diff options
| author | Russ Cox <rsc@swtch.com> | 2010-01-12 11:16:14 -0800 |
|---|---|---|
| committer | Russ Cox <rsc@swtch.com> | 2010-01-12 11:16:14 -0800 |
| commit | c51c29052ee4a356d345424249024c67c2ec05ae (patch) | |
| tree | 32d652ef581faf78b14e661aa9f2a5ea71832135 /src/cmd/ed.c | |
| parent | 68a6e0c0d03af1026f1b903bb071977543b7a939 (diff) | |
| download | plan9port-c51c29052ee4a356d345424249024c67c2ec05ae.tar.gz plan9port-c51c29052ee4a356d345424249024c67c2ec05ae.tar.bz2 plan9port-c51c29052ee4a356d345424249024c67c2ec05ae.zip | |
ed: new append from rob, avoids overflow in pointer arithmetic
R=rsc
http://codereview.appspot.com/188041
Diffstat (limited to 'src/cmd/ed.c')
| -rw-r--r-- | src/cmd/ed.c | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/src/cmd/ed.c b/src/cmd/ed.c index 77a0c27e..79b90e7e 100644 --- a/src/cmd/ed.c +++ b/src/cmd/ed.c @@ -829,33 +829,37 @@ putfile(void) int append(int (*f)(void), int *a) { - int *a1, *a2, *rdot, nline, tl; + int *a1, *a2, *rdot, nline, d; nline = 0; dot = a; while((*f)() == 0) { if((dol-zero) >= nlall) { nlall += 512; - a1 = realloc(zero, (nlall+5)*sizeof(int*)); + a1 = realloc(zero, (nlall+50)*sizeof(int*)); if(a1 == 0) { error("MEM?"); rescue(); } - tl = a1 - zero; /* relocate pointers */ - zero += tl; - addr1 += tl; - addr2 += tl; - dol += tl; - dot += tl; + /* relocate pointers; avoid wraparound if sizeof(int) < sizeof(int*) */ + d = addr1 - zero; + addr1 = a1 + d; + d = addr2 - zero; + addr2 = a1 + d; + d = dol - zero; + dol = a1 + d; + d = dot - zero; + dot = a1 + d; + zero = a1; } - tl = putline(); + d = putline(); nline++; a1 = ++dol; a2 = a1+1; rdot = ++dot; while(a1 > rdot) *--a2 = *--a1; - *rdot = tl; + *rdot = d; } return nline; } |