* fileio.c (auto_saving_dir_umask): New static var.
(Fmake_directory_internal): Use it.
(do_auto_save_make_dir): Set it, instead of invoking chmod after
creating the directory. The old code temporarily assigns
too-generous permissions to the directory.
(do_auto_save_eh): Clear it.
(Fdo_auto_save): Catch all errrors, not just file errors, so
that the var is always cleared.
to before the "handled:" label, since all "goto handled" appear in
cases where the *-change-functions have already been properly called.
Fixes: debbugs:10117
* fileio.c (Finsert_file_contents):
Rename inner 'gcpro1' to 'inner_gcpro1' to avoid shadowing.
* process.c (wait_reading_process_output):
Rename inner 'proc' to 'p' to avoid shadowing.
Indent for consistency with usual Emacs style.
This fixes a Y2038 bug on 64-bit hosts.
* buffer.c (reset_buffer):
* fileio.c (Fdo_auto_save, Fset_buffer_auto_saved)
(Fclear_buffer_auto_save_failure):
Use 0, not -1, to represent an unset failure time, since time_t
might not be signed.
(Finsert_file_contents): Save and restore errno,
so that report_file_error outputs the correct diagnostic.
(Fwrite_region) [CLASH_DETECTION]: Likewise.
src/fileio.c (Finsert_file_contents): If the file cannot be opened,
set its "size" to -1. This will set the modtime_size field of
the corresponding buffer to -1, which is what
verify-visited-file-modtime expects for files that do not exist.
The previous code assumed that file offsets (off_t values) fit in
EMACS_INT variables, which is not true on typical 32-bit hosts.
The code messed up by falsely reporting buffer overflow in cases
such as (insert-file-contents "big" nil 1 2) into an empty buffer
when "big" contains more than 2**29 bytes, even though this
inserts just one byte and does not overflow the buffer.
(Finsert_file_contents): Store file offsets as off_t
values, not as EMACS_INT values. Check for overflow when
converting between EMACS_INT and off_t. When checking for
buffer overflow or for overlap, take the offsets into account.
Don't use EMACS_INT for small values where int suffices.
When checking for overlap, fix a typo: ZV was used where
ZV_BYTE was intended.
(Fwrite_region): Don't assume off_t fits into 'long'.
* buffer.h (struct buffer.modtime_size): Now off_t, not EMACS_INT.
If fchown fails to set both uid and gid, try to set just gid,
as that is sometimes allowed. Adjust the file's mode to eliminate
setuid or setgid bits that are inappropriate if fchown fails.
This works around a problem with the previous change to Fcopy_file.
Recent glibc declares fchown with __attribute__((warn_unused_result)),
and without this change, GCC might complain about discarding
fchown's return value.
Remove, replacing with the new symbols in lisp.h. All uses changed.
* fileio.c (make_temp_name):
* filelock.c (lock_file_1, lock_file):
* xdisp.c (message_dolog):
Don't assume PRIdMAX etc. works; this isn't portable to pre-C99 hosts.
Use pMd etc. instead.
* lisp.h (printmax_t, uprintmax_t, pMd, pMu): New types and macros,
replacing the pWIDE etc. symbols removed from editfns.c.
(file_name_as_directory, Fexpand_file_name, Fsubstitute_in_file_name):
Don't assume string length fits in int.
(directory_file_name): Don't assume string length fits in long.
(make_temp_name): Don't assume pid fits in int, or that its print
length is less than 20.
* fileio.c (Finsert_file_contents):
* insdel.c (insert_from_buffer_1, replace_range, replace_range_2):
Remove the old (too-loose) buffer overflow checks.
They weren't needed, since make_gap checks for buffer overflow.
* insdel.c (make_gap_larger): Catch buffer overflows that were missed.
The old code merely checked for Emacs fixnum overflow, and relied
on undefined (wraparound) behavior. The new code avoids undefined
behavior, and also checks for ptrdiff_t and/or size_t overflow.
* charset.c (Fdefine_charset_internal, Fdecode_char):
Use cons_to_unsigned to catch overflow.
(Fencode_char): Use INTEGER_TO_CONS.
* composite.h (LGLYPH_CODE): Use cons_to_unsigned.
(LGLYPH_SET_CODE): Use INTEGER_TO_CONS.
* data.c (long_to_cons, cons_to_long): Remove.
(cons_to_unsigned, cons_to_signed): New functions.
These signal an error for invalid or out-of-range values.
* dired.c (Ffile_attributes): Use INTEGER_TO_CONS.
* fileio.c (Fset_visited_file_modtime): Use CONS_TO_INTEGER.
* font.c (Ffont_variation_glyphs):
* fontset.c (Finternal_char_font): Use INTEGER_TO_CONS.
* lisp.h: Include <intprops.h>.
(INTEGER_TO_CONS, CONS_TO_INTEGER): New macros.
(cons_to_signed, cons_to_unsigned): New decls.
(long_to_cons, cons_to_long): Remove decls.
* undo.c (record_first_change): Use INTEGER_TO_CONS.
(Fprimitive_undo): Use CONS_TO_INTEGER.
* xfns.c (Fx_window_property): Likewise.
* xselect.c: Include <limits.h>.
(x_own_selection, selection_data_to_lisp_data):
Use INTEGER_TO_CONS.
(x_handle_selection_request, x_handle_selection_clear)
(x_get_foreign_selection, Fx_disown_selection_internal)
(Fx_get_atom_name, x_send_client_event): Use CONS_TO_INTEGER.
(lisp_data_to_selection_data): Use cons_to_unsigned.
(x_fill_property_data): Use cons_to_signed.
Report values out of range.
* buffer.h (BUF_BYTES_MAX): New macro.
* lisp.h (STRING_BYTES_MAX): New macro.
* alloc.c (Fmake_string):
* character.c (string_escape_byte8):
* coding.c (coding_alloc_by_realloc):
* doprnt.c (doprnt):
* editfns.c (Fformat):
* eval.c (verror):
Use STRING_BYTES_MAX, not MOST_POSITIVE_FIXNUM,
since they may not be the same number.
* editfns.c (Finsert_char):
* fileio.c (Finsert_file_contents):
Likewise for BUF_BYTES_MAX.
* buffer.h (struct buffer.modtime): Now time_t, not int.
* fileio.c (Fvisited_file_modtime): No need for time_t cast now.
* undo.c (Fprimitive_undo): Use time_t, not int, for time_t value.
src/fileio.c (Finsert_file_contents): Don't limit file size to 1/4
of MOST_POSITIVE_FIXNUM.
src/coding.c (coding_alloc_by_realloc): Error out if destination
will grow beyond MOST_POSITIVE_FIXNUM.
(decode_coding_emacs_mule): Abort if there isn't enough place in
charbuf for the composition carryover bytes. Reserve an extra
space for up to 2 characters produced in a loop.
(decode_coding_iso_2022): Abort if there isn't enough place in
charbuf for the composition carryover bytes.
