From fadf4e3008c754f21e2c8539252dc415418db3ac Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Jun 2011 00:47:18 -0700 Subject: [PATCH 01/71] * buffer.c (struct sortvec.priority): Now EMACS_INT, not int. --- src/ChangeLog | 6 +++++- src/buffer.c | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index e8aa1c67d3c..98d145e6701 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2011-06-17 Paul Eggert + + * buffer.c (struct sortvec.priority): Now EMACS_INT, not int. + 2011-06-16 Paul Eggert * lisp.h: Include , for INT_MAX, LONG_MAX, LLONG_MAX. @@ -1345,7 +1349,7 @@ 2011-05-18 Christoph Scholtes * menu.c: Include limits.h (fixes the MS-Windows build broken by - revision 104625). + 2011-06-18T18:49:19Z!cyd@stupidchicken.com). 2011-05-18 Paul Eggert diff --git a/src/buffer.c b/src/buffer.c index d7adf63c98b..f21f652fa3e 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -2849,7 +2849,7 @@ struct sortvec { Lisp_Object overlay; EMACS_INT beg, end; - int priority; + EMACS_INT priority; }; static int From 8961a454e148b61750f5ef38f8047fa660941888 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Jun 2011 00:49:50 -0700 Subject: [PATCH 02/71] * buffer.c (struct sortstr.priority): Now EMACS_INT, not int. --- src/ChangeLog | 3 ++- src/buffer.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 98d145e6701..0d315bdec81 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,6 +1,7 @@ 2011-06-17 Paul Eggert - * buffer.c (struct sortvec.priority): Now EMACS_INT, not int. + * buffer.c (struct sortvec.priority, struct sortstr.priority): + Now EMACS_INT, not int. 2011-06-16 Paul Eggert diff --git a/src/buffer.c b/src/buffer.c index f21f652fa3e..898b4572450 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -2927,7 +2927,7 @@ struct sortstr { Lisp_Object string, string2; int size; - int priority; + EMACS_INT priority; }; struct sortstrlist From c20998a717f64aa6ab563f727f9eca52ab969624 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Jun 2011 00:52:35 -0700 Subject: [PATCH 03/71] * buffer.c (compare_overlays, cmp_for_strings): Avoid subtraction overflow. --- src/ChangeLog | 1 + src/buffer.c | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 0d315bdec81..0f100823919 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -2,6 +2,7 @@ * buffer.c (struct sortvec.priority, struct sortstr.priority): Now EMACS_INT, not int. + (compare_overlays, cmp_for_strings): Avoid subtraction overflow. 2011-06-16 Paul Eggert diff --git a/src/buffer.c b/src/buffer.c index 898b4572450..4487de1450d 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -2858,11 +2858,11 @@ compare_overlays (const void *v1, const void *v2) const struct sortvec *s1 = (const struct sortvec *) v1; const struct sortvec *s2 = (const struct sortvec *) v2; if (s1->priority != s2->priority) - return s1->priority - s2->priority; + return s1->priority < s2->priority ? -1 : 1; if (s1->beg != s2->beg) - return s1->beg - s2->beg; + return s1->beg < s2->beg ? -1 : 1; if (s1->end != s2->end) - return s2->end - s1->end; + return s2->end < s1->end ? -1 : 1; return 0; } @@ -2955,9 +2955,9 @@ cmp_for_strings (const void *as1, const void *as2) struct sortstr *s1 = (struct sortstr *)as1; struct sortstr *s2 = (struct sortstr *)as2; if (s1->size != s2->size) - return s2->size - s1->size; + return s2->size < s1->size ? -1 : 1; if (s1->priority != s2->priority) - return s1->priority - s2->priority; + return s1->priority < s2->priority ? -1 : 1; return 0; } From 93cb6be35e90f37078276fe60142050d9cff524a Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Jun 2011 00:57:42 -0700 Subject: [PATCH 04/71] * buffer.c (struct sortstr.size, record_overlay_string): Don't truncate size to int. --- src/ChangeLog | 1 + src/buffer.c | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 0f100823919..fcb6f66c279 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -3,6 +3,7 @@ * buffer.c (struct sortvec.priority, struct sortstr.priority): Now EMACS_INT, not int. (compare_overlays, cmp_for_strings): Avoid subtraction overflow. + (struct sortstr.size, record_overlay_string): Don't truncate size to int. 2011-06-16 Paul Eggert diff --git a/src/buffer.c b/src/buffer.c index 4487de1450d..90a10ec2a34 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -2926,7 +2926,7 @@ sort_overlays (Lisp_Object *overlay_vec, int noverlays, struct window *w) struct sortstr { Lisp_Object string, string2; - int size; + ptrdiff_t size; EMACS_INT priority; }; @@ -2962,7 +2962,8 @@ cmp_for_strings (const void *as1, const void *as2) } static void -record_overlay_string (struct sortstrlist *ssl, Lisp_Object str, Lisp_Object str2, Lisp_Object pri, int size) +record_overlay_string (struct sortstrlist *ssl, Lisp_Object str, + Lisp_Object str2, Lisp_Object pri, ptrdiff_t size) { EMACS_INT nbytes; From 67c36fce599fc28e5ae3eca371d034c600265dd2 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Jun 2011 01:10:34 -0700 Subject: [PATCH 05/71] * buffer.c (record_overlay_string): Check for size-calculation overflow. (struct sortstrlist.size, struct sortlist.used): Don't truncate size to int. --- src/ChangeLog | 5 ++++- src/buffer.c | 9 ++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index fcb6f66c279..a82ba93320a 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -3,7 +3,10 @@ * buffer.c (struct sortvec.priority, struct sortstr.priority): Now EMACS_INT, not int. (compare_overlays, cmp_for_strings): Avoid subtraction overflow. - (struct sortstr.size, record_overlay_string): Don't truncate size to int. + (struct sortstr.size, record_overlay_string) + (struct sortstrlist.size, struct sortlist.used): + Don't truncate size to int. + (record_overlay_string): Check for size-calculation overflow. 2011-06-16 Paul Eggert diff --git a/src/buffer.c b/src/buffer.c index 90a10ec2a34..93f739c0d4b 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -2933,8 +2933,8 @@ struct sortstr struct sortstrlist { struct sortstr *buf; /* An array that expands as needed; never freed. */ - int size; /* Allocated length of that array. */ - int used; /* How much of the array is currently in use. */ + ptrdiff_t size; /* Allocated length of that array. */ + ptrdiff_t used; /* How much of the array is currently in use. */ EMACS_INT bytes; /* Total length of the strings in buf. */ }; @@ -2969,7 +2969,10 @@ record_overlay_string (struct sortstrlist *ssl, Lisp_Object str, if (ssl->used == ssl->size) { - if (ssl->buf) + if (min (PTRDIFF_MAX, SIZE_MAX) / (sizeof (struct sortstr) * 2) + < ssl->size) + memory_full (SIZE_MAX); + else if (0 < ssl->size) ssl->size *= 2; else ssl->size = 5; From d6202519ae0dfb7421b64f823a0aaa54e1fc5951 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Jun 2011 01:14:30 -0700 Subject: [PATCH 06/71] * buffer.c: Include . (init_buffer_once): Check at compile-time, not run-time. --- src/ChangeLog | 4 +++- src/buffer.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index a82ba93320a..aa605cb7559 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,12 +1,14 @@ 2011-06-17 Paul Eggert - * buffer.c (struct sortvec.priority, struct sortstr.priority): + * buffer.c: Include . + (struct sortvec.priority, struct sortstr.priority): Now EMACS_INT, not int. (compare_overlays, cmp_for_strings): Avoid subtraction overflow. (struct sortstr.size, record_overlay_string) (struct sortstrlist.size, struct sortlist.used): Don't truncate size to int. (record_overlay_string): Check for size-calculation overflow. + (init_buffer_once): Check at compile-time, not run-time. 2011-06-16 Paul Eggert diff --git a/src/buffer.c b/src/buffer.c index 93f739c0d4b..fd51f50dcac 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -27,6 +27,8 @@ along with GNU Emacs. If not, see . */ #include #include +#include + #include "lisp.h" #include "intervals.h" #include "window.h" @@ -4975,7 +4977,7 @@ init_buffer_once (void) The local flag bits are in the local_var_flags slot of the buffer. */ /* Nothing can work if this isn't true */ - if (sizeof (EMACS_INT) != sizeof (Lisp_Object)) abort (); + { verify (sizeof (EMACS_INT) == sizeof (Lisp_Object)); } /* 0 means not a lisp var, -1 means always local, else mask */ memset (&buffer_local_flags, 0, sizeof buffer_local_flags); From 0703a717821d3e1d0ee2b0b5f5f42c55fa97210f Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Jun 2011 01:17:29 -0700 Subject: [PATCH 07/71] * category.h (CATEGORY_SET_P): Remove unnecessary cast to EMACS_INT. --- src/ChangeLog | 2 ++ src/category.h | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index aa605cb7559..4b31db3e26a 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-17 Paul Eggert + * category.h (CATEGORY_SET_P): Remove unnecessary cast to EMACS_INT. + * buffer.c: Include . (struct sortvec.priority, struct sortstr.priority): Now EMACS_INT, not int. diff --git a/src/category.h b/src/category.h index eacd89ce2cb..737198cc964 100644 --- a/src/category.h +++ b/src/category.h @@ -62,7 +62,7 @@ along with GNU Emacs. If not, see . */ #define XCATEGORY_SET XBOOL_VECTOR #define CATEGORY_SET_P(x) \ - (BOOL_VECTOR_P ((x)) && (EMACS_INT) (XBOOL_VECTOR ((x))->size) == 128) + (BOOL_VECTOR_P (x) && XBOOL_VECTOR (x)->size == 128) /* Return a new empty category set. */ #define MAKE_CATEGORY_SET (Fmake_bool_vector (make_number (128), Qnil)) From 5eb55db9877dd34455e40f8836f50f3496abcbae Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Jun 2011 01:27:36 -0700 Subject: [PATCH 08/71] * composite.c: Don't truncate sizes to 'int'. (composition_gstring_p, composition_reseat_it) (composition_adjust_point): Use EMACS_INT, not int. --- src/ChangeLog | 4 ++++ src/composite.c | 7 +++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 4b31db3e26a..6ff0fe49307 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,9 @@ 2011-06-17 Paul Eggert + * composite.c: Don't truncate sizes to 'int'. + (composition_gstring_p, composition_reseat_it) + (composition_adjust_point): Use EMACS_INT, not int. + * category.h (CATEGORY_SET_P): Remove unnecessary cast to EMACS_INT. * buffer.c: Include . diff --git a/src/composite.c b/src/composite.c index 51b7669cb4f..10946835705 100644 --- a/src/composite.c +++ b/src/composite.c @@ -705,7 +705,7 @@ int composition_gstring_p (Lisp_Object gstring) { Lisp_Object header; - int i; + EMACS_INT i; if (! VECTORP (gstring) || ASIZE (gstring) < 2) return 0; @@ -1252,7 +1252,7 @@ composition_reseat_it (struct composition_it *cmp_it, EMACS_INT charpos, EMACS_I { Lisp_Object lgstring = Qnil; Lisp_Object val, elt; - int i; + EMACS_INT i; val = CHAR_TABLE_REF (Vcomposition_function_table, cmp_it->ch); for (i = 0; i < cmp_it->rule_idx; i++, val = XCDR (val)); @@ -1685,9 +1685,8 @@ find_automatic_composition (EMACS_INT pos, EMACS_INT limit, EMACS_INT composition_adjust_point (EMACS_INT last_pt, EMACS_INT new_pt) { - EMACS_INT beg, end; + EMACS_INT i, beg, end; Lisp_Object val; - int i; if (new_pt == BEGV || new_pt == ZV) return new_pt; From 7d100a81b7b1127f55cd1033ce5a6ce2d350ba19 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Jun 2011 12:45:29 -0700 Subject: [PATCH 09/71] * composite.c (get_composition_id, composition_gstring_put_cache): Use EMACS_INT, not EMACS_UINT, for indexes. --- src/ChangeLog | 2 ++ src/composite.c | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 6ff0fe49307..f9ed0c6cfc7 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -3,6 +3,8 @@ * composite.c: Don't truncate sizes to 'int'. (composition_gstring_p, composition_reseat_it) (composition_adjust_point): Use EMACS_INT, not int. + (get_composition_id, composition_gstring_put_cache): Use EMACS_INT, + not EMACS_UINT, for indexes. * category.h (CATEGORY_SET_P): Remove unnecessary cast to EMACS_INT. diff --git a/src/composite.c b/src/composite.c index 10946835705..1bc7b435e11 100644 --- a/src/composite.c +++ b/src/composite.c @@ -285,7 +285,7 @@ get_composition_id (EMACS_INT charpos, EMACS_INT bytepos, EMACS_INT nchars, && VECTORP (AREF (components, 0))) { /* COMPONENTS is a glyph-string. */ - EMACS_UINT len = ASIZE (key); + EMACS_INT len = ASIZE (key); for (i = 1; i < len; i++) if (! VECTORP (AREF (key, i))) @@ -293,7 +293,7 @@ get_composition_id (EMACS_INT charpos, EMACS_INT bytepos, EMACS_INT nchars, } else if (VECTORP (components) || CONSP (components)) { - EMACS_UINT len = ASIZE (key); + EMACS_INT len = ASIZE (key); /* The number of elements should be odd. */ if ((len % 2) == 0) @@ -673,7 +673,7 @@ composition_gstring_put_cache (Lisp_Object gstring, EMACS_INT len) hash = h->hashfn (h, header); if (len < 0) { - EMACS_UINT j, glyph_len = LGSTRING_GLYPH_LEN (gstring); + EMACS_INT j, glyph_len = LGSTRING_GLYPH_LEN (gstring); for (j = 0; j < glyph_len; j++) if (NILP (LGSTRING_GLYPH (gstring, j))) break; From 76031fad32560b8a47739bd57b02c762e39ec27d Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Jun 2011 12:49:04 -0700 Subject: [PATCH 10/71] * xdisp.c (init_iterator): Use XINT, not XFASTINT; it might be < 0. --- src/ChangeLog | 2 ++ src/xdisp.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index f9ed0c6cfc7..d88aa4929ca 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-17 Paul Eggert + * xdisp.c (init_iterator): Use XINT, not XFASTINT; it might be < 0. + * composite.c: Don't truncate sizes to 'int'. (composition_gstring_p, composition_reseat_it) (composition_adjust_point): Use EMACS_INT, not int. diff --git a/src/xdisp.c b/src/xdisp.c index 5a0b0060fa3..2694bb4848d 100644 --- a/src/xdisp.c +++ b/src/xdisp.c @@ -2385,7 +2385,7 @@ init_iterator (struct it *it, struct window *w, is invisible. >0 means lines indented more than this value are invisible. */ it->selective = (INTEGERP (BVAR (current_buffer, selective_display)) - ? XFASTINT (BVAR (current_buffer, selective_display)) + ? XINT (BVAR (current_buffer, selective_display)) : (!NILP (BVAR (current_buffer, selective_display)) ? -1 : 0)); it->selective_display_ellipsis_p From 87830974757826249b19187e645d4965ea084273 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Jun 2011 12:55:19 -0700 Subject: [PATCH 11/71] * dispextern.h (struct it.selective): Now EMACS_INT, not int. * xdisp.c (forward_to_next_line_start) (back_to_previous_visible_line_start) (reseat_at_next_visible_line_start, next_element_from_buffer): Don't arbitrarily truncate the value of 'selective' to int. --- src/ChangeLog | 6 ++++++ src/dispextern.h | 2 +- src/xdisp.c | 9 +++++---- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index d88aa4929ca..70bdbeea3b2 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,11 @@ 2011-06-17 Paul Eggert + * dispextern.h (struct it.selective): Now EMACS_INT, not int. + * xdisp.c (forward_to_next_line_start) + (back_to_previous_visible_line_start) + (reseat_at_next_visible_line_start, next_element_from_buffer): + Don't arbitrarily truncate the value of 'selective' to int. + * xdisp.c (init_iterator): Use XINT, not XFASTINT; it might be < 0. * composite.c: Don't truncate sizes to 'int'. diff --git a/src/dispextern.h b/src/dispextern.h index 0ededf33ac6..774c880fee8 100644 --- a/src/dispextern.h +++ b/src/dispextern.h @@ -2259,7 +2259,7 @@ struct it /* -1 means selective display hides everything between a \r and the next newline; > 0 means hide lines indented more than that value. */ - int selective; + EMACS_INT selective; /* An enumeration describing what the next display element is after a call to get_next_display_element. */ diff --git a/src/xdisp.c b/src/xdisp.c index 2694bb4848d..c71acf88719 100644 --- a/src/xdisp.c +++ b/src/xdisp.c @@ -5179,7 +5179,8 @@ back_to_previous_line_start (struct it *it) static int forward_to_next_line_start (struct it *it, int *skipped_p) { - int old_selective, newline_found_p, n; + EMACS_INT old_selective; + int newline_found_p, n; const int MAX_NEWLINE_DISTANCE = 500; /* If already on a newline, just consume it to avoid unintended @@ -5271,7 +5272,7 @@ back_to_previous_visible_line_start (struct it *it) invisible. */ if (it->selective > 0 && indented_beyond_p (IT_CHARPOS (*it), IT_BYTEPOS (*it), - (double) it->selective)) /* iftc */ + it->selective)) continue; /* Check the newline before point for invisibility. */ @@ -5365,7 +5366,7 @@ reseat_at_next_visible_line_start (struct it *it, int on_newline_p) if (it->selective > 0) while (IT_CHARPOS (*it) < ZV && indented_beyond_p (IT_CHARPOS (*it), IT_BYTEPOS (*it), - (double) it->selective)) /* iftc */ + it->selective)) { xassert (IT_BYTEPOS (*it) == BEGV || FETCH_BYTE (IT_BYTEPOS (*it) - 1) == '\n'); @@ -6813,7 +6814,7 @@ next_element_from_buffer (struct it *it) && IT_CHARPOS (*it) + 1 < ZV && indented_beyond_p (IT_CHARPOS (*it) + 1, IT_BYTEPOS (*it) + 1, - (double) it->selective)) /* iftc */ + it->selective)) { success_p = next_element_from_ellipsis (it); it->dpvec_char_len = -1; From e39e811eb8c4058facadcc0beea5565f0ef3bbc2 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 17 Jun 2011 22:51:59 -0700 Subject: [PATCH 12/71] * dispextern.h (struct it.overlay_strings_charpos): EMACS_INT, not int. --- src/ChangeLog | 4 ++++ src/dispextern.h | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index 70bdbeea3b2..79d9b636e09 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2011-06-18 Paul Eggert + + * dispextern.h (struct it.overlay_strings_charpos): EMACS_INT, not int. + 2011-06-17 Paul Eggert * dispextern.h (struct it.selective): Now EMACS_INT, not int. diff --git a/src/dispextern.h b/src/dispextern.h index 774c880fee8..227d5ed58e3 100644 --- a/src/dispextern.h +++ b/src/dispextern.h @@ -2183,7 +2183,7 @@ struct it be set at the same time as n_overlay_strings. It is needed because we show before-strings at the start of invisible text; see handle_invisible_prop in xdisp.c. */ - int overlay_strings_charpos; + EMACS_INT overlay_strings_charpos; /* Vector of overlays to process. Overlay strings are processed OVERLAY_STRING_CHUNK_SIZE at a time. */ From a498d7f4f8ce688079d32cac4858ba78d2a9081e Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 08:08:31 -0700 Subject: [PATCH 13/71] * fns.c (concat): Catch string overflow earlier. Do not rely on integer wraparound. --- src/ChangeLog | 3 +++ src/fns.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 79d9b636e09..b9cf18cedd9 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,8 @@ 2011-06-18 Paul Eggert + * fns.c (concat): Catch string overflow earlier. + Do not rely on integer wraparound. + * dispextern.h (struct it.overlay_strings_charpos): EMACS_INT, not int. 2011-06-17 Paul Eggert diff --git a/src/fns.c b/src/fns.c index a19c886e3e1..4c1505ab0f1 100644 --- a/src/fns.c +++ b/src/fns.c @@ -565,8 +565,8 @@ concat (ptrdiff_t nargs, Lisp_Object *args, } result_len += len; - if (result_len < 0) - error ("String overflow"); + if (STRING_BYTES_BOUND < result_len) + string_overflow (); } if (! some_multibyte) From c0c1ee9f77d41298cd3b576fdf8b97e5d8d87e17 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 08:39:24 -0700 Subject: [PATCH 14/71] * alloc.c (Fmake_bool_vector): Avoid unnecessary multiplication. --- src/ChangeLog | 2 ++ src/alloc.c | 12 +++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index b9cf18cedd9..80626bc0c2a 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-18 Paul Eggert + * alloc.c (Fmake_bool_vector): Avoid unnecessary multiplication. + * fns.c (concat): Catch string overflow earlier. Do not rely on integer wraparound. diff --git a/src/alloc.c b/src/alloc.c index 00d330c1b6a..69623d103c3 100644 --- a/src/alloc.c +++ b/src/alloc.c @@ -2257,12 +2257,14 @@ LENGTH must be a number. INIT matters only in whether it is t or nil. */) p = XBOOL_VECTOR (val); p->size = XFASTINT (length); - memset (p->data, NILP (init) ? 0 : -1, length_in_chars); + if (length_in_chars) + { + memset (p->data, ! NILP (init) ? -1 : 0, length_in_chars); - /* Clear the extraneous bits in the last byte. */ - if (XINT (length) != length_in_chars * BOOL_VECTOR_BITS_PER_CHAR) - p->data[length_in_chars - 1] - &= (1 << (XINT (length) % BOOL_VECTOR_BITS_PER_CHAR)) - 1; + /* Clear any extraneous bits in the last byte. */ + p->data[length_in_chars - 1] + &= (1 << (XINT (length) % BOOL_VECTOR_BITS_PER_CHAR)) - 1; + } return val; } From b4e50fa0d03ebc4a71f4d0057495ac2b8c391429 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 08:57:22 -0700 Subject: [PATCH 15/71] * fns.c (Ffillarray): Don't assume bool vector size fits in 'int'. --- src/ChangeLog | 2 ++ src/fns.c | 18 ++++++++---------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 80626bc0c2a..c47a6402e81 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-18 Paul Eggert + * fns.c (Ffillarray): Don't assume bool vector size fits in 'int'. + * alloc.c (Fmake_bool_vector): Avoid unnecessary multiplication. * fns.c (concat): Catch string overflow earlier. diff --git a/src/fns.c b/src/fns.c index 4c1505ab0f1..7b303ff3836 100644 --- a/src/fns.c +++ b/src/fns.c @@ -2188,19 +2188,17 @@ ARRAY is a vector, string, char-table, or bool-vector. */) else if (BOOL_VECTOR_P (array)) { register unsigned char *p = XBOOL_VECTOR (array)->data; - int size_in_chars - = ((XBOOL_VECTOR (array)->size + BOOL_VECTOR_BITS_PER_CHAR - 1) + EMACS_INT size = XBOOL_VECTOR (array)->size; + EMACS_INT size_in_chars + = ((size + BOOL_VECTOR_BITS_PER_CHAR - 1) / BOOL_VECTOR_BITS_PER_CHAR); - charval = (! NILP (item) ? -1 : 0); - for (idx = 0; idx < size_in_chars - 1; idx++) - p[idx] = charval; - if (idx < size_in_chars) + if (size_in_chars) { - /* Mask out bits beyond the vector size. */ - if (XBOOL_VECTOR (array)->size % BOOL_VECTOR_BITS_PER_CHAR) - charval &= (1 << (XBOOL_VECTOR (array)->size % BOOL_VECTOR_BITS_PER_CHAR)) - 1; - p[idx] = charval; + memset (p, ! NILP (item) ? -1 : 0, size_in_chars); + + /* Clear any extraneous bits in the last byte. */ + p[size_in_chars - 1] &= (1 << (size % BOOL_VECTOR_BITS_PER_CHAR)) - 1; } } else From f03dc6ef9f0c33552acea1713901de8c73f23b82 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 09:01:08 -0700 Subject: [PATCH 16/71] * fns.c: Use much-faster test for byte-length change. --- src/ChangeLog | 1 + src/fns.c | 14 +++++--------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index c47a6402e81..75b9327247c 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,6 +1,7 @@ 2011-06-18 Paul Eggert * fns.c (Ffillarray): Don't assume bool vector size fits in 'int'. + Use much-faster test for byte-length change. * alloc.c (Fmake_bool_vector): Avoid unnecessary multiplication. diff --git a/src/fns.c b/src/fns.c index 7b303ff3836..c308e06101f 100644 --- a/src/fns.c +++ b/src/fns.c @@ -23,6 +23,8 @@ along with GNU Emacs. If not, see . */ #include #include +#include + #include "lisp.h" #include "commands.h" #include "character.h" @@ -2167,17 +2169,11 @@ ARRAY is a vector, string, char-table, or bool-vector. */) unsigned char str[MAX_MULTIBYTE_LENGTH]; int len = CHAR_STRING (charval, str); EMACS_INT size_byte = SBYTES (array); - unsigned char *p1 = p, *endp = p + size_byte; int i; - if (size != size_byte) - while (p1 < endp) - { - int this_len = BYTES_BY_CHAR_HEAD (*p1); - if (len != this_len) - error ("Attempt to change byte length of a string"); - p1 += this_len; - } + if (INT_MULTIPLY_OVERFLOW (SCHARS (array), len) + || SCHARS (array) * len != size_byte) + error ("Attempt to change byte length of a string"); for (i = 0; i < size_byte; i++) *p++ = str[i % len]; } From 311d5d7cc63a9f2d4823066f82faeb4fb6203710 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 09:02:03 -0700 Subject: [PATCH 17/71] * fns.c: Don't assume string byte-length fits in 'int'. --- src/ChangeLog | 1 + src/fns.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index 75b9327247c..ee582c4e4a0 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -2,6 +2,7 @@ * fns.c (Ffillarray): Don't assume bool vector size fits in 'int'. Use much-faster test for byte-length change. + Don't assume string byte-length fits in 'int'. * alloc.c (Fmake_bool_vector): Avoid unnecessary multiplication. diff --git a/src/fns.c b/src/fns.c index c308e06101f..51b753b3134 100644 --- a/src/fns.c +++ b/src/fns.c @@ -2169,7 +2169,7 @@ ARRAY is a vector, string, char-table, or bool-vector. */) unsigned char str[MAX_MULTIBYTE_LENGTH]; int len = CHAR_STRING (charval, str); EMACS_INT size_byte = SBYTES (array); - int i; + EMACS_INT i; if (INT_MULTIPLY_OVERFLOW (SCHARS (array), len) || SCHARS (array) * len != size_byte) From a4cf38e4bad869b1dc6af9c0b61b3e06da157dd3 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 09:04:07 -0700 Subject: [PATCH 18/71] * fns.c: Check that character arg fits in 'int'. --- src/ChangeLog | 1 + src/fns.c | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index ee582c4e4a0..4ce871b7288 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -3,6 +3,7 @@ * fns.c (Ffillarray): Don't assume bool vector size fits in 'int'. Use much-faster test for byte-length change. Don't assume string byte-length fits in 'int'. + Check that character arg fits in 'int'. * alloc.c (Fmake_bool_vector): Avoid unnecessary multiplication. diff --git a/src/fns.c b/src/fns.c index 51b753b3134..702ecbd7c63 100644 --- a/src/fns.c +++ b/src/fns.c @@ -2141,7 +2141,6 @@ ARRAY is a vector, string, char-table, or bool-vector. */) (Lisp_Object array, Lisp_Object item) { register EMACS_INT size, idx; - int charval; if (VECTORP (array)) { @@ -2161,8 +2160,9 @@ ARRAY is a vector, string, char-table, or bool-vector. */) else if (STRINGP (array)) { register unsigned char *p = SDATA (array); - CHECK_NUMBER (item); - charval = XINT (item); + int charval; + CHECK_CHARACTER (item); + charval = XFASTINT (item); size = SCHARS (array); if (STRING_MULTIBYTE (array)) { From 436b4815ed0f616fba06a6ff3dfb44fade8b0321 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 09:07:41 -0700 Subject: [PATCH 19/71] * fns.c (Ffillarray): Use same idx as rest of code here. --- src/fns.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/fns.c b/src/fns.c index 702ecbd7c63..32d96fbc94e 100644 --- a/src/fns.c +++ b/src/fns.c @@ -2169,13 +2169,12 @@ ARRAY is a vector, string, char-table, or bool-vector. */) unsigned char str[MAX_MULTIBYTE_LENGTH]; int len = CHAR_STRING (charval, str); EMACS_INT size_byte = SBYTES (array); - EMACS_INT i; if (INT_MULTIPLY_OVERFLOW (SCHARS (array), len) || SCHARS (array) * len != size_byte) error ("Attempt to change byte length of a string"); - for (i = 0; i < size_byte; i++) - *p++ = str[i % len]; + for (idx = 0; idx < size_byte; idx++) + *p++ = str[idx % len]; } else for (idx = 0; idx < size; idx++) From 85461888af64b0a2edd1405714892a67c7a4b925 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 09:10:16 -0700 Subject: [PATCH 20/71] * fns.c (mapcar1): Declare byte as byte, for clarity. --- src/ChangeLog | 1 + src/fns.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index 4ce871b7288..e2683795934 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -4,6 +4,7 @@ Use much-faster test for byte-length change. Don't assume string byte-length fits in 'int'. Check that character arg fits in 'int'. + (mapcar1): Declare byte as byte, for clarity. * alloc.c (Fmake_bool_vector): Avoid unnecessary multiplication. diff --git a/src/fns.c b/src/fns.c index 32d96fbc94e..bbda385d927 100644 --- a/src/fns.c +++ b/src/fns.c @@ -2307,7 +2307,7 @@ mapcar1 (EMACS_INT leni, Lisp_Object *vals, Lisp_Object fn, Lisp_Object seq) { for (i = 0; i < leni; i++) { - int byte; + unsigned char byte; byte = XBOOL_VECTOR (seq)->data[i / BOOL_VECTOR_BITS_PER_CHAR]; dummy = (byte & (1 << (i % BOOL_VECTOR_BITS_PER_CHAR))) ? Qt : Qnil; dummy = call1 (fn, dummy); From ebc96716caba6515eb7bd74cca252e1a36d6c99b Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 09:15:19 -0700 Subject: [PATCH 21/71] * font.c (Ffont_shape_gstring): Don't assume glyph len fits in 'int'. --- src/ChangeLog | 2 ++ src/font.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index e2683795934..360027cfa4d 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-18 Paul Eggert + * font.c (Ffont_shape_gstring): Don't assume glyph len fits in 'int'. + * fns.c (Ffillarray): Don't assume bool vector size fits in 'int'. Use much-faster test for byte-length change. Don't assume string byte-length fits in 'int'. diff --git a/src/font.c b/src/font.c index ecb61ab6a53..4619ed68913 100644 --- a/src/font.c +++ b/src/font.c @@ -4294,7 +4294,7 @@ created glyph-string. Otherwise, the value is nil. */) { struct font *font; Lisp_Object font_object, n, glyph; - int i, j, from, to; + EMACS_INT i, j, from, to; if (! composition_gstring_p (gstring)) signal_error ("Invalid glyph-string: ", gstring); From b02c740e9d1d9669b34cac8ff093005404da41ef Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 09:19:18 -0700 Subject: [PATCH 22/71] * ftfont.c (ftfont_shape_by_flt): Use signed integers for lengths. --- src/ChangeLog | 2 ++ src/ftfont.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 360027cfa4d..fdf145d7d95 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-18 Paul Eggert + * ftfont.c (ftfont_shape_by_flt): Use signed integers for lengths. + * font.c (Ffont_shape_gstring): Don't assume glyph len fits in 'int'. * fns.c (Ffillarray): Don't assume bool vector size fits in 'int'. diff --git a/src/ftfont.c b/src/ftfont.c index 5037d54bc2f..d1effaa88a9 100644 --- a/src/ftfont.c +++ b/src/ftfont.c @@ -2385,8 +2385,8 @@ static Lisp_Object ftfont_shape_by_flt (Lisp_Object lgstring, struct font *font, FT_Face ft_face, OTF *otf, FT_Matrix *matrix) { - EMACS_UINT len = LGSTRING_GLYPH_LEN (lgstring); - EMACS_UINT i; + EMACS_INT len = LGSTRING_GLYPH_LEN (lgstring); + EMACS_INT i; struct MFLTFontFT flt_font_ft; MFLT *flt = NULL; int with_variation_selector = 0; From a9e860e1fd747a70790fc75bbcd8fc8d7256b813 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 09:20:05 -0700 Subject: [PATCH 23/71] * editfns.c: Omit unnecessary forward decls, to simplify future changes. --- src/ChangeLog | 2 ++ src/editfns.c | 14 -------------- 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index fdf145d7d95..b0a461fb108 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-18 Paul Eggert + * editfns.c: Omit unnecessary forward decls, to simplify future changes. + * ftfont.c (ftfont_shape_by_flt): Use signed integers for lengths. * font.c (Ffont_shape_gstring): Don't assume glyph len fits in 'int'. diff --git a/src/editfns.c b/src/editfns.c index 2d736bbc7e2..f0f8c9eb63f 100644 --- a/src/editfns.c +++ b/src/editfns.c @@ -86,21 +86,7 @@ extern Lisp_Object w32_get_internal_run_time (void); static void time_overflow (void) NO_RETURN; static int tm_diff (struct tm *, struct tm *); -static void find_field (Lisp_Object, Lisp_Object, Lisp_Object, - EMACS_INT *, Lisp_Object, EMACS_INT *); static void update_buffer_properties (EMACS_INT, EMACS_INT); -static Lisp_Object region_limit (int); -static size_t emacs_nmemftime (char *, size_t, const char *, - size_t, const struct tm *, int, int); -static void general_insert_function (void (*) (const char *, EMACS_INT), - void (*) (Lisp_Object, EMACS_INT, - EMACS_INT, EMACS_INT, - EMACS_INT, int), - int, ptrdiff_t, Lisp_Object *); -static Lisp_Object subst_char_in_region_unwind (Lisp_Object); -static Lisp_Object subst_char_in_region_unwind_1 (Lisp_Object); -static void transpose_markers (EMACS_INT, EMACS_INT, EMACS_INT, EMACS_INT, - EMACS_INT, EMACS_INT, EMACS_INT, EMACS_INT); static Lisp_Object Qbuffer_access_fontify_functions; static Lisp_Object Fuser_full_name (Lisp_Object); From e1528d010f497f97d660902b8a8727fc1b77f53b Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 09:45:23 -0700 Subject: [PATCH 24/71] * fns.c (Ffillarray): Don't shadow a local. --- src/fns.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/fns.c b/src/fns.c index bbda385d927..6c9e05655f6 100644 --- a/src/fns.c +++ b/src/fns.c @@ -2183,8 +2183,9 @@ ARRAY is a vector, string, char-table, or bool-vector. */) else if (BOOL_VECTOR_P (array)) { register unsigned char *p = XBOOL_VECTOR (array)->data; - EMACS_INT size = XBOOL_VECTOR (array)->size; - EMACS_INT size_in_chars + EMACS_INT size_in_chars; + size = XBOOL_VECTOR (array)->size; + size_in_chars = ((size + BOOL_VECTOR_BITS_PER_CHAR - 1) / BOOL_VECTOR_BITS_PER_CHAR); From f2ed8a709551a7125d2e024757262c5bf770766b Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 11:09:17 -0700 Subject: [PATCH 25/71] * lisp.h (lint_assume): New macro. * composite.c (composition_gstring_put_cache): * ftfont.c (ftfont_shape_by_flt): Use it to pacify GCC 4.6.0. --- src/ChangeLog | 4 ++++ src/composite.c | 1 + src/ftfont.c | 3 +++ src/lisp.h | 10 +++++++++- 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index b0a461fb108..62d6a5b4a04 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,9 @@ 2011-06-18 Paul Eggert + * lisp.h (lint_assume): New macro. + * composite.c (composition_gstring_put_cache): + * ftfont.c (ftfont_shape_by_flt): Use it to pacify GCC 4.6.0. + * editfns.c: Omit unnecessary forward decls, to simplify future changes. * ftfont.c (ftfont_shape_by_flt): Use signed integers for lengths. diff --git a/src/composite.c b/src/composite.c index 1bc7b435e11..f494f454a9c 100644 --- a/src/composite.c +++ b/src/composite.c @@ -680,6 +680,7 @@ composition_gstring_put_cache (Lisp_Object gstring, EMACS_INT len) len = j; } + lint_assume (len <= TYPE_MAXIMUM (EMACS_INT) - 2); copy = Fmake_vector (make_number (len + 2), Qnil); LGSTRING_SET_HEADER (copy, Fcopy_sequence (header)); for (i = 0; i < len; i++) diff --git a/src/ftfont.c b/src/ftfont.c index d1effaa88a9..4e313a89021 100644 --- a/src/ftfont.c +++ b/src/ftfont.c @@ -2412,7 +2412,10 @@ ftfont_shape_by_flt (Lisp_Object lgstring, struct font *font, if (CHAR_VARIATION_SELECTOR_P (c)) with_variation_selector++; } + len = i; + lint_assume (len <= TYPE_MAXIMUM (EMACS_INT) - 2); + if (with_variation_selector) { setup_otf_gstring (len); diff --git a/src/lisp.h b/src/lisp.h index 1e3036344f5..0d51fc7be71 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -3608,11 +3608,19 @@ extern void init_system_name (void); ? 0 \ : (wrong_type_argument (Qlistp, (list))), 1)) -/* Use this to suppress gcc's `...may be used before initialized' warnings. */ +/* Use this to suppress gcc's warnings. */ #ifdef lint + +/* Use CODE only if lint checking is in effect. */ # define IF_LINT(Code) Code + +/* Assume that the expression COND is true. This differs in intent + from 'assert', as it is a message from the programmer to the compiler. */ +# define lint_assume(cond) ((cond) ? (void) 0 : abort ()) + #else # define IF_LINT(Code) /* empty */ +# define lint_assume(cond) ((void) (0 && (cond))) #endif /* The ubiquitous min and max macros. */ From 45aebb64558b304b7bff7ccce370f801663291d5 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 11:12:25 -0700 Subject: [PATCH 26/71] * image.c (xbm_image_p): Don't assume stated width and height fit in int. --- src/ChangeLog | 2 ++ src/image.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 62d6a5b4a04..c034bba6fa8 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-18 Paul Eggert + * image.c (xbm_image_p): Don't assume stated width and height fit in int. + * lisp.h (lint_assume): New macro. * composite.c (composition_gstring_put_cache): * ftfont.c (ftfont_shape_by_flt): Use it to pacify GCC 4.6.0. diff --git a/src/image.c b/src/image.c index 495bfdc0eef..352f8c486e4 100644 --- a/src/image.c +++ b/src/image.c @@ -2308,7 +2308,7 @@ xbm_image_p (Lisp_Object object) else { Lisp_Object data; - int width, height; + EMACS_INT width, height; /* Entries for `:width', `:height' and `:data' must be present. */ if (!kw[XBM_WIDTH].count @@ -2324,7 +2324,7 @@ xbm_image_p (Lisp_Object object) data. */ if (VECTORP (data)) { - int i; + EMACS_INT i; /* Number of elements of the vector must be >= height. */ if (ASIZE (data) < height) From 53b2623dc0426c52b4adff4b2ddae85fd23fbc26 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 11:24:12 -0700 Subject: [PATCH 27/71] * indent.c (sane_tab_width): New function. (current_column, scan_for_column, Findent_to, position_indentation) (compute_motion): Use it. This is just for clarity. --- src/ChangeLog | 4 ++++ src/indent.c | 34 +++++++++++++++------------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index c034bba6fa8..a8fc8a8a217 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,9 @@ 2011-06-18 Paul Eggert + * indent.c (sane_tab_width): New function. + (current_column, scan_for_column, Findent_to, position_indentation) + (compute_motion): Use it. This is just for clarity. + * image.c (xbm_image_p): Don't assume stated width and height fit in int. * lisp.h (lint_assume): New macro. diff --git a/src/indent.c b/src/indent.c index 57a4548ef3c..809631786fc 100644 --- a/src/indent.c +++ b/src/indent.c @@ -318,6 +318,15 @@ invalidate_current_column (void) last_known_column_point = 0; } +/* Return a non-outlandish value for the tab width. */ + +static int +sane_tab_width (void) +{ + EMACS_INT n = XFASTINT (BVAR (current_buffer, tab_width)); + return 0 < n && n <= 1000 ? n : 8; +} + EMACS_INT current_column (void) { @@ -326,7 +335,7 @@ current_column (void) register int tab_seen; EMACS_INT post_tab; register int c; - register EMACS_INT tab_width = XINT (BVAR (current_buffer, tab_width)); + int tab_width = sane_tab_width (); int ctl_arrow = !NILP (BVAR (current_buffer, ctl_arrow)); register struct Lisp_Char_Table *dp = buffer_display_table (); @@ -356,9 +365,6 @@ current_column (void) else stop = GAP_END_ADDR; - if (tab_width <= 0 || tab_width > 1000) - tab_width = 8; - col = 0, tab_seen = 0, post_tab = 0; while (1) @@ -509,7 +515,7 @@ check_display_width (EMACS_INT pos, EMACS_INT col, EMACS_INT *endpos) static void scan_for_column (EMACS_INT *endpos, EMACS_INT *goalcol, EMACS_INT *prevcol) { - register EMACS_INT tab_width = XINT (BVAR (current_buffer, tab_width)); + int tab_width = sane_tab_width (); register int ctl_arrow = !NILP (BVAR (current_buffer, ctl_arrow)); register struct Lisp_Char_Table *dp = buffer_display_table (); int multibyte = !NILP (BVAR (current_buffer, enable_multibyte_characters)); @@ -535,7 +541,6 @@ scan_for_column (EMACS_INT *endpos, EMACS_INT *goalcol, EMACS_INT *prevcol) window = Fget_buffer_window (Fcurrent_buffer (), Qnil); w = ! NILP (window) ? XWINDOW (window) : NULL; - if (tab_width <= 0 || tab_width > 1000) tab_width = 8; memset (&cmp_it, 0, sizeof cmp_it); cmp_it.id = -1; composition_compute_stop_pos (&cmp_it, scan, scan_byte, end, Qnil); @@ -728,7 +733,7 @@ string_display_width (string, beg, end) register int tab_seen; int post_tab; register int c; - register int tab_width = XINT (current_buffer->tab_width); + int tab_width = sane_tab_width (); int ctl_arrow = !NILP (current_buffer->ctl_arrow); register struct Lisp_Char_Table *dp = buffer_display_table (); int b, e; @@ -755,8 +760,6 @@ string_display_width (string, beg, end) going backwards from point. */ stop = SDATA (string) + b; - if (tab_width <= 0 || tab_width > 1000) tab_width = 8; - col = 0, tab_seen = 0, post_tab = 0; while (1) @@ -806,7 +809,7 @@ The return value is COLUMN. */) { EMACS_INT mincol; register EMACS_INT fromcol; - register EMACS_INT tab_width = XINT (BVAR (current_buffer, tab_width)); + int tab_width = sane_tab_width (); CHECK_NUMBER (column); if (NILP (minimum)) @@ -820,8 +823,6 @@ The return value is COLUMN. */) if (fromcol == mincol) return make_number (mincol); - if (tab_width <= 0 || tab_width > 1000) tab_width = 8; - if (indent_tabs_mode) { Lisp_Object n; @@ -867,15 +868,13 @@ static EMACS_INT position_indentation (register int pos_byte) { register EMACS_INT column = 0; - register EMACS_INT tab_width = XINT (BVAR (current_buffer, tab_width)); + int tab_width = sane_tab_width (); register unsigned char *p; register unsigned char *stop; unsigned char *start; EMACS_INT next_boundary_byte = pos_byte; EMACS_INT ceiling = next_boundary_byte; - if (tab_width <= 0 || tab_width > 1000) tab_width = 8; - p = BYTE_POS_ADDR (pos_byte); /* STOP records the value of P at which we will need to think about the gap, or about invisible text, @@ -1118,7 +1117,7 @@ compute_motion (EMACS_INT from, EMACS_INT fromvpos, EMACS_INT fromhpos, int did_ register EMACS_INT pos; EMACS_INT pos_byte; register int c = 0; - register EMACS_INT tab_width = XFASTINT (BVAR (current_buffer, tab_width)); + int tab_width = sane_tab_width (); register int ctl_arrow = !NILP (BVAR (current_buffer, ctl_arrow)); register struct Lisp_Char_Table *dp = window_display_table (win); EMACS_INT selective @@ -1173,9 +1172,6 @@ compute_motion (EMACS_INT from, EMACS_INT fromvpos, EMACS_INT fromhpos, int did_ run cache, because that's based on the buffer's display table. */ width_table = 0; - if (tab_width <= 0 || tab_width > 1000) - tab_width = 8; - /* Negative width means use all available text columns. */ if (width < 0) { From abe80cc6c183fd4af85749baeb5e11f6d8f5fd50 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 11:28:32 -0700 Subject: [PATCH 28/71] * insdel.c: Omit unnecessary forward decls, to simplify future changes. --- src/ChangeLog | 3 ++- src/insdel.c | 6 ------ 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index a8fc8a8a217..7795d3dd221 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -10,7 +10,8 @@ * composite.c (composition_gstring_put_cache): * ftfont.c (ftfont_shape_by_flt): Use it to pacify GCC 4.6.0. - * editfns.c: Omit unnecessary forward decls, to simplify future changes. + * editfns.c, insdel.c: + Omit unnecessary forward decls, to simplify future changes. * ftfont.c (ftfont_shape_by_flt): Use signed integers for lengths. diff --git a/src/insdel.c b/src/insdel.c index bc95e3ad9e8..c52785cd33d 100644 --- a/src/insdel.c +++ b/src/insdel.c @@ -44,12 +44,6 @@ static void insert_from_buffer_1 (struct buffer *buf, int inherit); static void gap_left (EMACS_INT charpos, EMACS_INT bytepos, int newgap); static void gap_right (EMACS_INT charpos, EMACS_INT bytepos); -static void adjust_markers_for_insert (EMACS_INT from, EMACS_INT from_byte, - EMACS_INT to, EMACS_INT to_byte, - int before_markers); -static void adjust_markers_for_replace (EMACS_INT, EMACS_INT, EMACS_INT, - EMACS_INT, EMACS_INT, EMACS_INT); -static void adjust_point (EMACS_INT nchars, EMACS_INT nbytes); static Lisp_Object Fcombine_after_change_execute (void); From 8fcaf9cc8183ee825e4d59cb2c3471caee303c7d Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 11:29:19 -0700 Subject: [PATCH 29/71] * indent.c (Fcompute_motion): Don't assume hscroll and tab offset fit in int. --- src/ChangeLog | 1 + src/indent.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index 7795d3dd221..00c255170ee 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -3,6 +3,7 @@ * indent.c (sane_tab_width): New function. (current_column, scan_for_column, Findent_to, position_indentation) (compute_motion): Use it. This is just for clarity. + (Fcompute_motion): Don't assume hscroll and tab offset fit in int. * image.c (xbm_image_p): Don't assume stated width and height fit in int. diff --git a/src/indent.c b/src/indent.c index 809631786fc..02d99d14ded 100644 --- a/src/indent.c +++ b/src/indent.c @@ -1743,7 +1743,7 @@ visible section of the buffer, and pass LINE and COL as TOPOS. */) struct window *w; Lisp_Object bufpos, hpos, vpos, prevhpos; struct position *pos; - int hscroll, tab_offset; + EMACS_INT hscroll, tab_offset; CHECK_NUMBER_COERCE_MARKER (from); CHECK_CONS (frompos); From 15375a22fb35c7eb2799393617dec8c7dfe12cc2 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 11:32:22 -0700 Subject: [PATCH 30/71] * lisp.h (union Lisp_Object.i): EMACS_INT, not EMACS_UINT. This is for consistency with the ordinary, non-USE_LISP_UNION_TYPE, implementation. --- src/ChangeLog | 4 ++++ src/lisp.h | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 00c255170ee..63c4597f5c0 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,9 @@ 2011-06-18 Paul Eggert + * lisp.h (union Lisp_Object.i): EMACS_INT, not EMACS_UINT. + This is for consistency with the ordinary, non-USE_LISP_UNION_TYPE, + implementation. + * indent.c (sane_tab_width): New function. (current_column, scan_for_column, Findent_to, position_indentation) (compute_motion): Use it. This is just for clarity. diff --git a/src/lisp.h b/src/lisp.h index 0d51fc7be71..7c9275e6078 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -291,7 +291,7 @@ union Lisp_Object { /* Used for comparing two Lisp_Objects; also, positive integers can be accessed fast this way. */ - EMACS_UINT i; + EMACS_INT i; struct { @@ -315,7 +315,7 @@ union Lisp_Object { /* Used for comparing two Lisp_Objects; also, positive integers can be accessed fast this way. */ - EMACS_UINT i; + EMACS_INT i; struct { From b61cc01c06234b0f48b5485d7d592c1c81c05c70 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 12:08:22 -0700 Subject: [PATCH 31/71] * lisp.h (struct Lisp_Bool_Vector.size): EMACS_INT, not EMACS_UINT. We prefer signed types, and the value cannot exceed the EMACS_INT range anyway (because otherwise the length would not be representable). --- src/ChangeLog | 3 +++ src/lisp.h | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index 63c4597f5c0..04e8aeef848 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -3,6 +3,9 @@ * lisp.h (union Lisp_Object.i): EMACS_INT, not EMACS_UINT. This is for consistency with the ordinary, non-USE_LISP_UNION_TYPE, implementation. + (struct Lisp_Bool_Vector.size): EMACS_INT, not EMACS_UINT. + We prefer signed types, and the value cannot exceed the EMACS_INT + range anyway (because otherwise the length would not be representable). * indent.c (sane_tab_width): New function. (current_column, scan_for_column, Findent_to, position_indentation) diff --git a/src/lisp.h b/src/lisp.h index 7c9275e6078..108712a7894 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -1013,7 +1013,7 @@ struct Lisp_Bool_Vector just the subtype information. */ struct vectorlike_header header; /* This is the size in bits. */ - EMACS_UINT size; + EMACS_INT size; /* This contains the actual bits, packed into bytes. */ unsigned char data[1]; }; From 9a8e8d9b22be9652ed2f2e8acc02e1139b34d9dd Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 12:13:46 -0700 Subject: [PATCH 32/71] * lisp.h (XSET) [USE_LISP_UNION_TYPE]: Use uintptr_t and intptr_t, not EMACS_UINT and EMACS_INT, when converting pointer to integer. This avoids a GCC warning when WIDE_EMACS_INT. --- src/ChangeLog | 3 +++ src/lisp.h | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 04e8aeef848..aa0a0a39bb8 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -6,6 +6,9 @@ (struct Lisp_Bool_Vector.size): EMACS_INT, not EMACS_UINT. We prefer signed types, and the value cannot exceed the EMACS_INT range anyway (because otherwise the length would not be representable). + (XSET) [USE_LISP_UNION_TYPE]: Use uintptr_t and intptr_t, + not EMACS_UINT and EMACS_INT, when converting pointer to integer. + This avoids a GCC warning when WIDE_EMACS_INT. * indent.c (sane_tab_width): New function. (current_column, scan_for_column, Findent_to, position_indentation) diff --git a/src/lisp.h b/src/lisp.h index 108712a7894..2dcf73b7506 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -494,8 +494,8 @@ enum pvec_type #ifdef USE_LSB_TAG # define XSET(var, vartype, ptr) \ - (eassert ((((EMACS_UINT) (ptr)) & ((1 << GCTYPEBITS) - 1)) == 0), \ - (var).u.val = ((EMACS_UINT) (ptr)) >> GCTYPEBITS, \ + (eassert ((((uintptr_t) (ptr)) & ((1 << GCTYPEBITS) - 1)) == 0), \ + (var).u.val = ((uintptr_t) (ptr)) >> GCTYPEBITS, \ (var).u.type = ((char) (vartype))) /* Some versions of gcc seem to consider the bitfield width when issuing @@ -512,7 +512,7 @@ enum pvec_type # define XSETFASTINT(a, b) ((a).i = (b)) # define XSET(var, vartype, ptr) \ - (((var).s.val = ((EMACS_INT) (ptr))), ((var).s.type = ((char) (vartype)))) + (((var).s.val = ((intptr_t) (ptr))), ((var).s.type = ((char) (vartype)))) #ifdef DATA_SEG_BITS /* DATA_SEG_BITS forces extra bits to be or'd in with any pointers From eb49b13608d6cf06af52c7d9fe88928a48f48cee Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 17:06:17 -0700 Subject: [PATCH 33/71] * lisp.h (DEFUN): Remove bogus use of sizeof (struct Lisp_Subr). This didn't break anything, but it didn't help either. It's confusing to put a bogus integer in a place where the actual value does not matter. --- src/ChangeLog | 7 +++++++ src/lisp.h | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index aa0a0a39bb8..1b4edb91d1a 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,10 @@ +2011-06-19 Paul Eggert + + * lisp.h (DEFUN): Remove bogus use of sizeof (struct Lisp_Subr). + This didn't break anything, but it didn't help either. + It's confusing to put a bogus integer in a place where the actual + value does not matter. + 2011-06-18 Paul Eggert * lisp.h (union Lisp_Object.i): EMACS_INT, not EMACS_UINT. diff --git a/src/lisp.h b/src/lisp.h index 2dcf73b7506..e065bad10d0 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -1890,7 +1890,7 @@ typedef struct { #define DEFUN(lname, fnname, sname, minargs, maxargs, intspec, doc) \ Lisp_Object fnname DEFUN_ARGS_ ## maxargs ; \ static DECL_ALIGN (struct Lisp_Subr, sname) = \ - { PVEC_SUBR | (sizeof (struct Lisp_Subr) / sizeof (EMACS_INT)), \ + { PVEC_SUBR, \ { .a ## maxargs = fnname }, \ minargs, maxargs, lname, intspec, 0}; \ Lisp_Object fnname From 9f62aeb1857ab012244be221b1e6e13451fb394d Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 17:09:24 -0700 Subject: [PATCH 34/71] * lisp.h (LIST_END_P): Remove unused macro and its bogus comment. --- src/ChangeLog | 1 + src/lisp.h | 18 ------------------ 2 files changed, 1 insertion(+), 18 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 1b4edb91d1a..2bf6cc82997 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -4,6 +4,7 @@ This didn't break anything, but it didn't help either. It's confusing to put a bogus integer in a place where the actual value does not matter. + (LIST_END_P): Remove unused macro and its bogus comment. 2011-06-18 Paul Eggert diff --git a/src/lisp.h b/src/lisp.h index e065bad10d0..54c509125f8 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -3590,24 +3590,6 @@ extern void init_system_name (void); #define SWITCH_ENUM_CAST(x) (x) -/* Loop over Lisp list LIST. Signal an error if LIST is not a proper - list, or if it contains circles. - - HARE and TORTOISE should be the names of Lisp_Object variables, and - N should be the name of an EMACS_INT variable declared in the - function where the macro is used. Each nested loop should use - its own variables. - - In the loop body, HARE is set to each cons of LIST, and N is the - length of the list processed so far. */ - -#define LIST_END_P(list, obj) \ - (NILP (obj) \ - ? 1 \ - : (CONSP (obj) \ - ? 0 \ - : (wrong_type_argument (Qlistp, (list))), 1)) - /* Use this to suppress gcc's warnings. */ #ifdef lint From cbeff735d291da31ca3c5ae61d2c5698b62b26e8 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 17:11:45 -0700 Subject: [PATCH 35/71] * lisp.h (make_fixnum_or_float): Remove unnecessary cast to EMACS_INT. --- src/ChangeLog | 1 + src/lisp.h | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 2bf6cc82997..45fe3194744 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -5,6 +5,7 @@ It's confusing to put a bogus integer in a place where the actual value does not matter. (LIST_END_P): Remove unused macro and its bogus comment. + (make_fixnum_or_float): Remove unnecessary cast to EMACS_INT. 2011-06-18 Paul Eggert diff --git a/src/lisp.h b/src/lisp.h index 54c509125f8..99a276c805c 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -3625,9 +3625,7 @@ extern void init_system_name (void); fixnum. */ #define make_fixnum_or_float(val) \ - (FIXNUM_OVERFLOW_P (val) \ - ? make_float (val) \ - : make_number ((EMACS_INT)(val))) + (FIXNUM_OVERFLOW_P (val) ? make_float (val) : make_number (val)) /* Checks the `cycle check' variable CHECK to see if it indicates that From e4d29b3382b1a6f3b09e9d5d073493e909540593 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 18:31:41 -0700 Subject: [PATCH 36/71] * lread.c (invalid_syntax): Omit length argument. All uses changed. This doesn't fix a bug, but it simplifies the code away from its former Hollerith-constant appearance, and it's one less 'int' to worry about when looking at integer-overflow issues. --- src/ChangeLog | 5 +++++ src/lread.c | 34 ++++++++++++++++------------------ 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 45fe3194744..2016669efc1 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,10 @@ 2011-06-19 Paul Eggert + * lread.c (invalid_syntax): Omit length argument. + All uses changed. This doesn't fix a bug, but it simplifies the + code away from its former Hollerith-constant appearance, and it's + one less 'int' to worry about when looking at integer-overflow issues. + * lisp.h (DEFUN): Remove bogus use of sizeof (struct Lisp_Subr). This didn't break anything, but it didn't help either. It's confusing to put a bogus integer in a place where the actual diff --git a/src/lread.c b/src/lread.c index b789457b223..f8db6c14192 100644 --- a/src/lread.c +++ b/src/lread.c @@ -158,7 +158,7 @@ static void readevalloop (Lisp_Object, FILE*, Lisp_Object, int, static Lisp_Object load_unwind (Lisp_Object); static Lisp_Object load_descriptor_unwind (Lisp_Object); -static void invalid_syntax (const char *, int) NO_RETURN; +static void invalid_syntax (const char *) NO_RETURN; static void end_of_file_error (void) NO_RETURN; @@ -2014,11 +2014,9 @@ read_internal_start (Lisp_Object stream, Lisp_Object start, Lisp_Object end) S is error string of length N (if > 0) */ static void -invalid_syntax (const char *s, int n) +invalid_syntax (const char *s) { - if (!n) - n = strlen (s); - xsignal1 (Qinvalid_read_syntax, make_string (s, n)); + xsignal1 (Qinvalid_read_syntax, build_string (s)); } @@ -2336,7 +2334,7 @@ read_integer (Lisp_Object readcharfun, int radix) if (! valid) { sprintf (buf, "integer, radix %d", radix); - invalid_syntax (buf, 0); + invalid_syntax (buf); } return string_to_number (buf, radix, 0); @@ -2453,7 +2451,7 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list) return ht; } UNREAD (c); - invalid_syntax ("#", 1); + invalid_syntax ("#"); } if (c == '^') { @@ -2487,9 +2485,9 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list) XSETPVECTYPE (XVECTOR (tmp), PVEC_SUB_CHAR_TABLE); return tmp; } - invalid_syntax ("#^^", 3); + invalid_syntax ("#^^"); } - invalid_syntax ("#^", 2); + invalid_syntax ("#^"); } if (c == '&') { @@ -2513,7 +2511,7 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list) version. */ && ! (XFASTINT (length) == (SCHARS (tmp) - 1) * BOOL_VECTOR_BITS_PER_CHAR))) - invalid_syntax ("#&...", 5); + invalid_syntax ("#&..."); val = Fmake_bool_vector (length, Qnil); memcpy (XBOOL_VECTOR (val)->data, SDATA (tmp), size_in_chars); @@ -2523,7 +2521,7 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list) &= (1 << (XINT (length) % BOOL_VECTOR_BITS_PER_CHAR)) - 1; return val; } - invalid_syntax ("#&...", 5); + invalid_syntax ("#&..."); } if (c == '[') { @@ -2543,7 +2541,7 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list) /* Read the string itself. */ tmp = read1 (readcharfun, &ch, 0); if (ch != 0 || !STRINGP (tmp)) - invalid_syntax ("#", 1); + invalid_syntax ("#"); GCPRO1 (tmp); /* Read the intervals and their properties. */ while (1) @@ -2559,7 +2557,7 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list) if (ch == 0) plist = read1 (readcharfun, &ch, 0); if (ch) - invalid_syntax ("Invalid string property list", 0); + invalid_syntax ("Invalid string property list"); Fset_text_properties (beg, end, plist, tmp); } UNGCPRO; @@ -2716,7 +2714,7 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list) return read_integer (readcharfun, 2); UNREAD (c); - invalid_syntax ("#", 1); + invalid_syntax ("#"); case ';': while ((c = READCHAR) >= 0 && c != '\n'); @@ -2833,7 +2831,7 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list) if (ok) return make_number (c); - invalid_syntax ("?", 1); + invalid_syntax ("?"); } case '"': @@ -3501,7 +3499,7 @@ read_list (int flag, register Lisp_Object readcharfun) { if (ch == ']') return val; - invalid_syntax (") or . in a vector", 18); + invalid_syntax (") or . in a vector"); } if (ch == ')') return val; @@ -3603,9 +3601,9 @@ read_list (int flag, register Lisp_Object readcharfun) return val; } - invalid_syntax (". in wrong context", 18); + invalid_syntax (". in wrong context"); } - invalid_syntax ("] in a list", 11); + invalid_syntax ("] in a list"); } tem = (read_pure && flag <= 0 ? pure_cons (elt, Qnil) From f14ed477b81a165cd731aa1d851a1cc0247d70b8 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 18 Jun 2011 18:35:03 -0700 Subject: [PATCH 37/71] * lread.c (string_to_number): Simplify the 2011-04-26 change by invoking xsignal1. --- src/ChangeLog | 1 + src/lread.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index 2016669efc1..c5cb08237de 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -4,6 +4,7 @@ All uses changed. This doesn't fix a bug, but it simplifies the code away from its former Hollerith-constant appearance, and it's one less 'int' to worry about when looking at integer-overflow issues. + (string_to_number): Simplify the 2011-04-26 change by invoking xsignal1. * lisp.h (DEFUN): Remove bogus use of sizeof (struct Lisp_Subr). This didn't break anything, but it didn't help either. diff --git a/src/lread.c b/src/lread.c index f8db6c14192..5f8d6b84c3c 100644 --- a/src/lread.c +++ b/src/lread.c @@ -3333,7 +3333,7 @@ string_to_number (char const *string, int base, int ignore_trailing) /* Unfortunately there's no simple and accurate way to convert non-base-10 numbers that are out of C-language range. */ if (base != 10) - xsignal (Qoverflow_error, list1 (build_string (string))); + xsignal1 (Qoverflow_error, build_string (string)); } else if (n <= (negative ? -MOST_NEGATIVE_FIXNUM : MOST_POSITIVE_FIXNUM)) { From 965d34ebb3b4226d6ace4c53cf3b15c8c4159e5c Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 11:27:58 -0700 Subject: [PATCH 38/71] * buffer.c (init_buffer): Don't assume string length fits in 'int'. --- src/ChangeLog | 2 ++ src/buffer.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index c5cb08237de..ec90bbc3325 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-19 Paul Eggert + * buffer.c (init_buffer): Don't assume string length fits in 'int'. + * lread.c (invalid_syntax): Omit length argument. All uses changed. This doesn't fix a bug, but it simplifies the code away from its former Hollerith-constant appearance, and it's diff --git a/src/buffer.c b/src/buffer.c index fd51f50dcac..fb9b15e4c70 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -5083,7 +5083,7 @@ init_buffer (void) { char *pwd; Lisp_Object temp; - int len; + ptrdiff_t len; #ifdef USE_MMAP_FOR_BUFFERS { From 989f33ba6bda51e06241f2e5a7b07f9feb435057 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 11:30:19 -0700 Subject: [PATCH 39/71] * callproc.c: Don't assume string length fits in 'int.' --- src/ChangeLog | 2 ++ src/callproc.c | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index ec90bbc3325..89d518a1a56 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-19 Paul Eggert + * callproc.c (getenv_internal_1, getenv_internal) + (Fgetenv_internal): * buffer.c (init_buffer): Don't assume string length fits in 'int'. * lread.c (invalid_syntax): Omit length argument. diff --git a/src/callproc.c b/src/callproc.c index d6bad2a44e7..fae47b7a699 100644 --- a/src/callproc.c +++ b/src/callproc.c @@ -1378,8 +1378,8 @@ relocate_fd (int fd, int minfd) #endif /* not WINDOWSNT */ static int -getenv_internal_1 (const char *var, int varlen, char **value, int *valuelen, - Lisp_Object env) +getenv_internal_1 (const char *var, ptrdiff_t varlen, char **value, + ptrdiff_t *valuelen, Lisp_Object env) { for (; CONSP (env); env = XCDR (env)) { @@ -1413,8 +1413,8 @@ getenv_internal_1 (const char *var, int varlen, char **value, int *valuelen, } static int -getenv_internal (const char *var, int varlen, char **value, int *valuelen, - Lisp_Object frame) +getenv_internal (const char *var, ptrdiff_t varlen, char **value, + ptrdiff_t *valuelen, Lisp_Object frame) { /* Try to find VAR in Vprocess_environment first. */ if (getenv_internal_1 (var, varlen, value, valuelen, @@ -1454,7 +1454,7 @@ If optional parameter ENV is a list, then search this list instead of (Lisp_Object variable, Lisp_Object env) { char *value; - int valuelen; + ptrdiff_t valuelen; CHECK_STRING (variable); if (CONSP (env)) From 573f4b54074f81bff59d5da768da2d044d358fe1 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 11:32:55 -0700 Subject: [PATCH 40/71] * dbusbind.c (XD_ERROR): Don't arbitrarily truncate string. (XD_DEBUG_MESSAGE): Don't waste a byte. --- src/ChangeLog | 3 +++ src/dbusbind.c | 13 ++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 89d518a1a56..3a7cad71c35 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,8 @@ 2011-06-19 Paul Eggert + * dbusbind.c (XD_ERROR): Don't arbitrarily truncate string. + (XD_DEBUG_MESSAGE): Don't waste a byte. + * callproc.c (getenv_internal_1, getenv_internal) (Fgetenv_internal): * buffer.c (init_buffer): Don't assume string length fits in 'int'. diff --git a/src/dbusbind.c b/src/dbusbind.c index f662d5b38a2..302b93146fd 100644 --- a/src/dbusbind.c +++ b/src/dbusbind.c @@ -111,13 +111,12 @@ static int xd_in_read_queued_messages = 0; /* Raise a Lisp error from a D-Bus ERROR. */ #define XD_ERROR(error) \ do { \ - char s[1024]; \ - strncpy (s, error.message, 1023); \ - dbus_error_free (&error); \ /* Remove the trailing newline. */ \ - if (strchr (s, '\n') != NULL) \ - s[strlen (s) - 1] = '\0'; \ - XD_SIGNAL1 (build_string (s)); \ + char const *mess = error.message; \ + char const *nl = strchr (mess, '\n'); \ + Lisp_Object err = make_string (mess, nl ? nl - mess : strlen (mess)); \ + dbus_error_free (&error); \ + XD_SIGNAL1 (err); \ } while (0) /* Macros for debugging. In order to enable them, build with @@ -126,7 +125,7 @@ static int xd_in_read_queued_messages = 0; #define XD_DEBUG_MESSAGE(...) \ do { \ char s[1024]; \ - snprintf (s, 1023, __VA_ARGS__); \ + snprintf (s, sizeof s, __VA_ARGS__); \ printf ("%s: %s\n", __func__, s); \ message ("%s: %s", __func__, s); \ } while (0) From 0b963a931c2ba66829dbdb8489fe83e100d2326c Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 11:37:51 -0700 Subject: [PATCH 41/71] * emacs.c: Don't assume string length fits in 'int'. (DEFINE_DUMMY_FUNCTION, sort_args): Use ptrdiff_t, not int. (main): Don't invoke strlen when not needed. --- src/ChangeLog | 4 ++++ src/emacs.c | 15 +++++++-------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 3a7cad71c35..cc10da99d83 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,9 @@ 2011-06-19 Paul Eggert + * emacs.c: Don't assume string length fits in 'int'. + (DEFINE_DUMMY_FUNCTION, sort_args): Use ptrdiff_t, not int. + (main): Don't invoke strlen when not needed. + * dbusbind.c (XD_ERROR): Don't arbitrarily truncate string. (XD_DEBUG_MESSAGE): Don't waste a byte. diff --git a/src/emacs.c b/src/emacs.c index d14acd63587..c4b4caad9b5 100644 --- a/src/emacs.c +++ b/src/emacs.c @@ -585,7 +585,7 @@ argmatch (char **argv, int argc, const char *sstr, const char *lstr, int minlen, char **valptr, int *skipptr) { char *p = NULL; - int arglen; + ptrdiff_t arglen; char *arg; /* Don't access argv[argc]; give up in advance. */ @@ -1087,7 +1087,7 @@ Using an Emacs configured with --with-x-toolkit=lucid does not have this problem dname_arg2[0] = '\0'; sscanf (dname_arg, "\n%d,%d\n%s", &(daemon_pipe[0]), &(daemon_pipe[1]), dname_arg2); - dname_arg = strlen (dname_arg2) ? dname_arg2 : NULL; + dname_arg = *dname_arg2 ? dname_arg2 : NULL; } #endif /* NS_IMPL_COCOA */ @@ -1846,8 +1846,7 @@ sort_args (int argc, char **argv) priority[from] = 0; if (argv[from][0] == '-') { - int match, thislen; - char *equals; + int match; /* If we have found "--", don't consider any more arguments as options. */ @@ -1879,11 +1878,11 @@ sort_args (int argc, char **argv) >= 0 (the table index of the match) if just one match so far. */ if (argv[from][1] == '-') { + char const *equals = strchr (argv[from], '='); + ptrdiff_t thislen = + equals ? equals - argv[from] : strlen (argv[from]); + match = -1; - thislen = strlen (argv[from]); - equals = strchr (argv[from], '='); - if (equals != 0) - thislen = equals - argv[from]; for (i = 0; i < sizeof (standard_args) / sizeof (standard_args[0]); i++) From 3d1e65a18ae5d6e0496f70712c693ae692749918 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 11:38:58 -0700 Subject: [PATCH 42/71] * process.c (Fformat_network_address): Use EMACS_INT, not EMACS_UINT. We prefer signed integers, even for size calculations. --- src/ChangeLog | 3 +++ src/process.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index cc10da99d83..b843dfc6965 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,8 @@ 2011-06-19 Paul Eggert + * process.c (Fformat_network_address): Use EMACS_INT, not EMACS_UINT. + We prefer signed integers, even for size calculations. + * emacs.c: Don't assume string length fits in 'int'. (DEFINE_DUMMY_FUNCTION, sort_args): Use ptrdiff_t, not int. (main): Don't invoke strlen when not needed. diff --git a/src/process.c b/src/process.c index 5a26bf43146..4151c8aeae6 100644 --- a/src/process.c +++ b/src/process.c @@ -1186,7 +1186,7 @@ Returns nil if format of ADDRESS is invalid. */) if (VECTORP (address)) /* AF_INET or AF_INET6 */ { register struct Lisp_Vector *p = XVECTOR (address); - EMACS_UINT size = p->header.size; + EMACS_INT size = p->header.size; Lisp_Object args[10]; int nargs, i; From 35016e9a4e2fe3b60cbadd94a1a2feaed8aa1484 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 11:40:02 -0700 Subject: [PATCH 43/71] * callproc.c (child_setup): Rewrite to avoid two strlen calls. --- src/ChangeLog | 2 ++ src/callproc.c | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index b843dfc6965..bcf40a4e470 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-19 Paul Eggert + * callproc.c (child_setup): Rewrite to avoid two strlen calls. + * process.c (Fformat_network_address): Use EMACS_INT, not EMACS_UINT. We prefer signed integers, even for size calculations. diff --git a/src/callproc.c b/src/callproc.c index fae47b7a699..12621c90db5 100644 --- a/src/callproc.c +++ b/src/callproc.c @@ -1230,8 +1230,7 @@ child_setup (int in, int out, int err, register char **new_argv, int set_pgrp, L if (STRINGP (display)) { - int vlen = strlen ("DISPLAY=") + strlen (SSDATA (display)) + 1; - char *vdata = (char *) alloca (vlen); + char *vdata = (char *) alloca (sizeof "DISPLAY=" + SBYTES (display)); strcpy (vdata, "DISPLAY="); strcat (vdata, SSDATA (display)); new_env = add_env (env, new_env, vdata); From 1bfdaf108fd83f2c673a50eb069e29556e2e3ca6 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 11:44:09 -0700 Subject: [PATCH 44/71] * coding.c (make_subsidiaries): Don't assume string length fits in int. --- src/ChangeLog | 2 ++ src/coding.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index bcf40a4e470..99d9cad7628 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-19 Paul Eggert + * coding.c (make_subsidiaries): Don't assume string length fits in int. + * callproc.c (child_setup): Rewrite to avoid two strlen calls. * process.c (Fformat_network_address): Use EMACS_INT, not EMACS_UINT. diff --git a/src/coding.c b/src/coding.c index 04985ab3c74..9939774ea82 100644 --- a/src/coding.c +++ b/src/coding.c @@ -9442,7 +9442,7 @@ static Lisp_Object make_subsidiaries (Lisp_Object base) { Lisp_Object subsidiaries; - int base_name_len = SBYTES (SYMBOL_NAME (base)); + ptrdiff_t base_name_len = SBYTES (SYMBOL_NAME (base)); char *buf = (char *) alloca (base_name_len + 6); int i; @@ -9450,7 +9450,7 @@ make_subsidiaries (Lisp_Object base) subsidiaries = Fmake_vector (make_number (3), Qnil); for (i = 0; i < 3; i++) { - memcpy (buf + base_name_len, suffixes[i], strlen (suffixes[i]) + 1); + strcpy (buf + base_name_len, suffixes[i]); ASET (subsidiaries, i, intern (buf)); } return subsidiaries; From f3e92b69d2fa865d82793ac41370045a85beb269 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 11:44:58 -0700 Subject: [PATCH 45/71] * data.c (Fsubr_name): Rewrite to avoid a strlen call. --- src/ChangeLog | 2 ++ src/data.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index 99d9cad7628..e5d7a81792e 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-19 Paul Eggert + * data.c (Fsubr_name): Rewrite to avoid a strlen call. + * coding.c (make_subsidiaries): Don't assume string length fits in int. * callproc.c (child_setup): Rewrite to avoid two strlen calls. diff --git a/src/data.c b/src/data.c index cf01d38036d..6b4ea32ac9e 100644 --- a/src/data.c +++ b/src/data.c @@ -703,7 +703,7 @@ SUBR must be a built-in function. */) const char *name; CHECK_SUBR (subr); name = XSUBR (subr)->symbol_name; - return make_string (name, strlen (name)); + return build_string (name); } DEFUN ("interactive-form", Finteractive_form, Sinteractive_form, 1, 1, 0, From 93f4cf88953806d319e6ab231b4d1332a227d645 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 12:06:16 -0700 Subject: [PATCH 46/71] * fileio.c: Fix some integer overflow issues. (file_name_as_directory, Fexpand_file_name, Fsubstitute_in_file_name): Don't assume string length fits in int. (directory_file_name): Don't assume string length fits in long. (make_temp_name): Don't assume pid fits in int, or that its print length is less than 20. --- src/ChangeLog | 7 +++++++ src/fileio.c | 35 +++++++++++++++++------------------ 2 files changed, 24 insertions(+), 18 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index e5d7a81792e..3687da81fbb 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,12 @@ 2011-06-19 Paul Eggert + * fileio.c: Fix some integer overflow issues. + (file_name_as_directory, Fexpand_file_name, Fsubstitute_in_file_name): + Don't assume string length fits in int. + (directory_file_name): Don't assume string length fits in long. + (make_temp_name): Don't assume pid fits in int, or that its print + length is less than 20. + * data.c (Fsubr_name): Rewrite to avoid a strlen call. * coding.c (make_subsidiaries): Don't assume string length fits in int. diff --git a/src/fileio.c b/src/fileio.c index dd34872c263..824df8172e7 100644 --- a/src/fileio.c +++ b/src/fileio.c @@ -440,11 +440,9 @@ get a current directory to run processes in. */) static char * file_name_as_directory (char *out, const char *in) { - int size = strlen (in) - 1; + ptrdiff_t len = strlen (in); - strcpy (out, in); - - if (size < 0) + if (len == 0) { out[0] = '.'; out[1] = '/'; @@ -452,11 +450,13 @@ file_name_as_directory (char *out, const char *in) return out; } + strcpy (out, in); + /* For Unix syntax, Append a slash if necessary */ - if (!IS_DIRECTORY_SEP (out[size])) + if (!IS_DIRECTORY_SEP (out[len - 1])) { - out[size + 1] = DIRECTORY_SEP; - out[size + 2] = '\0'; + out[len] = DIRECTORY_SEP; + out[len + 1] = '\0'; } #ifdef DOS_NT dostounix_filename (out); @@ -503,7 +503,7 @@ For a Unix-syntax file name, just appends a slash. */) static int directory_file_name (char *src, char *dst) { - long slen; + ptrdiff_t slen; slen = strlen (src); @@ -587,9 +587,9 @@ make_temp_name (Lisp_Object prefix, int base64_p) { Lisp_Object val; int len, clen; - int pid; + intmax_t pid; char *p, *data; - char pidbuf[20]; + char pidbuf[INT_BUFSIZE_BOUND (pid_t)]; int pidlen; CHECK_STRING (prefix); @@ -599,7 +599,7 @@ make_temp_name (Lisp_Object prefix, int base64_p) three are incremented if the file already exists. This ensures 262144 unique file names per PID per PREFIX. */ - pid = (int) getpid (); + pid = getpid (); if (base64_p) { @@ -611,8 +611,7 @@ make_temp_name (Lisp_Object prefix, int base64_p) else { #ifdef HAVE_LONG_FILE_NAMES - sprintf (pidbuf, "%d", pid); - pidlen = strlen (pidbuf); + pidlen = sprintf (pidbuf, "%"PRIdMAX, pid); #else pidbuf[0] = make_temp_name_tbl[pid & 63], pid >>= 6; pidbuf[1] = make_temp_name_tbl[pid & 63], pid >>= 6; @@ -737,14 +736,14 @@ filesystem tree, not (expand-file-name ".." dirname). */) /* This should only point to alloca'd data. */ char *target; - int tlen; + ptrdiff_t tlen; struct passwd *pw; #ifdef DOS_NT int drive = 0; int collapse_newdir = 1; int is_escaped = 0; #endif /* DOS_NT */ - int length; + ptrdiff_t length; Lisp_Object handler, result; int multibyte; Lisp_Object hdir; @@ -1314,7 +1313,7 @@ See also the function `substitute-in-file-name'.") unsigned char *nm; register unsigned char *newdir, *p, *o; - int tlen; + ptrdiff_t tlen; unsigned char *target; struct passwd *pw; int lose; @@ -1366,7 +1365,7 @@ See also the function `substitute-in-file-name'.") unsigned char *user = nm + 1; /* Find end of name. */ unsigned char *ptr = (unsigned char *) strchr (user, '/'); - int len = ptr ? ptr - user : strlen (user); + ptrdiff_t len = ptr ? ptr - user : strlen (user); /* Copy the user name into temp storage. */ o = (unsigned char *) alloca (len + 1); memcpy (o, user, len); @@ -1672,7 +1671,7 @@ those `/' is discarded. */) else { Lisp_Object orig, decoded; - int orig_length, decoded_length; + ptrdiff_t orig_length, decoded_length; orig_length = strlen (o); orig = make_unibyte_string (o, orig_length); decoded = DECODE_FILE (orig); From 882f0d8119c9135b06ce9b291a139e4e9c6eeff8 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 20:11:40 -0700 Subject: [PATCH 47/71] * filelock.c: Fix some buffer overrun and integer overflow issues. (get_boot_time): Don't assume that gzip command string fits in 100 bytes. Reformulate so as not to need the command string. Invoke gzip -cd rather than gunzip, as it's more portable. (lock_info_type, lock_file_1, lock_file): Don't assume pid_t and time_t fit in unsigned long. (LOCK_PID_MAX): Remove; we now use more-reliable bounds. (current_lock_owner): Prefer signed type for sizes. Use memcpy, not strncpy, where memcpy is what is really wanted. Don't assume (via atoi) that time_t and pid_t fit in int. Check for time_t and/or pid_t out of range, e.g., via a network share. Don't alloca where an auto var works fine. --- src/ChangeLog | 15 +++++++++ src/filelock.c | 89 ++++++++++++++++++++++++++------------------------ 2 files changed, 62 insertions(+), 42 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 3687da81fbb..fd17f85f1e1 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,18 @@ +2011-06-20 Paul Eggert + + * filelock.c: Fix some buffer overrun and integer overflow issues. + (get_boot_time): Don't assume that gzip command string fits in 100 bytes. + Reformulate so as not to need the command string. + Invoke gzip -cd rather than gunzip, as it's more portable. + (lock_info_type, lock_file_1, lock_file): + Don't assume pid_t and time_t fit in unsigned long. + (LOCK_PID_MAX): Remove; we now use more-reliable bounds. + (current_lock_owner): Prefer signed type for sizes. + Use memcpy, not strncpy, where memcpy is what is really wanted. + Don't assume (via atoi) that time_t and pid_t fit in int. + Check for time_t and/or pid_t out of range, e.g., via a network share. + Don't alloca where an auto var works fine. + 2011-06-19 Paul Eggert * fileio.c: Fix some integer overflow issues. diff --git a/src/filelock.c b/src/filelock.c index 13b27c72f19..18483b6f3f3 100644 --- a/src/filelock.c +++ b/src/filelock.c @@ -168,7 +168,7 @@ get_boot_time (void) /* If we did not find a boot time in wtmp, look at wtmp, and so on. */ for (counter = 0; counter < 20 && ! boot_time; counter++) { - char cmd_string[100]; + char cmd_string[sizeof WTMP_FILE ".19.gz"]; Lisp_Object tempname, filename; int delete_flag = 0; @@ -191,19 +191,16 @@ get_boot_time (void) character long prefix, and call make_temp_file with second arg non-zero, so that it will add not more than 6 characters to the prefix. */ - tempname = Fexpand_file_name (build_string ("wt"), + filename = Fexpand_file_name (build_string ("wt"), Vtemporary_file_directory); - tempname = make_temp_name (tempname, 1); - args[0] = Vshell_file_name; + filename = make_temp_name (filename, 1); + args[0] = build_string ("gzip"); args[1] = Qnil; - args[2] = Qnil; + args[2] = list2 (QCfile, filename); args[3] = Qnil; - args[4] = build_string ("-c"); - sprintf (cmd_string, "gunzip < %s.%d.gz > %s", - WTMP_FILE, counter, SDATA (tempname)); - args[5] = build_string (cmd_string); + args[4] = build_string ("-cd"); + args[5] = tempname; Fcall_process (6, args); - filename = tempname; delete_flag = 1; } } @@ -284,14 +281,10 @@ typedef struct { char *user; char *host; - unsigned long pid; + pid_t pid; time_t boot_time; } lock_info_type; -/* When we read the info back, we might need this much more, - enough for decimal representation plus null. */ -#define LOCK_PID_MAX (4 * sizeof (unsigned long)) - /* Free the two dynamically-allocated pieces in PTR. */ #define FREE_LOCK_INFO(i) do { xfree ((i).user); xfree ((i).host); } while (0) @@ -344,7 +337,7 @@ static int lock_file_1 (char *lfname, int force) { register int err; - time_t boot; + intmax_t boot, pid; const char *user_name; const char *host_name; char *lock_info_str; @@ -361,14 +354,16 @@ lock_file_1 (char *lfname, int force) else host_name = ""; lock_info_str = (char *)alloca (strlen (user_name) + strlen (host_name) - + LOCK_PID_MAX + 30); + + 2 * INT_STRLEN_BOUND (intmax_t) + + sizeof "@.:"); + pid = getpid (); if (boot) - sprintf (lock_info_str, "%s@%s.%lu:%lu", user_name, host_name, - (unsigned long) getpid (), (unsigned long) boot); + sprintf (lock_info_str, "%s@%s.%"PRIdMAX":%"PRIdMAX, + user_name, host_name, pid, boot); else - sprintf (lock_info_str, "%s@%s.%lu", user_name, host_name, - (unsigned long) getpid ()); + sprintf (lock_info_str, "%s@%s.%"PRIdMAX, + user_name, host_name, pid); err = symlink (lock_info_str, lfname); if (errno == EEXIST && force) @@ -397,8 +392,9 @@ static int current_lock_owner (lock_info_type *owner, char *lfname) { int ret; - size_t len; - int local_owner = 0; + ptrdiff_t len; + lock_info_type local_owner; + intmax_t n; char *at, *dot, *colon; char readlink_buf[READLINK_BUFSIZE]; char *lfinfo = emacs_readlink (lfname, readlink_buf); @@ -408,12 +404,9 @@ current_lock_owner (lock_info_type *owner, char *lfname) return errno == ENOENT ? 0 : -1; /* Even if the caller doesn't want the owner info, we still have to - read it to determine return value, so allocate it. */ + read it to determine return value. */ if (!owner) - { - owner = (lock_info_type *) alloca (sizeof (lock_info_type)); - local_owner = 1; - } + owner = &local_owner; /* Parse USER@HOST.PID:BOOT_TIME. If can't parse, return -1. */ /* The USER is everything before the last @. */ @@ -427,24 +420,34 @@ current_lock_owner (lock_info_type *owner, char *lfname) } len = at - lfinfo; owner->user = (char *) xmalloc (len + 1); - strncpy (owner->user, lfinfo, len); + memcpy (owner->user, lfinfo, len); owner->user[len] = 0; /* The PID is everything from the last `.' to the `:'. */ - owner->pid = atoi (dot + 1); - colon = dot; - while (*colon && *colon != ':') - colon++; + errno = 0; + n = strtoimax (dot + 1, NULL, 10); + owner->pid = + ((0 <= n && n <= TYPE_MAXIMUM (pid_t) + && (TYPE_MAXIMUM (pid_t) < INTMAX_MAX || errno != ERANGE)) + ? n : 0); + + colon = strchr (dot + 1, ':'); /* After the `:', if there is one, comes the boot time. */ - if (*colon == ':') - owner->boot_time = atoi (colon + 1); - else - owner->boot_time = 0; + n = 0; + if (colon) + { + errno = 0; + n = strtoimax (colon + 1, NULL, 10); + } + owner->boot_time = + ((0 <= n && n <= TYPE_MAXIMUM (time_t) + && (TYPE_MAXIMUM (time_t) < INTMAX_MAX || errno != ERANGE)) + ? n : 0); /* The host is everything in between. */ len = dot - at - 1; owner->host = (char *) xmalloc (len + 1); - strncpy (owner->host, at + 1, len); + memcpy (owner->host, at + 1, len); owner->host[len] = 0; /* We're done looking at the link info. */ @@ -476,7 +479,7 @@ current_lock_owner (lock_info_type *owner, char *lfname) } /* Avoid garbage. */ - if (local_owner || ret <= 0) + if (owner == &local_owner || ret <= 0) { FREE_LOCK_INFO (*owner); } @@ -539,6 +542,7 @@ lock_file (Lisp_Object fn) register Lisp_Object attack, orig_fn, encoded_fn; register char *lfname, *locker; lock_info_type lock_info; + intmax_t pid; struct gcpro gcpro1; /* Don't do locking while dumping Emacs. @@ -577,9 +581,10 @@ lock_file (Lisp_Object fn) /* Else consider breaking the lock */ locker = (char *) alloca (strlen (lock_info.user) + strlen (lock_info.host) - + LOCK_PID_MAX + 9); - sprintf (locker, "%s@%s (pid %lu)", lock_info.user, lock_info.host, - lock_info.pid); + + INT_STRLEN_BOUND (intmax_t) + sizeof "@ (pid )"); + pid = lock_info.pid; + sprintf (locker, "%s@%s (pid %"PRIdMAX")", + lock_info.user, lock_info.host, pid); FREE_LOCK_INFO (lock_info); attack = call2 (intern ("ask-user-about-lock"), fn, build_string (locker)); From b5b8c9e5d3c14ad3510af9edb2d693f312eecf53 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 20:21:35 -0700 Subject: [PATCH 48/71] * font.c: Don't assume string length fits in int. (font_parse_xlfd, font_parse_fcname, font_unparse_fcname): Use ptrdiff_t, not int. --- src/ChangeLog | 4 ++++ src/font.c | 11 ++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index fd17f85f1e1..32756b4427f 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,9 @@ 2011-06-20 Paul Eggert + * font.c: Don't assume string length fits in int. + (font_parse_xlfd, font_parse_fcname, font_unparse_fcname): + Use ptrdiff_t, not int. + * filelock.c: Fix some buffer overrun and integer overflow issues. (get_boot_time): Don't assume that gzip command string fits in 100 bytes. Reformulate so as not to need the command string. diff --git a/src/font.c b/src/font.c index 4619ed68913..b9cdde376a5 100644 --- a/src/font.c +++ b/src/font.c @@ -982,7 +982,7 @@ font_expand_wildcards (Lisp_Object *field, int n) int font_parse_xlfd (char *name, Lisp_Object font) { - int len = strlen (name); + ptrdiff_t len = strlen (name); int i, j, n; char *f[XLFD_LAST_INDEX + 1]; Lisp_Object val; @@ -1310,7 +1310,7 @@ font_parse_fcname (char *name, Lisp_Object font) char *p, *q; char *size_beg = NULL, *size_end = NULL; char *props_beg = NULL, *family_end = NULL; - int len = strlen (name); + ptrdiff_t len = strlen (name); if (len == 0) return -1; @@ -1376,7 +1376,7 @@ font_parse_fcname (char *name, Lisp_Object font) if (*q != '=') { /* Must be an enumerated value. */ - int word_len; + ptrdiff_t word_len; p = p + 1; word_len = q - p; val = font_intern_prop (p, q - p, 1); @@ -1452,7 +1452,7 @@ font_parse_fcname (char *name, Lisp_Object font) Lisp_Object weight = Qnil, slant = Qnil; Lisp_Object width = Qnil, size = Qnil; char *word_start; - int word_len; + ptrdiff_t word_len; /* Scan backwards from the end, looking for a size. */ for (p = name + len - 1; p >= name; p--) @@ -1542,7 +1542,8 @@ font_unparse_fcname (Lisp_Object font, int pixel_size, char *name, int nbytes) Lisp_Object family, foundry; Lisp_Object tail, val; int point_size; - int i, len = 1; + int i; + ptrdiff_t len = 1; char *p; Lisp_Object styles[3]; const char *style_names[3] = { "weight", "slant", "width" }; From ccd6111c2415fc357944464cdf51ab496364241c Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 22:51:47 -0700 Subject: [PATCH 49/71] * font.c (font_intern_prop): Don't assume string length fits in int. Don't assume integer property fits in fixnum. * font.h (font_intern_prop): 2nd arg is now ptrdiff_t, not int. --- src/ChangeLog | 3 +++ src/font.c | 11 ++++++++--- src/font.h | 3 ++- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 32756b4427f..cb6ea8ff9eb 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -3,6 +3,9 @@ * font.c: Don't assume string length fits in int. (font_parse_xlfd, font_parse_fcname, font_unparse_fcname): Use ptrdiff_t, not int. + (font_intern_prop): Don't assume string length fits in int. + Don't assume integer property fits in fixnum. + * font.h (font_intern_prop): 2nd arg is now ptrdiff_t, not int. * filelock.c: Fix some buffer overrun and integer overflow issues. (get_boot_time): Don't assume that gzip command string fits in 100 bytes. diff --git a/src/font.c b/src/font.c index b9cdde376a5..cc57af12141 100644 --- a/src/font.c +++ b/src/font.c @@ -232,9 +232,9 @@ static int num_font_drivers; STR. */ Lisp_Object -font_intern_prop (const char *str, int len, int force_symbol) +font_intern_prop (const char *str, ptrdiff_t len, int force_symbol) { - int i; + ptrdiff_t i; Lisp_Object tem; Lisp_Object obarray; EMACS_INT nbytes, nchars; @@ -247,7 +247,12 @@ font_intern_prop (const char *str, int len, int force_symbol) if (! isdigit (str[i])) break; if (i == len) - return make_number (atoi (str)); + { + Lisp_Object num = string_to_number (str, 10, 0); + if (! INTEGERP (num)) + xsignal1 (Qoverflow_error, num); + return num; + } } /* The following code is copied from the function intern (in diff --git a/src/font.h b/src/font.h index 0ca9e8baec4..e50eaff9a1f 100644 --- a/src/font.h +++ b/src/font.h @@ -777,7 +777,8 @@ extern void font_done_for_face (FRAME_PTR f, struct face *face); extern Lisp_Object font_open_by_spec (FRAME_PTR f, Lisp_Object spec); extern Lisp_Object font_open_by_name (FRAME_PTR f, const char *name); -extern Lisp_Object font_intern_prop (const char *str, int len, int force_symbol); +extern Lisp_Object font_intern_prop (const char *str, ptrdiff_t len, + int force_symbol); extern void font_update_sort_order (int *order); extern void font_parse_family_registry (Lisp_Object family, From 9bda3520ff9b70be8645e0ebc38cf212208c444b Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 22:54:33 -0700 Subject: [PATCH 50/71] * gtkutil.c (style_changed_cb): Avoid need for strlen. --- src/ChangeLog | 2 ++ src/gtkutil.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index cb6ea8ff9eb..16e8342ee0b 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-20 Paul Eggert + * gtkutil.c (style_changed_cb): Avoid need for strlen. + * font.c: Don't assume string length fits in int. (font_parse_xlfd, font_parse_fcname, font_unparse_fcname): Use ptrdiff_t, not int. diff --git a/src/gtkutil.c b/src/gtkutil.c index 45f112ae9e5..6c00058e7af 100644 --- a/src/gtkutil.c +++ b/src/gtkutil.c @@ -1015,7 +1015,7 @@ style_changed_cb (GObject *go, EVENT_INIT (event); event.kind = CONFIG_CHANGED_EVENT; - event.frame_or_window = make_string (display_name, strlen (display_name)); + event.frame_or_window = build_string (display_name); /* Theme doesn't change often, so intern is called seldom. */ event.arg = intern ("theme-name"); kbd_buffer_store_event (&event); @@ -1024,7 +1024,7 @@ style_changed_cb (GObject *go, /* If scroll bar width changed, we need set the new size on all frames on this display. */ - if (dpy) + if (dpy) { Lisp_Object rest, frame; FOR_EACH_FRAME (rest, frame) From 74ca2eb34bb66901b04d33cbef16ff7c8d8df551 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 23:03:10 -0700 Subject: [PATCH 51/71] * image.c (xpm_scan) [HAVE_NS && !HAVE_XPM]: Don't assume string length fits in int. --- src/ChangeLog | 3 +++ src/image.c | 16 +++------------- 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 16e8342ee0b..4928e209364 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,8 @@ 2011-06-20 Paul Eggert + * image.c (xpm_scan) [HAVE_NS && !HAVE_XPM]: + Don't assume string length fits in int. + * gtkutil.c (style_changed_cb): Avoid need for strlen. * font.c: Don't assume string length fits in int. diff --git a/src/image.c b/src/image.c index 352f8c486e4..b5b93cb5b69 100644 --- a/src/image.c +++ b/src/image.c @@ -3589,25 +3589,14 @@ xpm_load (struct frame *f, struct image *img) /* XPM support functions for NS where libxpm is not available. Only XPM version 3 (without any extensions) is supported. */ -static int xpm_scan (const unsigned char **, const unsigned char *, - const unsigned char **, int *); -static Lisp_Object xpm_make_color_table_v - (void (**) (Lisp_Object, const unsigned char *, int, Lisp_Object), - Lisp_Object (**) (Lisp_Object, const unsigned char *, int)); static void xpm_put_color_table_v (Lisp_Object, const unsigned char *, int, Lisp_Object); static Lisp_Object xpm_get_color_table_v (Lisp_Object, const unsigned char *, int); -static Lisp_Object xpm_make_color_table_h - (void (**) (Lisp_Object, const unsigned char *, int, Lisp_Object), - Lisp_Object (**) (Lisp_Object, const unsigned char *, int)); static void xpm_put_color_table_h (Lisp_Object, const unsigned char *, int, Lisp_Object); static Lisp_Object xpm_get_color_table_h (Lisp_Object, const unsigned char *, int); -static int xpm_str_to_color_key (const char *); -static int xpm_load_image (struct frame *, struct image *, - const unsigned char *, const unsigned char *); /* Tokens returned from xpm_scan. */ @@ -3629,7 +3618,7 @@ static int xpm_scan (const unsigned char **s, const unsigned char *end, const unsigned char **beg, - int *len) + ptrdiff_t *len) { int c; @@ -3799,7 +3788,8 @@ xpm_load_image (struct frame *f, unsigned char buffer[BUFSIZ]; int width, height, x, y; int num_colors, chars_per_pixel; - int len, LA1; + ptrdiff_t len; + int LA1; void (*put_color_table) (Lisp_Object, const unsigned char *, int, Lisp_Object); Lisp_Object (*get_color_table) (Lisp_Object, const unsigned char *, int); Lisp_Object frame, color_symbols, color_table; From 52c61c22eeda7b11969f44d3c002ad94f228f29d Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 23:07:16 -0700 Subject: [PATCH 52/71] * keyboard.c (parse_tool_bar_item): Avoid need for strlen. --- src/ChangeLog | 1 + src/keyboard.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 4928e209364..b1035da6c7b 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -3,6 +3,7 @@ * image.c (xpm_scan) [HAVE_NS && !HAVE_XPM]: Don't assume string length fits in int. + * keyboard.c (parse_tool_bar_item): * gtkutil.c (style_changed_cb): Avoid need for strlen. * font.c: Don't assume string length fits in int. diff --git a/src/keyboard.c b/src/keyboard.c index e7a0598e839..bffe2b035dc 100644 --- a/src/keyboard.c +++ b/src/keyboard.c @@ -8225,7 +8225,7 @@ parse_tool_bar_item (Lisp_Object key, Lisp_Object item) /* `:label LABEL-STRING'. */ PROP (TOOL_BAR_ITEM_LABEL) = STRINGP (value) ? value - : make_string (bad_label, strlen (bad_label)); + : build_string (bad_label); have_label = 1; } else if (EQ (ikey, QCfilter)) @@ -8291,7 +8291,7 @@ parse_tool_bar_item (Lisp_Object key, Lisp_Object item) else label = ""; - new_lbl = Fupcase_initials (make_string (label, strlen (label))); + new_lbl = Fupcase_initials (build_string (label)); if (SCHARS (new_lbl) <= tool_bar_max_label_size) PROP (TOOL_BAR_ITEM_LABEL) = new_lbl; else From 6e5bb2dc82e57e8666eae89848050a78554709fa Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 23:11:36 -0700 Subject: [PATCH 53/71] * lread.c (intern, intern_c_string): Don't assume strlen fits in int. --- src/ChangeLog | 1 + src/lread.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index b1035da6c7b..8bff8e53fbd 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,6 @@ 2011-06-20 Paul Eggert + * lread.c (intern, intern_c_string): * image.c (xpm_scan) [HAVE_NS && !HAVE_XPM]: Don't assume string length fits in int. diff --git a/src/lread.c b/src/lread.c index 5f8d6b84c3c..e75d61ae985 100644 --- a/src/lread.c +++ b/src/lread.c @@ -3650,7 +3650,7 @@ Lisp_Object intern (const char *str) { Lisp_Object tem; - int len = strlen (str); + ptrdiff_t len = strlen (str); Lisp_Object obarray; obarray = Vobarray; @@ -3666,7 +3666,7 @@ Lisp_Object intern_c_string (const char *str) { Lisp_Object tem; - int len = strlen (str); + ptrdiff_t len = strlen (str); Lisp_Object obarray; obarray = Vobarray; From ad39facaee4dcbd0e3f002e0a1674fce00e92c0c Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 19 Jun 2011 23:14:57 -0700 Subject: [PATCH 54/71] * minibuf.c (Fread_buffer): Don't assume strlen fits in int. --- src/ChangeLog | 1 + src/minibuf.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 8bff8e53fbd..238e37a43a1 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,6 @@ 2011-06-20 Paul Eggert + * minibuf.c (Fread_buffer): * lread.c (intern, intern_c_string): * image.c (xpm_scan) [HAVE_NS && !HAVE_XPM]: Don't assume string length fits in int. diff --git a/src/minibuf.c b/src/minibuf.c index 1b555035cfe..ca2f22df9ed 100644 --- a/src/minibuf.c +++ b/src/minibuf.c @@ -1115,7 +1115,7 @@ function, instead of the usual behavior. */) { Lisp_Object args[4], result; char *s; - int len; + ptrdiff_t len; int count = SPECPDL_INDEX (); if (BUFFERP (def)) @@ -1137,7 +1137,7 @@ function, instead of the usual behavior. */) if (STRINGP (prompt)) { s = SSDATA (prompt); - len = strlen (s); + len = SBYTES (prompt); if (len >= 2 && s[len - 2] == ':' && s[len - 1] == ' ') len = len - 2; else if (len >= 1 && (s[len - 1] == ':' || s[len - 1] == ' ')) From 171e2a582e4c7d6bfd6d6ff0373720b59568bcb2 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Mon, 20 Jun 2011 00:21:06 -0700 Subject: [PATCH 55/71] * termcap.c: Don't assume sizes fit in int and never overflow. (struct termcap_buffer, tgetent): Use ptrdiff_t, not int, for sizes. (gobble_line): Check for size-calculation overflow. --- src/ChangeLog | 4 ++++ src/termcap.c | 9 +++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 238e37a43a1..21daa1c8e3b 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,9 @@ 2011-06-20 Paul Eggert + * termcap.c: Don't assume sizes fit in int and never overflow. + (struct termcap_buffer, tgetent): Use ptrdiff_t, not int, for sizes. + (gobble_line): Check for size-calculation overflow. + * minibuf.c (Fread_buffer): * lread.c (intern, intern_c_string): * image.c (xpm_scan) [HAVE_NS && !HAVE_XPM]: diff --git a/src/termcap.c b/src/termcap.c index 5b71ad229d7..e191f6b3af3 100644 --- a/src/termcap.c +++ b/src/termcap.c @@ -323,10 +323,10 @@ tputs (register const char *str, int nlines, int (*outfun) (int)) struct termcap_buffer { char *beg; - int size; + ptrdiff_t size; char *ptr; int ateof; - int full; + ptrdiff_t full; }; /* Forward declarations of static functions. */ @@ -367,7 +367,7 @@ tgetent (char *bp, const char *name) register char *bp1; char *tc_search_point; char *term; - int malloc_size = 0; + ptrdiff_t malloc_size = 0; register int c; char *tcenv = NULL; /* TERMCAP value, if it contains :tc=. */ char *indirect = NULL; /* Terminal type in :tc= in TERMCAP value. */ @@ -637,6 +637,8 @@ gobble_line (int fd, register struct termcap_buffer *bufp, char *append_end) { if (bufp->full == bufp->size) { + if ((PTRDIFF_MAX - 1) / 2 < bufp->size) + memory_full (SIZE_MAX); bufp->size *= 2; /* Add 1 to size to ensure room for terminating null. */ tem = (char *) xrealloc (buf, bufp->size + 1); @@ -715,4 +717,3 @@ tprint (cap) } #endif /* TEST */ - From 25c7e41fc6c1af7ab718abb7dee7964bafe2e17a Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Mon, 20 Jun 2011 18:06:45 -0700 Subject: [PATCH 56/71] * callproc.c (egetenv): Adjust to getenv_internal API change. --- src/callproc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/callproc.c b/src/callproc.c index 12621c90db5..b339f343f62 100644 --- a/src/callproc.c +++ b/src/callproc.c @@ -1477,7 +1477,7 @@ char * egetenv (const char *var) { char *value; - int valuelen; + ptrdiff_t valuelen; if (getenv_internal (var, strlen (var), &value, &valuelen, Qnil)) return value; From 4eab31dd61e80ac5b38b964c91577e0c855e1432 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Mon, 20 Jun 2011 18:21:44 -0700 Subject: [PATCH 57/71] * xdisp.c (message_log_check_duplicate): Return intmax_t, not unsigned long, as we prefer signed integers. All callers changed. Detect integer overflow in repeat count. (message_dolog): Don't assume print length fits in 39 bytes. --- src/ChangeLog | 5 +++++ src/xdisp.c | 15 ++++++++------- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 210f4f6bd60..bcff6fd0831 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,10 @@ 2011-06-21 Paul Eggert + * xdisp.c (message_log_check_duplicate): Return intmax_t, + not unsigned long, as we prefer signed integers. All callers changed. + Detect integer overflow in repeat count. + (message_dolog): Don't assume print length fits in 39 bytes. + * termcap.c: Don't assume sizes fit in int and never overflow. (struct termcap_buffer, tgetent): Use ptrdiff_t, not int, for sizes. (gobble_line): Check for size-calculation overflow. diff --git a/src/xdisp.c b/src/xdisp.c index e985ef9ae4e..ce60b658a73 100644 --- a/src/xdisp.c +++ b/src/xdisp.c @@ -810,7 +810,7 @@ static int cursor_row_fully_visible_p (struct window *, int, int); static int try_scrolling (Lisp_Object, int, EMACS_INT, EMACS_INT, int, int); static int try_cursor_movement (Lisp_Object, struct text_pos, int *); static int trailing_whitespace_p (EMACS_INT); -static unsigned long int message_log_check_duplicate (EMACS_INT, EMACS_INT); +static intmax_t message_log_check_duplicate (EMACS_INT, EMACS_INT); static void push_it (struct it *, struct text_pos *); static void pop_it (struct it *); static void sync_frame_with_window_matrix_rows (struct window *); @@ -8064,7 +8064,7 @@ message_dolog (const char *m, EMACS_INT nbytes, int nlflag, int multibyte) if (nlflag) { EMACS_INT this_bol, this_bol_byte, prev_bol, prev_bol_byte; - unsigned long int dups; + intmax_t dups; insert_1 ("\n", 1, 1, 0, 0); scan_newline (Z, Z_BYTE, BEG, BEG_BYTE, -2, 0); @@ -8087,12 +8087,13 @@ message_dolog (const char *m, EMACS_INT nbytes, int nlflag, int multibyte) this_bol, this_bol_byte, 0); if (dups > 1) { - char dupstr[40]; + char dupstr[sizeof " [ times]" + + INT_STRLEN_BOUND (intmax_t)]; int duplen; /* If you change this format, don't forget to also change message_log_check_duplicate. */ - sprintf (dupstr, " [%lu times]", dups); + sprintf (dupstr, " [%"PRIdMAX" times]", dups); duplen = strlen (dupstr); TEMP_SET_PT_BOTH (Z - 1, Z_BYTE - 1); insert_1 (dupstr, duplen, 1, 0, 1); @@ -8154,7 +8155,7 @@ message_dolog (const char *m, EMACS_INT nbytes, int nlflag, int multibyte) Return 0 if different, 1 if the new one should just replace it, or a value N > 1 if we should also append " [N times]". */ -static unsigned long int +static intmax_t message_log_check_duplicate (EMACS_INT prev_bol_byte, EMACS_INT this_bol_byte) { EMACS_INT i; @@ -8176,8 +8177,8 @@ message_log_check_duplicate (EMACS_INT prev_bol_byte, EMACS_INT this_bol_byte) if (*p1++ == ' ' && *p1++ == '[') { char *pend; - unsigned long int n = strtoul ((char *) p1, &pend, 10); - if (strncmp (pend, " times]\n", 8) == 0) + intmax_t n = strtoimax ((char *) p1, &pend, 10); + if (0 < n && n < INTMAX_MAX && strncmp (pend, " times]\n", 8) == 0) return n+1; } return 0; From df1f27af9e60e8f223cce0f5e5ac4107d87f982e Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Mon, 20 Jun 2011 18:30:32 -0700 Subject: [PATCH 58/71] * xdisp.c (display_mode_element): Don't assume strlen fits in int. --- src/ChangeLog | 1 + src/xdisp.c | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index bcff6fd0831..8c530340927 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -4,6 +4,7 @@ not unsigned long, as we prefer signed integers. All callers changed. Detect integer overflow in repeat count. (message_dolog): Don't assume print length fits in 39 bytes. + (display_mode_element): Don't assume strlen fits in int. * termcap.c: Don't assume sizes fit in int and never overflow. (struct termcap_buffer, tgetent): Use ptrdiff_t, not int, for sizes. diff --git a/src/xdisp.c b/src/xdisp.c index ce60b658a73..ae5c334447d 100644 --- a/src/xdisp.c +++ b/src/xdisp.c @@ -18730,8 +18730,7 @@ display_mode_element (struct it *it, int depth, int field_width, int precision, break; case MODE_LINE_STRING: { - int len = strlen (spec); - Lisp_Object tem = make_string (spec, len); + Lisp_Object tem = build_string (spec); props = Ftext_properties_at (make_number (charpos), elt); /* Should only keep face property in props */ n += store_mode_line_string (NULL, tem, 0, field, prec, props); From 25ed6cc39748008e8f95a247d3ece3e063fcc92e Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Mon, 20 Jun 2011 18:38:04 -0700 Subject: [PATCH 59/71] * xfns.c: Don't assume strlen fits in int. (xic_create_fontsetname, x_window): Use ptrdiff_t, not int. --- src/ChangeLog | 3 +++ src/xfns.c | 13 +++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 8c530340927..b1e30e68a0c 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,8 @@ 2011-06-21 Paul Eggert + * xfns.c: Don't assume strlen fits in int. + (xic_create_fontsetname, x_window): Use ptrdiff_t, not int. + * xdisp.c (message_log_check_duplicate): Return intmax_t, not unsigned long, as we prefer signed integers. All callers changed. Detect integer overflow in repeat count. diff --git a/src/xfns.c b/src/xfns.c index 20bfa1df3f0..e98e287f50b 100644 --- a/src/xfns.c +++ b/src/xfns.c @@ -1883,7 +1883,7 @@ xic_create_fontsetname (const char *base_fontname, int motif) /* Make a fontset name from the base font name. */ if (xic_defaut_fontset == base_fontname) { /* There is no base font name, use the default. */ - int len = strlen (base_fontname) + 2; + ptrdiff_t len = strlen (base_fontname) + 2; fontsetname = xmalloc (len); memset (fontsetname, 0, len); strcpy (fontsetname, base_fontname); @@ -1896,7 +1896,7 @@ xic_create_fontsetname (const char *base_fontname, int motif) - the base font where the charset spec is replaced by -*-*. - the same but with the family also replaced with -*-*-. */ const char *p = base_fontname; - int i; + ptrdiff_t i; for (i = 0; *p; p++) if (*p == '-') i++; @@ -1904,7 +1904,8 @@ xic_create_fontsetname (const char *base_fontname, int motif) { /* As the font name doesn't conform to XLFD, we can't modify it to generalize it to allcs and allfamilies. Use the specified font plus the default. */ - int len = strlen (base_fontname) + strlen (xic_defaut_fontset) + 3; + ptrdiff_t len = + strlen (base_fontname) + strlen (xic_defaut_fontset) + 3; fontsetname = xmalloc (len); memset (fontsetname, 0, len); strcpy (fontsetname, base_fontname); @@ -1913,7 +1914,7 @@ xic_create_fontsetname (const char *base_fontname, int motif) } else { - int len; + ptrdiff_t len; const char *p1 = NULL, *p2 = NULL, *p3 = NULL; char *font_allcs = NULL; char *font_allfamilies = NULL; @@ -1940,7 +1941,7 @@ xic_create_fontsetname (const char *base_fontname, int motif) wildcard. */ if (*p3 != '*') { - int diff = (p2 - p3) - 2; + ptrdiff_t diff = (p2 - p3) - 2; base = alloca (strlen (base_fontname) + 1); memcpy (base, base_fontname, p3 - base_fontname); @@ -2434,7 +2435,7 @@ x_window (struct frame *f, long window_prompting, int minibuffer_only) /* Do some needed geometry management. */ { - int len; + ptrdiff_t len; char *tem, shell_position[32]; Arg gal[10]; int gac = 0; From 7de51af53b40c4fcaa4369feffad11e9db11fbe0 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Mon, 20 Jun 2011 18:40:45 -0700 Subject: [PATCH 60/71] * xfont.c (xfont_match): Avoid need for strlen. --- src/ChangeLog | 2 ++ src/xfont.c | 4 +--- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index b1e30e68a0c..857b0fa79e2 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-21 Paul Eggert + * xfont.c (xfont_match): Avoid need for strlen. + * xfns.c: Don't assume strlen fits in int. (xic_create_fontsetname, x_window): Use ptrdiff_t, not int. diff --git a/src/xfont.c b/src/xfont.c index 5dd6aae3846..2c3ca911623 100644 --- a/src/xfont.c +++ b/src/xfont.c @@ -594,16 +594,14 @@ xfont_match (Lisp_Object frame, Lisp_Object spec) { if (XGetFontProperty (xfont, XA_FONT, &value)) { - int len; char *s; s = (char *) XGetAtomName (display, (Atom) value); - len = strlen (s); /* If DXPC (a Differential X Protocol Compressor) Ver.3.7 is running, XGetAtomName will return null string. We must avoid such a name. */ - if (len > 0) + if (*s) { entity = font_make_entity (); ASET (entity, FONT_TYPE_INDEX, Qx); From 281549626c7a22c2d8643fc563974ee6fbc401a8 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Mon, 20 Jun 2011 19:15:16 -0700 Subject: [PATCH 61/71] * xrdb.c: Don't assume strlen fits in int; avoid some strlens. * xrdb.c (magic_file_p, search_magic_path): Omit last arg SUFFIX; it was always 0. All callers changed. (magic_file_p): Use ptrdiff_t, not int. Check for size overflow. --- src/ChangeLog | 5 +++++ src/xrdb.c | 53 +++++++++++++++++++-------------------------------- 2 files changed, 25 insertions(+), 33 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 857b0fa79e2..b388b1e3ea7 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,10 @@ 2011-06-21 Paul Eggert + * xrdb.c: Don't assume strlen fits in int; avoid some strlens. + * xrdb.c (magic_file_p, search_magic_path): + Omit last arg SUFFIX; it was always 0. All callers changed. + (magic_file_p): Use ptrdiff_t, not int. Check for size overflow. + * xfont.c (xfont_match): Avoid need for strlen. * xfns.c: Don't assume strlen fits in int. diff --git a/src/xrdb.c b/src/xrdb.c index b490afdabaa..e18ff65f799 100644 --- a/src/xrdb.c +++ b/src/xrdb.c @@ -120,20 +120,20 @@ x_get_customization_string (XrmDatabase db, const char *name, refers to %L only when the LANG environment variable is set, or otherwise provided by X. - ESCAPED_SUFFIX and SUFFIX are postpended to STRING if they are - non-zero. %-escapes in ESCAPED_SUFFIX are expanded; STRING is left - alone. + ESCAPED_SUFFIX is postpended to STRING if it is non-zero. + %-escapes in ESCAPED_SUFFIX are expanded. Return NULL otherwise. */ static char * -magic_file_p (const char *string, EMACS_INT string_len, const char *class, const char *escaped_suffix, const char *suffix) +magic_file_p (const char *string, EMACS_INT string_len, const char *class, + const char *escaped_suffix) { char *lang = getenv ("LANG"); - int path_size = 100; + ptrdiff_t path_size = 100; char *path = (char *) xmalloc (path_size); - int path_len = 0; + ptrdiff_t path_len = 0; const char *p = string; @@ -141,7 +141,7 @@ magic_file_p (const char *string, EMACS_INT string_len, const char *class, const { /* The chunk we're about to stick on the end of result. */ const char *next = NULL; - int next_len; + ptrdiff_t next_len; if (*p == '%') { @@ -201,8 +201,10 @@ magic_file_p (const char *string, EMACS_INT string_len, const char *class, const next = p, next_len = 1; /* Do we have room for this component followed by a '\0' ? */ - if (path_len + next_len + 1 > path_size) + if (path_size - path_len <= next_len) { + if (min (PTRDIFF_MAX, SIZE_MAX) / 2 - 1 - path_len < next_len) + memory_full (SIZE_MAX); path_size = (path_len + next_len + 1) * 2; path = (char *) xrealloc (path, path_size); } @@ -222,21 +224,6 @@ magic_file_p (const char *string, EMACS_INT string_len, const char *class, const } } - /* Perhaps we should add the SUFFIX now. */ - if (suffix) - { - int suffix_len = strlen (suffix); - - if (path_len + suffix_len + 1 > path_size) - { - path_size = (path_len + suffix_len + 1); - path = (char *) xrealloc (path, path_size); - } - - memcpy (path + path_len, suffix, suffix_len); - path_len += suffix_len; - } - path[path_len] = '\0'; if (! file_p (path)) @@ -295,7 +282,8 @@ file_p (const char *filename) the path name of the one we found otherwise. */ static char * -search_magic_path (const char *search_path, const char *class, const char *escaped_suffix, const char *suffix) +search_magic_path (const char *search_path, const char *class, + const char *escaped_suffix) { const char *s, *p; @@ -306,8 +294,7 @@ search_magic_path (const char *search_path, const char *class, const char *escap if (p > s) { - char *path = magic_file_p (s, p - s, class, escaped_suffix, - suffix); + char *path = magic_file_p (s, p - s, class, escaped_suffix); if (path) return path; } @@ -316,7 +303,7 @@ search_magic_path (const char *search_path, const char *class, const char *escap char *path; s = "%N%S"; - path = magic_file_p (s, strlen (s), class, escaped_suffix, suffix); + path = magic_file_p (s, strlen (s), class, escaped_suffix); if (path) return path; } @@ -340,7 +327,7 @@ get_system_app (const char *class) path = getenv ("XFILESEARCHPATH"); if (! path) path = PATH_X_DEFAULTS; - p = search_magic_path (path, class, 0, 0); + p = search_magic_path (path, class, 0); if (p) { db = XrmGetFileDatabase (p); @@ -368,19 +355,19 @@ get_user_app (const char *class) /* Check for XUSERFILESEARCHPATH. It is a path of complete file names, not directories. */ if (((path = getenv ("XUSERFILESEARCHPATH")) - && (file = search_magic_path (path, class, 0, 0))) + && (file = search_magic_path (path, class, 0))) /* Check for APPLRESDIR; it is a path of directories. In each, we have to search for LANG/CLASS and then CLASS. */ || ((path = getenv ("XAPPLRESDIR")) - && ((file = search_magic_path (path, class, "/%L/%N", 0)) - || (file = search_magic_path (path, class, "/%N", 0)))) + && ((file = search_magic_path (path, class, "/%L/%N")) + || (file = search_magic_path (path, class, "/%N")))) /* Check in the home directory. This is a bit of a hack; let's hope one's home directory doesn't contain any %-escapes. */ || (free_it = gethomedir (), - ((file = search_magic_path (free_it, class, "%L/%N", 0)) - || (file = search_magic_path (free_it, class, "%N", 0))))) + ((file = search_magic_path (free_it, class, "%L/%N")) + || (file = search_magic_path (free_it, class, "%N"))))) { XrmDatabase db = XrmGetFileDatabase (file); xfree (file); From 3a5077c52bb88d1a354d4122ef4bf660d84651f6 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Mon, 20 Jun 2011 19:16:54 -0700 Subject: [PATCH 62/71] * xselect.c (Fx_get_atom_name): Avoid need for strlen. --- src/ChangeLog | 2 ++ src/xselect.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ChangeLog b/src/ChangeLog index b388b1e3ea7..0c7cac342d9 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-21 Paul Eggert + * xselect.c (Fx_get_atom_name): Avoid need for strlen. + * xrdb.c: Don't assume strlen fits in int; avoid some strlens. * xrdb.c (magic_file_p, search_magic_path): Omit last arg SUFFIX; it was always 0. All callers changed. diff --git a/src/xselect.c b/src/xselect.c index 5b01fc22a42..7f4e0b40f62 100644 --- a/src/xselect.c +++ b/src/xselect.c @@ -2361,7 +2361,7 @@ If the value is 0 or the atom is not known, return the empty string. */) x_uncatch_errors (); if (!had_errors) - ret = make_string (name, strlen (name)); + ret = build_string (name); if (atom && name) XFree (name); if (NILP (ret)) ret = empty_unibyte_string; From da3f12b238fbbf4632bdf137b08446b1ee655faf Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Mon, 20 Jun 2011 23:47:52 -0700 Subject: [PATCH 63/71] * font.c (font_intern_prop): Don't use string_to_number, since the string isn't null-terminated. --- src/font.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/src/font.c b/src/font.c index cc57af12141..dfc636e3313 100644 --- a/src/font.c +++ b/src/font.c @@ -241,17 +241,25 @@ font_intern_prop (const char *str, ptrdiff_t len, int force_symbol) if (len == 1 && *str == '*') return Qnil; - if (!force_symbol && len >=1 && isdigit (*str)) + if (!force_symbol && 0 < len && '0' <= *str && *str <= '9') { for (i = 1; i < len; i++) - if (! isdigit (str[i])) + if (! ('0' <= str[i] && str[i] <= '9')) break; if (i == len) { - Lisp_Object num = string_to_number (str, 10, 0); - if (! INTEGERP (num)) - xsignal1 (Qoverflow_error, num); - return num; + EMACS_INT n; + + i = 0; + for (n = 0; (n += str[i++] - '0') <= MOST_POSITIVE_FIXNUM; n *= 10) + { + if (i == len) + return make_number (n); + if (MOST_POSITIVE_FIXNUM / 10 < n) + break; + } + + xsignal1 (Qoverflow_error, make_string (str, len)); } } From aaafe47af10d234df2483bace35336a79736cc8b Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 21 Jun 2011 10:49:46 -0700 Subject: [PATCH 64/71] * xsettings.c (apply_xft_settings): Fix potential buffer overrun. This is unlikely, but can occur if DPI is outlandish. --- src/ChangeLog | 3 +++ src/xsettings.c | 36 +++++++++++++++++++++--------------- 2 files changed, 24 insertions(+), 15 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 0c7cac342d9..ad84e3271e4 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,8 @@ 2011-06-21 Paul Eggert + * xsettings.c (apply_xft_settings): Fix potential buffer overrun. + This is unlikely, but can occur if DPI is outlandish. + * xselect.c (Fx_get_atom_name): Avoid need for strlen. * xrdb.c: Don't assume strlen fits in int; avoid some strlens. diff --git a/src/xsettings.c b/src/xsettings.c index 2513bcc5aa8..c8cb9529647 100644 --- a/src/xsettings.c +++ b/src/xsettings.c @@ -18,6 +18,8 @@ You should have received a copy of the GNU General Public License along with GNU Emacs. If not, see . */ #include + +#include #include #include #include @@ -434,10 +436,8 @@ apply_xft_settings (struct x_display_info *dpyinfo, FcPattern *pat; struct xsettings oldsettings; int changed = 0; - char buf[256]; memset (&oldsettings, 0, sizeof (oldsettings)); - buf[0] = '\0'; pat = FcPatternCreate (); XftDefaultSubstitute (dpyinfo->display, XScreenNumberOfScreen (dpyinfo->screen), @@ -458,7 +458,6 @@ apply_xft_settings (struct x_display_info *dpyinfo, ++changed; oldsettings.aa = settings->aa; } - sprintf (buf, "Antialias: %d", oldsettings.aa); if ((settings->seen & SEEN_HINTING) != 0 && oldsettings.hinting != settings->hinting) @@ -468,8 +467,6 @@ apply_xft_settings (struct x_display_info *dpyinfo, ++changed; oldsettings.hinting = settings->hinting; } - if (strlen (buf) > 0) strcat (buf, ", "); - sprintf (buf+strlen (buf), "Hinting: %d", oldsettings.hinting); if ((settings->seen & SEEN_RGBA) != 0 && oldsettings.rgba != settings->rgba) { FcPatternDel (pat, FC_RGBA); @@ -477,8 +474,6 @@ apply_xft_settings (struct x_display_info *dpyinfo, oldsettings.rgba = settings->rgba; ++changed; } - if (strlen (buf) > 0) strcat (buf, ", "); - sprintf (buf+strlen (buf), "RGBA: %d", oldsettings.rgba); /* Older fontconfig versions don't have FC_LCD_FILTER. */ if ((settings->seen & SEEN_LCDFILTER) != 0 @@ -489,8 +484,6 @@ apply_xft_settings (struct x_display_info *dpyinfo, ++changed; oldsettings.lcdfilter = settings->lcdfilter; } - if (strlen (buf) > 0) strcat (buf, ", "); - sprintf (buf+strlen (buf), "LCDFilter: %d", oldsettings.lcdfilter); # ifdef FC_HINT_STYLE if ((settings->seen & SEEN_HINTSTYLE) != 0 @@ -502,8 +495,6 @@ apply_xft_settings (struct x_display_info *dpyinfo, oldsettings.hintstyle = settings->hintstyle; } # endif - if (strlen (buf) > 0) strcat (buf, ", "); - sprintf (buf+strlen (buf), "Hintstyle: %d", oldsettings.hintstyle); if ((settings->seen & SEEN_DPI) != 0 && oldsettings.dpi != settings->dpi && settings->dpi > 0) @@ -523,16 +514,31 @@ apply_xft_settings (struct x_display_info *dpyinfo, XFRAME (frame)->resy = XFRAME (frame)->resx = settings->dpi; } - if (strlen (buf) > 0) strcat (buf, ", "); - sprintf (buf+strlen (buf), "DPI: %lf", oldsettings.dpi); - if (changed) { + static char const format[] = + "Antialias: %d, Hinting: %d, RGBA: %d, LCDFilter: %d, " + "Hintstyle: %d, DPI: %lf"; + enum + { + d_formats = 5, + d_growth = INT_BUFSIZE_BOUND (int) - sizeof "%d", + lf_formats = 1, + max_f_integer_digits = DBL_MAX_10_EXP + 1, + f_precision = 6, + lf_growth = (sizeof "-." + max_f_integer_digits + f_precision + - sizeof "%lf") + }; + char buf[sizeof format + d_formats * d_growth + lf_formats * lf_growth]; + XftDefaultSet (dpyinfo->display, pat); if (send_event_p) store_config_changed_event (Qfont_render, XCAR (dpyinfo->name_list_element)); - Vxft_settings = make_string (buf, strlen (buf)); + sprintf (buf, format, oldsettings.aa, oldsettings.hinting, + oldsettings.rgba, oldsettings.lcdfilter, + oldsettings.hintstyle, oldsettings.dpi); + Vxft_settings = build_string (buf); } else FcPatternDestroy (pat); From 2674ddc8af7c6056f3113709c673773e4a3712b7 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 21 Jun 2011 10:52:14 -0700 Subject: [PATCH 65/71] * xsettings.c (Ffont_get_system_normal_font, Ffont_get_system_font): Avoid need for strlen. --- src/ChangeLog | 1 + src/xsettings.c | 8 ++------ 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index ad84e3271e4..1aafb12e07c 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -3,6 +3,7 @@ * xsettings.c (apply_xft_settings): Fix potential buffer overrun. This is unlikely, but can occur if DPI is outlandish. + * xsettings.c (Ffont_get_system_normal_font, Ffont_get_system_font): * xselect.c (Fx_get_atom_name): Avoid need for strlen. * xrdb.c: Don't assume strlen fits in int; avoid some strlens. diff --git a/src/xsettings.c b/src/xsettings.c index c8cb9529647..e2575650df9 100644 --- a/src/xsettings.c +++ b/src/xsettings.c @@ -711,9 +711,7 @@ DEFUN ("font-get-system-normal-font", Ffont_get_system_normal_font, doc: /* Get the system default application font. */) (void) { - return current_font - ? make_string (current_font, strlen (current_font)) - : Qnil; + return current_font ? build_string (current_font) : Qnil; } DEFUN ("font-get-system-font", Ffont_get_system_font, Sfont_get_system_font, @@ -721,9 +719,7 @@ DEFUN ("font-get-system-font", Ffont_get_system_font, Sfont_get_system_font, doc: /* Get the system default fixed width font. */) (void) { - return current_mono_font - ? make_string (current_mono_font, strlen (current_mono_font)) - : Qnil; + return current_mono_font ? build_string (current_mono_font) : Qnil; } DEFUN ("tool-bar-get-system-style", Ftool_bar_get_system_style, From 2606c57bbfd45c35357483e9fa39035ee8953cab Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 21 Jun 2011 13:32:19 -0700 Subject: [PATCH 66/71] * xsmfns.c (smc_save_yourself_CB, x_session_initialize): Avoid strlen. (x_session_initialize): Do not assume string length fits in int. --- src/ChangeLog | 3 +++ src/xsmfns.c | 12 ++++++------ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 1aafb12e07c..f0752ff8e0c 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,8 @@ 2011-06-21 Paul Eggert + * xsmfns.c (smc_save_yourself_CB, x_session_initialize): Avoid strlen. + (x_session_initialize): Do not assume string length fits in int. + * xsettings.c (apply_xft_settings): Fix potential buffer overrun. This is unlikely, but can occur if DPI is outlandish. diff --git a/src/xsmfns.c b/src/xsmfns.c index c199036587f..cb56ae648d1 100644 --- a/src/xsmfns.c +++ b/src/xsmfns.c @@ -190,7 +190,7 @@ smc_save_yourself_CB (SmcConn smcConn, props[props_idx]->type = xstrdup (SmARRAY8); props[props_idx]->num_vals = 1; props[props_idx]->vals = &values[val_idx++]; - props[props_idx]->vals[0].length = strlen (SSDATA (Vinvocation_name)); + props[props_idx]->vals[0].length = SBYTES (Vinvocation_name); props[props_idx]->vals[0].value = SDATA (Vinvocation_name); ++props_idx; @@ -200,7 +200,7 @@ smc_save_yourself_CB (SmcConn smcConn, props[props_idx]->type = xstrdup (SmARRAY8); props[props_idx]->num_vals = 1; props[props_idx]->vals = &values[val_idx++]; - props[props_idx]->vals[0].length = strlen (SSDATA (Vuser_login_name)); + props[props_idx]->vals[0].length = SBYTES (Vuser_login_name); props[props_idx]->vals[0].value = SDATA (Vuser_login_name); ++props_idx; @@ -398,7 +398,7 @@ x_session_initialize (struct x_display_info *dpyinfo) char errorstring[SM_ERRORSTRING_LEN]; char* previous_id = NULL; SmcCallbacks callbacks; - int name_len = 0; + ptrdiff_t name_len = 0; ice_fd = -1; doing_interact = False; @@ -410,8 +410,8 @@ x_session_initialize (struct x_display_info *dpyinfo) /* Construct the path to the Emacs program. */ if (! EQ (Vinvocation_directory, Qnil)) - name_len += strlen (SSDATA (Vinvocation_directory)); - name_len += strlen (SSDATA (Vinvocation_name)); + name_len += SBYTES (Vinvocation_directory); + name_len += SBYTES (Vinvocation_name); /* This malloc will not be freed, but it is only done once, and hopefully not very large */ @@ -457,7 +457,7 @@ x_session_initialize (struct x_display_info *dpyinfo) if (smc_conn != 0) { - Vx_session_id = make_string (client_id, strlen (client_id)); + Vx_session_id = build_string (client_id); #ifdef USE_GTK /* GTK creats a leader window by itself, but we need to tell From 3de73e5ee550ff9715e3c6034b2575a4386cf331 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 21 Jun 2011 13:43:08 -0700 Subject: [PATCH 67/71] * xterm.c (xim_initialize, same_x_server): Strlen may not fit in int. --- src/ChangeLog | 2 ++ src/xterm.c | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index f0752ff8e0c..41b2fe9aab0 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-21 Paul Eggert + * xterm.c (xim_initialize, same_x_server): Strlen may not fit in int. + * xsmfns.c (smc_save_yourself_CB, x_session_initialize): Avoid strlen. (x_session_initialize): Do not assume string length fits in int. diff --git a/src/xterm.c b/src/xterm.c index f40d260dabe..c1134521c71 100644 --- a/src/xterm.c +++ b/src/xterm.c @@ -8084,7 +8084,7 @@ xim_initialize (struct x_display_info *dpyinfo, char *resource_name) { #ifdef HAVE_X11R6_XIM struct xim_inst_t *xim_inst; - int len; + ptrdiff_t len; xim_inst = (struct xim_inst_t *) xmalloc (sizeof (struct xim_inst_t)); dpyinfo->xim_callback_data = xim_inst; @@ -9720,8 +9720,8 @@ same_x_server (const char *name1, const char *name2) { int seen_colon = 0; const char *system_name = SSDATA (Vsystem_name); - int system_name_length = strlen (system_name); - int length_until_period = 0; + ptrdiff_t system_name_length = SBYTES (Vsystem_name); + ptrdiff_t length_until_period = 0; while (system_name[length_until_period] != 0 && system_name[length_until_period] != '.') From b081724f64cbb2bf1f12efdb4d446c1de9bf3c0c Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 21 Jun 2011 14:32:10 -0700 Subject: [PATCH 68/71] Use ptrdiff_t, not int, for overlay counts. * buffer.h (overlays_at, sort_overlays, GET_OVERLAYS_AT): * editfns.c (overlays_around, get_pos_property): * textprop.c (get_char_property_and_overlay): * xdisp.c (next_overlay_change, note_mouse_highlight): * xfaces.c (face_at_buffer_position): * buffer.c (overlays_at, sort_overlays, Foverlays_at) (Fnext_overlay_change, Fprevious_overlay_change): Use ptrdiff_t, not int, for sizes. (overlays_at): Check for size-calculation overflow. --- src/ChangeLog | 11 +++++++++++ src/buffer.c | 38 +++++++++++++++++++------------------- src/buffer.h | 10 +++++----- src/editfns.c | 8 ++++---- src/textprop.c | 2 +- src/xdisp.c | 7 +++---- src/xfaces.c | 2 +- 7 files changed, 44 insertions(+), 34 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 41b2fe9aab0..875dcb85168 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,16 @@ 2011-06-21 Paul Eggert + Use ptrdiff_t, not int, for overlay counts. + * buffer.h (overlays_at, sort_overlays, GET_OVERLAYS_AT): + * editfns.c (overlays_around, get_pos_property): + * textprop.c (get_char_property_and_overlay): + * xdisp.c (next_overlay_change, note_mouse_highlight): + * xfaces.c (face_at_buffer_position): + * buffer.c (overlays_at, sort_overlays, Foverlays_at) + (Fnext_overlay_change, Fprevious_overlay_change): + Use ptrdiff_t, not int, for sizes. + (overlays_at): Check for size-calculation overflow. + * xterm.c (xim_initialize, same_x_server): Strlen may not fit in int. * xsmfns.c (smc_save_yourself_CB, x_session_initialize): Avoid strlen. diff --git a/src/buffer.c b/src/buffer.c index fb9b15e4c70..b8f85d1a1cd 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -2518,18 +2518,21 @@ swap_out_buffer_local_variables (struct buffer *b) *NEXT_PTR is guaranteed to be not equal to POS, unless it is the default (BEGV or ZV). */ -int -overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, int *len_ptr, +ptrdiff_t +overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, + ptrdiff_t *len_ptr, EMACS_INT *next_ptr, EMACS_INT *prev_ptr, int change_req) { Lisp_Object overlay, start, end; struct Lisp_Overlay *tail; - int idx = 0; - int len = *len_ptr; + ptrdiff_t idx = 0; + ptrdiff_t len = *len_ptr; Lisp_Object *vec = *vec_ptr; EMACS_INT next = ZV; EMACS_INT prev = BEGV; int inhibit_storing = 0; + ptrdiff_t len_lim = min (MOST_POSITIVE_FIXNUM, + min (PTRDIFF_MAX, SIZE_MAX) / sizeof (Lisp_Object)); for (tail = current_buffer->overlays_before; tail; tail = tail->next) { @@ -2561,10 +2564,10 @@ overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, int *len_ptr, Either make it bigger, or don't store any more in it. */ if (extend) { + if ((len_lim - 4) / 2 < len) + memory_full (SIZE_MAX); /* Make it work with an initial len == 0. */ - len *= 2; - if (len == 0) - len = 4; + len = len * 2 + 4; *len_ptr = len; vec = (Lisp_Object *) xrealloc (vec, len * sizeof (Lisp_Object)); *vec_ptr = vec; @@ -2604,10 +2607,10 @@ overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, int *len_ptr, { if (extend) { + if ((len_lim - 4) / 2 < len) + memory_full (SIZE_MAX); /* Make it work with an initial len == 0. */ - len *= 2; - if (len == 0) - len = 4; + len = len * 2 + 4; *len_ptr = len; vec = (Lisp_Object *) xrealloc (vec, len * sizeof (Lisp_Object)); *vec_ptr = vec; @@ -2871,10 +2874,10 @@ compare_overlays (const void *v1, const void *v2) /* Sort an array of overlays by priority. The array is modified in place. The return value is the new size; this may be smaller than the original size if some of the overlays were invalid or were window-specific. */ -int -sort_overlays (Lisp_Object *overlay_vec, int noverlays, struct window *w) +ptrdiff_t +sort_overlays (Lisp_Object *overlay_vec, ptrdiff_t noverlays, struct window *w) { - int i, j; + ptrdiff_t i, j; struct sortvec *sortvec; sortvec = (struct sortvec *) alloca (noverlays * sizeof (struct sortvec)); @@ -3880,9 +3883,8 @@ DEFUN ("overlays-at", Foverlays_at, Soverlays_at, 1, 1, 0, doc: /* Return a list of the overlays that contain the character at POS. */) (Lisp_Object pos) { - int noverlays; + ptrdiff_t len, noverlays; Lisp_Object *overlay_vec; - int len; Lisp_Object result; CHECK_NUMBER_COERCE_MARKER (pos); @@ -3942,11 +3944,9 @@ If there are no overlay boundaries from POS to (point-max), the value is (point-max). */) (Lisp_Object pos) { - int noverlays; + ptrdiff_t i, len, noverlays; EMACS_INT endpos; Lisp_Object *overlay_vec; - int len; - int i; CHECK_NUMBER_COERCE_MARKER (pos); @@ -3985,7 +3985,7 @@ the value is (point-min). */) { EMACS_INT prevpos; Lisp_Object *overlay_vec; - int len; + ptrdiff_t len; CHECK_NUMBER_COERCE_MARKER (pos); diff --git a/src/buffer.h b/src/buffer.h index a13351b5ea6..4643e0d9d0e 100644 --- a/src/buffer.h +++ b/src/buffer.h @@ -887,10 +887,10 @@ extern struct buffer buffer_local_symbols; extern void delete_all_overlays (struct buffer *); extern void reset_buffer (struct buffer *); extern void evaporate_overlays (EMACS_INT); -extern int overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, - int *len_ptr, EMACS_INT *next_ptr, - EMACS_INT *prev_ptr, int change_req); -extern int sort_overlays (Lisp_Object *, int, struct window *); +extern ptrdiff_t overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, + ptrdiff_t *len_ptr, EMACS_INT *next_ptr, + EMACS_INT *prev_ptr, int change_req); +extern ptrdiff_t sort_overlays (Lisp_Object *, ptrdiff_t, struct window *); extern void recenter_overlay_lists (struct buffer *, EMACS_INT); extern EMACS_INT overlay_strings (EMACS_INT, struct window *, unsigned char **); extern void validate_region (Lisp_Object *, Lisp_Object *); @@ -908,7 +908,7 @@ extern void mmap_set_vars (int); #define GET_OVERLAYS_AT(posn, overlays, noverlays, nextp, chrq) \ do { \ - int maxlen = 40; \ + ptrdiff_t maxlen = 40; \ overlays = (Lisp_Object *) alloca (maxlen * sizeof (Lisp_Object)); \ noverlays = overlays_at (posn, 0, &overlays, &maxlen, \ nextp, NULL, chrq); \ diff --git a/src/editfns.c b/src/editfns.c index f0f8c9eb63f..c0c0e530265 100644 --- a/src/editfns.c +++ b/src/editfns.c @@ -331,13 +331,13 @@ If you set the marker not to point anywhere, the buffer will have no mark. */) Return the number found, and store them in a vector in VEC of length LEN. */ -static int -overlays_around (EMACS_INT pos, Lisp_Object *vec, int len) +static ptrdiff_t +overlays_around (EMACS_INT pos, Lisp_Object *vec, ptrdiff_t len) { Lisp_Object overlay, start, end; struct Lisp_Overlay *tail; EMACS_INT startpos, endpos; - int idx = 0; + ptrdiff_t idx = 0; for (tail = current_buffer->overlays_before; tail; tail = tail->next) { @@ -405,7 +405,7 @@ get_pos_property (Lisp_Object position, register Lisp_Object prop, Lisp_Object o else { EMACS_INT posn = XINT (position); - int noverlays; + ptrdiff_t noverlays; Lisp_Object *overlay_vec, tem; struct buffer *obuf = current_buffer; diff --git a/src/textprop.c b/src/textprop.c index 350892cdad6..dd8695f7af8 100644 --- a/src/textprop.c +++ b/src/textprop.c @@ -613,7 +613,7 @@ get_char_property_and_overlay (Lisp_Object position, register Lisp_Object prop, } if (BUFFERP (object)) { - int noverlays; + ptrdiff_t noverlays; Lisp_Object *overlay_vec; struct buffer *obuf = current_buffer; diff --git a/src/xdisp.c b/src/xdisp.c index ae5c334447d..d04ceddacb2 100644 --- a/src/xdisp.c +++ b/src/xdisp.c @@ -3062,10 +3062,9 @@ compute_stop_pos (struct it *it) static EMACS_INT next_overlay_change (EMACS_INT pos) { - int noverlays; + ptrdiff_t i, noverlays; EMACS_INT endpos; Lisp_Object *overlays; - int i; /* Get all overlays at the given position. */ GET_OVERLAYS_AT (pos, overlays, noverlays, &endpos, 1); @@ -25453,13 +25452,13 @@ note_mouse_highlight (struct frame *f, int x, int y) && XFASTINT (w->last_modified) == BUF_MODIFF (b) && XFASTINT (w->last_overlay_modified) == BUF_OVERLAY_MODIFF (b)) { - int hpos, vpos, i, dx, dy, area; + int hpos, vpos, dx, dy, area; EMACS_INT pos; struct glyph *glyph; Lisp_Object object; Lisp_Object mouse_face = Qnil, position; Lisp_Object *overlay_vec = NULL; - int noverlays; + ptrdiff_t i, noverlays; struct buffer *obuf; EMACS_INT obegv, ozv; int same_region; diff --git a/src/xfaces.c b/src/xfaces.c index 78ea913526e..951cf69a4cb 100644 --- a/src/xfaces.c +++ b/src/xfaces.c @@ -5934,7 +5934,7 @@ face_at_buffer_position (struct window *w, EMACS_INT pos, struct frame *f = XFRAME (w->frame); Lisp_Object attrs[LFACE_VECTOR_SIZE]; Lisp_Object prop, position; - int i, noverlays; + ptrdiff_t i, noverlays; Lisp_Object *overlay_vec; Lisp_Object frame; EMACS_INT endpos; From 21514da7b21e248fa5046ab27834fa431a34204c Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 21 Jun 2011 16:16:43 -0700 Subject: [PATCH 69/71] * buffer.c (OVERLAY_COUNT_MAX): New macro. (overlays_in, mouse_face_overlay_overlaps, Foverlays_in): Use ptrdiff_t, not int, for sizes. (overlays_in): Check for size-calculation overflow. --- src/ChangeLog | 8 +++++--- src/buffer.c | 36 +++++++++++++++++++----------------- 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 875dcb85168..12439754e7c 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -6,10 +6,12 @@ * textprop.c (get_char_property_and_overlay): * xdisp.c (next_overlay_change, note_mouse_highlight): * xfaces.c (face_at_buffer_position): - * buffer.c (overlays_at, sort_overlays, Foverlays_at) - (Fnext_overlay_change, Fprevious_overlay_change): + * buffer.c (OVERLAY_COUNT_MAX): New macro. + (overlays_at, overlays_in, sort_overlays, Foverlays_at) + (Fnext_overlay_change, Fprevious_overlay_change) + (mouse_face_overlay_overlaps, Foverlays_in): Use ptrdiff_t, not int, for sizes. - (overlays_at): Check for size-calculation overflow. + (overlays_at, overlays_in): Check for size-calculation overflow. * xterm.c (xim_initialize, same_x_server): Strlen may not fit in int. diff --git a/src/buffer.c b/src/buffer.c index b8f85d1a1cd..238923a2ba0 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -94,6 +94,11 @@ static Lisp_Object Vbuffer_local_symbols; #define PER_BUFFER_SYMBOL(OFFSET) \ (*(Lisp_Object *)((OFFSET) + (char *) &buffer_local_symbols)) +/* Maximum length of an overlay vector. */ +#define OVERLAY_COUNT_MAX \ + ((ptrdiff_t) min (MOST_POSITIVE_FIXNUM, \ + min (PTRDIFF_MAX, SIZE_MAX) / sizeof (Lisp_Object))) + /* Flags indicating which built-in buffer-local variables are permanent locals. */ static char buffer_permanent_local_flags[MAX_PER_BUFFER_VARS]; @@ -2531,8 +2536,6 @@ overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, EMACS_INT next = ZV; EMACS_INT prev = BEGV; int inhibit_storing = 0; - ptrdiff_t len_lim = min (MOST_POSITIVE_FIXNUM, - min (PTRDIFF_MAX, SIZE_MAX) / sizeof (Lisp_Object)); for (tail = current_buffer->overlays_before; tail; tail = tail->next) { @@ -2564,7 +2567,7 @@ overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, Either make it bigger, or don't store any more in it. */ if (extend) { - if ((len_lim - 4) / 2 < len) + if ((OVERLAY_COUNT_MAX - 4) / 2 < len) memory_full (SIZE_MAX); /* Make it work with an initial len == 0. */ len = len * 2 + 4; @@ -2607,7 +2610,7 @@ overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, { if (extend) { - if ((len_lim - 4) / 2 < len) + if ((OVERLAY_COUNT_MAX - 4) / 2 < len) memory_full (SIZE_MAX); /* Make it work with an initial len == 0. */ len = len * 2 + 4; @@ -2660,15 +2663,15 @@ overlays_at (EMACS_INT pos, int extend, Lisp_Object **vec_ptr, and we store only as many overlays as will fit. But we still return the total number of overlays. */ -static int +static ptrdiff_t overlays_in (EMACS_INT beg, EMACS_INT end, int extend, - Lisp_Object **vec_ptr, int *len_ptr, + Lisp_Object **vec_ptr, ptrdiff_t *len_ptr, EMACS_INT *next_ptr, EMACS_INT *prev_ptr) { Lisp_Object overlay, ostart, oend; struct Lisp_Overlay *tail; - int idx = 0; - int len = *len_ptr; + ptrdiff_t idx = 0; + ptrdiff_t len = *len_ptr; Lisp_Object *vec = *vec_ptr; EMACS_INT next = ZV; EMACS_INT prev = BEGV; @@ -2704,10 +2707,10 @@ overlays_in (EMACS_INT beg, EMACS_INT end, int extend, Either make it bigger, or don't store any more in it. */ if (extend) { + if ((OVERLAY_COUNT_MAX - 4) / 2 < len) + memory_full (SIZE_MAX); /* Make it work with an initial len == 0. */ - len *= 2; - if (len == 0) - len = 4; + len = len * 2 + 4; *len_ptr = len; vec = (Lisp_Object *) xrealloc (vec, len * sizeof (Lisp_Object)); *vec_ptr = vec; @@ -2752,10 +2755,10 @@ overlays_in (EMACS_INT beg, EMACS_INT end, int extend, { if (extend) { + if ((OVERLAY_COUNT_MAX - 4) / 2 < len) + memory_full (SIZE_MAX); /* Make it work with an initial len == 0. */ - len *= 2; - if (len == 0) - len = 4; + len = len * 2 + 4; *len_ptr = len; vec = (Lisp_Object *) xrealloc (vec, len * sizeof (Lisp_Object)); *vec_ptr = vec; @@ -2788,7 +2791,7 @@ mouse_face_overlay_overlaps (Lisp_Object overlay) { EMACS_INT start = OVERLAY_POSITION (OVERLAY_START (overlay)); EMACS_INT end = OVERLAY_POSITION (OVERLAY_END (overlay)); - int n, i, size; + ptrdiff_t n, i, size; Lisp_Object *v, tem; size = 10; @@ -3914,9 +3917,8 @@ between BEG and END, or at END provided END denotes the position at the end of the buffer. */) (Lisp_Object beg, Lisp_Object end) { - int noverlays; + ptrdiff_t len, noverlays; Lisp_Object *overlay_vec; - int len; Lisp_Object result; CHECK_NUMBER_COERCE_MARKER (beg); From 0766b489e1b34964bb43db221fe967d54ac5ec5e Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 21 Jun 2011 23:16:16 -0700 Subject: [PATCH 70/71] * dispextern.h (struct face.stipple): * image.c (x_bitmap_height, x_bitmap_width, x_bitmap_pixmap) (x_bitmap_mask, x_allocate_bitmap_record) (x_create_bitmap_from_data, x_create_bitmap_from_file) (x_destroy_bitmap, x_destroy_all_bitmaps, x_create_bitmap_mask) (x_create_bitmap_from_xpm_data): * nsterm.h (struct ns_display_info.bitmaps_size, .bitmaps_last): * w32term.h (struct w32_display_info.icon_bitmap_id, .bitmaps_size) (.bitmaps_last): * xfaces.c (load_pixmap): * xterm.c (x_bitmap_icon, x_wm_set_icon_pixmap): * xterm.h (struct x_display_info.icon_bitmap_id, .bitmaps_size) (.bitmaps_last, struct x_output.icon_bitmap): Use ptrdiff_t, not int, for bitmap indexes. (x_allocate_bitmap_record): Check for size overflow. * dispextern.h, lisp.h: Adjust to API changes elsewhere. --- src/ChangeLog | 19 +++++++++++++++++++ src/dispextern.h | 22 +++++++++++----------- src/image.c | 37 +++++++++++++++++++++---------------- src/lisp.h | 2 +- src/nsterm.h | 5 ++--- src/w32term.h | 6 +++--- src/xfaces.c | 7 ++++--- src/xterm.c | 8 ++++---- src/xterm.h | 8 ++++---- 9 files changed, 69 insertions(+), 45 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 12439754e7c..72f6b437af2 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,22 @@ +2011-06-22 Paul Eggert + + * dispextern.h (struct face.stipple): + * image.c (x_bitmap_height, x_bitmap_width, x_bitmap_pixmap) + (x_bitmap_mask, x_allocate_bitmap_record) + (x_create_bitmap_from_data, x_create_bitmap_from_file) + (x_destroy_bitmap, x_destroy_all_bitmaps, x_create_bitmap_mask) + (x_create_bitmap_from_xpm_data): + * nsterm.h (struct ns_display_info.bitmaps_size, .bitmaps_last): + * w32term.h (struct w32_display_info.icon_bitmap_id, .bitmaps_size) + (.bitmaps_last): + * xfaces.c (load_pixmap): + * xterm.c (x_bitmap_icon, x_wm_set_icon_pixmap): + * xterm.h (struct x_display_info.icon_bitmap_id, .bitmaps_size) + (.bitmaps_last, struct x_output.icon_bitmap): + Use ptrdiff_t, not int, for bitmap indexes. + (x_allocate_bitmap_record): Check for size overflow. + * dispextern.h, lisp.h: Adjust to API changes elsewhere. + 2011-06-21 Paul Eggert Use ptrdiff_t, not int, for overlay counts. diff --git a/src/dispextern.h b/src/dispextern.h index 227d5ed58e3..02f1e5314aa 100644 --- a/src/dispextern.h +++ b/src/dispextern.h @@ -1532,12 +1532,12 @@ struct face /* Background stipple or bitmap used for this face. This is an id as returned from load_pixmap. */ - int stipple; + ptrdiff_t stipple; #else /* not HAVE_WINDOW_SYSTEM */ /* Dummy. */ - int stipple; + ptrdiff_t stipple; #endif /* not HAVE_WINDOW_SYSTEM */ @@ -3082,21 +3082,21 @@ void w32_reset_fringes (void); #ifdef HAVE_WINDOW_SYSTEM -extern int x_bitmap_height (struct frame *, int); -extern int x_bitmap_width (struct frame *, int); -extern int x_bitmap_pixmap (struct frame *, int); +extern int x_bitmap_height (struct frame *, ptrdiff_t); +extern int x_bitmap_width (struct frame *, ptrdiff_t); +extern int x_bitmap_pixmap (struct frame *, ptrdiff_t); extern void x_reference_bitmap (struct frame *, int); -extern int x_create_bitmap_from_data (struct frame *, char *, - unsigned int, unsigned int); -extern int x_create_bitmap_from_file (struct frame *, Lisp_Object); +extern ptrdiff_t x_create_bitmap_from_data (struct frame *, char *, + unsigned int, unsigned int); +extern ptrdiff_t x_create_bitmap_from_file (struct frame *, Lisp_Object); #if defined HAVE_XPM && defined HAVE_X_WINDOWS && !defined USE_GTK -extern int x_create_bitmap_from_xpm_data (struct frame *f, const char **bits); +extern ptrdiff_t x_create_bitmap_from_xpm_data (struct frame *, const char **); #endif #ifndef x_destroy_bitmap -extern void x_destroy_bitmap (struct frame *, int); +extern void x_destroy_bitmap (struct frame *, ptrdiff_t); #endif extern void x_destroy_all_bitmaps (Display_Info *); -extern int x_create_bitmap_mask (struct frame * , int); +extern int x_create_bitmap_mask (struct frame *, ptrdiff_t); extern Lisp_Object x_find_image_file (Lisp_Object); void x_kill_gs_process (Pixmap, struct frame *); diff --git a/src/image.c b/src/image.c index b5b93cb5b69..01cc95f7b38 100644 --- a/src/image.c +++ b/src/image.c @@ -182,20 +182,20 @@ XPutPixel (XImagePtr ximage, int x, int y, unsigned long pixel) /* Functions to access the contents of a bitmap, given an id. */ int -x_bitmap_height (FRAME_PTR f, int id) +x_bitmap_height (FRAME_PTR f, ptrdiff_t id) { return FRAME_X_DISPLAY_INFO (f)->bitmaps[id - 1].height; } int -x_bitmap_width (FRAME_PTR f, int id) +x_bitmap_width (FRAME_PTR f, ptrdiff_t id) { return FRAME_X_DISPLAY_INFO (f)->bitmaps[id - 1].width; } #if defined (HAVE_X_WINDOWS) || defined (HAVE_NTGUI) int -x_bitmap_pixmap (FRAME_PTR f, int id) +x_bitmap_pixmap (FRAME_PTR f, ptrdiff_t id) { return (int) FRAME_X_DISPLAY_INFO (f)->bitmaps[id - 1].pixmap; } @@ -203,7 +203,7 @@ x_bitmap_pixmap (FRAME_PTR f, int id) #ifdef HAVE_X_WINDOWS int -x_bitmap_mask (FRAME_PTR f, int id) +x_bitmap_mask (FRAME_PTR f, ptrdiff_t id) { return FRAME_X_DISPLAY_INFO (f)->bitmaps[id - 1].mask; } @@ -211,11 +211,11 @@ x_bitmap_mask (FRAME_PTR f, int id) /* Allocate a new bitmap record. Returns index of new record. */ -static int +static ptrdiff_t x_allocate_bitmap_record (FRAME_PTR f) { Display_Info *dpyinfo = FRAME_X_DISPLAY_INFO (f); - int i; + ptrdiff_t i; if (dpyinfo->bitmaps == NULL) { @@ -233,6 +233,9 @@ x_allocate_bitmap_record (FRAME_PTR f) if (dpyinfo->bitmaps[i].refcount == 0) return i + 1; + if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof (Bitmap_Record) / 2 + < dpyinfo->bitmaps_size) + memory_full (SIZE_MAX); dpyinfo->bitmaps_size *= 2; dpyinfo->bitmaps = (Bitmap_Record *) xrealloc (dpyinfo->bitmaps, @@ -250,11 +253,11 @@ x_reference_bitmap (FRAME_PTR f, int id) /* Create a bitmap for frame F from a HEIGHT x WIDTH array of bits at BITS. */ -int +ptrdiff_t x_create_bitmap_from_data (struct frame *f, char *bits, unsigned int width, unsigned int height) { Display_Info *dpyinfo = FRAME_X_DISPLAY_INFO (f); - int id; + ptrdiff_t id; #ifdef HAVE_X_WINDOWS Pixmap bitmap; @@ -309,7 +312,7 @@ x_create_bitmap_from_data (struct frame *f, char *bits, unsigned int width, unsi /* Create bitmap from file FILE for frame F. */ -int +ptrdiff_t x_create_bitmap_from_file (struct frame *f, Lisp_Object file) { Display_Info *dpyinfo = FRAME_X_DISPLAY_INFO (f); @@ -319,7 +322,7 @@ x_create_bitmap_from_file (struct frame *f, Lisp_Object file) #endif /* HAVE_NTGUI */ #ifdef HAVE_NS - int id; + ptrdiff_t id; void *bitmap = ns_image_from_file (file); if (!bitmap) @@ -340,7 +343,8 @@ x_create_bitmap_from_file (struct frame *f, Lisp_Object file) #ifdef HAVE_X_WINDOWS unsigned int width, height; Pixmap bitmap; - int xhot, yhot, result, id; + int xhot, yhot, result; + ptrdiff_t id; Lisp_Object found; int fd; char *filename; @@ -413,7 +417,7 @@ free_bitmap_record (Display_Info *dpyinfo, Bitmap_Record *bm) /* Remove reference to bitmap with id number ID. */ void -x_destroy_bitmap (FRAME_PTR f, int id) +x_destroy_bitmap (FRAME_PTR f, ptrdiff_t id) { Display_Info *dpyinfo = FRAME_X_DISPLAY_INFO (f); @@ -435,7 +439,7 @@ x_destroy_bitmap (FRAME_PTR f, int id) void x_destroy_all_bitmaps (Display_Info *dpyinfo) { - int i; + ptrdiff_t i; Bitmap_Record *bm = dpyinfo->bitmaps; for (i = 0; i < dpyinfo->bitmaps_last; i++, bm++) @@ -467,7 +471,7 @@ static void x_destroy_x_image (XImagePtr ximg); It's nicer with some borders in this context */ int -x_create_bitmap_mask (struct frame *f, int id) +x_create_bitmap_mask (struct frame *f, ptrdiff_t id) { Pixmap pixmap, mask; XImagePtr ximg, mask_img; @@ -3281,11 +3285,12 @@ xpm_image_p (Lisp_Object object) #endif /* HAVE_XPM || HAVE_NS */ #if defined HAVE_XPM && defined HAVE_X_WINDOWS && !defined USE_GTK -int +ptrdiff_t x_create_bitmap_from_xpm_data (struct frame *f, const char **bits) { Display_Info *dpyinfo = FRAME_X_DISPLAY_INFO (f); - int id, rc; + ptrdiff_t id; + int rc; XpmAttributes attrs; Pixmap bitmap, mask; diff --git a/src/lisp.h b/src/lisp.h index 99a276c805c..4c9543bdfe8 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -2628,7 +2628,7 @@ extern void init_fringe_once (void); /* Defined in image.c */ extern Lisp_Object QCascent, QCmargin, QCrelief; extern Lisp_Object QCconversion; -extern int x_bitmap_mask (struct frame *, int); +extern int x_bitmap_mask (struct frame *, ptrdiff_t); extern void syms_of_image (void); extern void init_image (void); diff --git a/src/nsterm.h b/src/nsterm.h index 09ec8c19b1a..7459087c988 100644 --- a/src/nsterm.h +++ b/src/nsterm.h @@ -468,8 +468,8 @@ struct ns_display_info int smallest_font_height; struct ns_bitmap_record *bitmaps; - int bitmaps_size; - int bitmaps_last; + ptrdiff_t bitmaps_size; + ptrdiff_t bitmaps_last; struct image_cache *image_cache; @@ -818,4 +818,3 @@ extern char gnustep_base_version[]; /* version tracking */ #endif /* HAVE_NS */ - diff --git a/src/w32term.h b/src/w32term.h index cf6751b7d63..24a2be7dca9 100644 --- a/src/w32term.h +++ b/src/w32term.h @@ -103,7 +103,7 @@ struct w32_display_info /* Emacs bitmap-id of the default icon bitmap for this frame. Or -1 if none has been allocated yet. */ - int icon_bitmap_id; + ptrdiff_t icon_bitmap_id; /* The root window of this screen. */ Window root_window; @@ -151,10 +151,10 @@ struct w32_display_info struct w32_bitmap_record *bitmaps; /* Allocated size of bitmaps field. */ - int bitmaps_size; + ptrdiff_t bitmaps_size; /* Last used bitmap index. */ - int bitmaps_last; + ptrdiff_t bitmaps_last; /* The frame (if any) which has the window that has keyboard focus. Zero if none. This is examined by Ffocus_frame in w32fns.c. Note diff --git a/src/xfaces.c b/src/xfaces.c index 951cf69a4cb..99c35fbb120 100644 --- a/src/xfaces.c +++ b/src/xfaces.c @@ -463,7 +463,8 @@ static Lisp_Object resolve_face_name (Lisp_Object, int); static void set_font_frame_param (Lisp_Object, Lisp_Object); static int get_lface_attributes (struct frame *, Lisp_Object, Lisp_Object *, int, struct named_merge_point *); -static int load_pixmap (struct frame *, Lisp_Object, unsigned *, unsigned *); +static ptrdiff_t load_pixmap (struct frame *, Lisp_Object, + unsigned *, unsigned *); static struct frame *frame_or_selected_frame (Lisp_Object, int); static void load_face_colors (struct frame *, struct face *, Lisp_Object *); static void free_face_colors (struct frame *, struct face *); @@ -963,10 +964,10 @@ the pixmap. Bits are stored row by row, each row occupies zero. Store the bitmap width in *W_PTR and its height in *H_PTR, if these pointers are not null. */ -static int +static ptrdiff_t load_pixmap (FRAME_PTR f, Lisp_Object name, unsigned int *w_ptr, unsigned int *h_ptr) { - int bitmap_id; + ptrdiff_t bitmap_id; if (NILP (name)) return 0; diff --git a/src/xterm.c b/src/xterm.c index c1134521c71..32fbab55008 100644 --- a/src/xterm.c +++ b/src/xterm.c @@ -356,7 +356,7 @@ static int x_dispatch_event (XEvent *, Display *); interference with debugging failing X calls. */ static void x_connection_closed (Display *, const char *); static void x_wm_set_window_state (struct frame *, int); -static void x_wm_set_icon_pixmap (struct frame *, int); +static void x_wm_set_icon_pixmap (struct frame *, ptrdiff_t); static void x_initialize (void); @@ -7427,7 +7427,7 @@ x_draw_window_cursor (struct window *w, struct glyph_row *glyph_row, int x, int int x_bitmap_icon (struct frame *f, Lisp_Object file) { - int bitmap_id; + ptrdiff_t bitmap_id; if (FRAME_X_WINDOW (f) == 0) return 1; @@ -7453,7 +7453,7 @@ x_bitmap_icon (struct frame *f, Lisp_Object file) /* Create the GNU bitmap and mask if necessary. */ if (FRAME_X_DISPLAY_INFO (f)->icon_bitmap_id < 0) { - int rc = -1; + ptrdiff_t rc = -1; #ifdef USE_GTK @@ -9601,7 +9601,7 @@ x_wm_set_window_state (struct frame *f, int state) } static void -x_wm_set_icon_pixmap (struct frame *f, int pixmap_id) +x_wm_set_icon_pixmap (struct frame *f, ptrdiff_t pixmap_id) { Pixmap icon_pixmap, icon_mask; diff --git a/src/xterm.h b/src/xterm.h index 47d7e533769..a4767361bb3 100644 --- a/src/xterm.h +++ b/src/xterm.h @@ -158,7 +158,7 @@ struct x_display_info /* Emacs bitmap-id of the default icon bitmap for this frame. Or -1 if none has been allocated yet. */ - int icon_bitmap_id; + ptrdiff_t icon_bitmap_id; /* The root window of this screen. */ Window root_window; @@ -202,10 +202,10 @@ struct x_display_info struct x_bitmap_record *bitmaps; /* Allocated size of bitmaps field. */ - int bitmaps_size; + ptrdiff_t bitmaps_size; /* Last used bitmap index. */ - int bitmaps_last; + ptrdiff_t bitmaps_last; /* Which modifier keys are on which modifier bits? @@ -490,7 +490,7 @@ struct x_output /* If >=0, a bitmap index. The indicated bitmap is used for the icon. */ - int icon_bitmap; + ptrdiff_t icon_bitmap; /* Default ASCII font of this frame. */ struct font *font; From b79e8648b908c6600b99c20d4782e6413d6907ef Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 21 Jun 2011 23:18:06 -0700 Subject: [PATCH 71/71] * font.c (font_score): Use EMACS_INT, not int, to store XINT value. --- src/ChangeLog | 2 ++ src/font.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 72f6b437af2..4aca4d0f5d6 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,7 @@ 2011-06-22 Paul Eggert + * font.c (font_score): Use EMACS_INT, not int, to store XINT value. + * dispextern.h (struct face.stipple): * image.c (x_bitmap_height, x_bitmap_width, x_bitmap_pixmap) (x_bitmap_mask, x_allocate_bitmap_record) diff --git a/src/font.c b/src/font.c index dfc636e3313..14390335f3c 100644 --- a/src/font.c +++ b/src/font.c @@ -2107,8 +2107,8 @@ font_score (Lisp_Object entity, Lisp_Object *spec_prop) { /* We use the higher 6-bit for the actual size difference. The lowest bit is set if the DPI is different. */ - int diff; - int pixel_size = XINT (spec_prop[FONT_SIZE_INDEX]); + EMACS_INT diff; + EMACS_INT pixel_size = XINT (spec_prop[FONT_SIZE_INDEX]); if (CONSP (Vface_font_rescale_alist)) pixel_size *= font_rescale_ratio (entity);