+5)*sizeof(int*)); a1 = realloc(zero, (nlall+50)*sizeof(int*));
if(a1 == 0) { if(a1 == 0) {
error("MEM?"); error("MEM?");
rescue(); rescue();
} }
tl = a1 - zero; /* relocate pointers */ /* relocate pointers; avoid wraparound if sizeof(int) < sizeof(int*) */
zero += tl; d = addr1 - zero;
addr1 += tl; addr1 = a1 + d;
addr2 += tl; d = addr2 - zero;
dol += tl; addr2 = a1 + d;
dot += tl; d = dol - zero;
dol = a1 + d;
d = dot - zero;
dot = a1 + d;
zero = a1;
} }
tl = putline(); d = putline();
nline++; nline++;
a1 = ++dol; a1 = ++dol;
a2 = a1+1; a2 = a1+1;
rdot = ++dot; rdot = ++dot;
while(a1 > rdot) while(a1 > rdot)
*--a2 = *--a1; *--a2 = *--a1;
*rdot = tl; *rdot = d;
} }
return nline; return nline;
} }