This follows up on the recent thread in emacs-devel on alloca; see:
http://lists.gnu.org/archive/html/emacs-devel/2014-09/msg00042.html
This patch also cleans up alloca-related glitches noted while
examining the code looking for unbounded alloca.
* alloc.c (listn):
* callproc.c (init_callproc):
Rewrite to avoid need for alloca.
* buffer.c (mouse_face_overlay_overlaps)
(report_overlay_modification):
* buffer.h (GET_OVERLAYS_AT):
* coding.c (make_subsidiaries):
* doc.c (Fsnarf_documentation):
* editfns.c (Fuser_full_name):
* fileio.c (Ffile_name_directory, Fexpand_file_name)
(search_embedded_absfilename, Fsubstitute_in_file_name):
* fns.c (Fmake_hash_table):
* font.c (font_vconcat_entity_vectors, font_update_drivers):
* fontset.c (fontset_pattern_regexp, Ffontset_info):
* frame.c (Fmake_terminal_frame, x_set_frame_parameters)
(xrdb_get_resource, x_get_resource_string):
* ftfont.c (ftfont_get_charset, ftfont_check_otf, ftfont_drive_otf):
* ftxfont.c (ftxfont_draw):
* image.c (xbm_load, xpm_load, jpeg_load_body):
* keyboard.c (echo_add_key, menu_bar_items, tool_bar_items):
* keymap.c (Fdescribe_buffer_bindings, describe_map):
* lread.c (openp):
* menu.c (digest_single_submenu, find_and_call_menu_selection)
(find_and_return_menu_selection):
* print.c (PRINTFINISH):
* process.c (Fformat_network_address):
* scroll.c (do_scrolling, do_direct_scrolling, scrolling_1):
* search.c (search_buffer, Fmatch_data, Fregexp_quote):
* sound.c (wav_play, au_play):
* syntax.c (skip_chars):
* term.c (tty_menu_activate, tty_menu_show):
* textprop.c (get_char_property_and_overlay):
* window.c (Fset_window_configuration):
* xdisp.c (safe__call, next_overlay_change, vmessage)
(compute_overhangs_and_x, draw_glyphs, note_mouse_highlight):
* xfaces.c (face_at_buffer_position):
* xmenu.c (x_menu_show):
Use SAFE_ALLOCA etc. instead of plain alloca, since the
allocation size isn't bounded.
* callint.c (Fcall_interactively): Redo memory_full check
so that it can be done at compile-time on some platforms.
* coding.c (MAX_LOOKUP_MAX): New constant.
(get_translation_table): Use it.
* callproc.c (call_process): Use SAFE_NALLOCA instead of
SAFE_ALLOCA, to catch integer overflows on size calculation.
(exec_failed) [!DOS_NT]: New function.
(child_setup) [!DOS_NT]: Use it.
* editfns.c (Ftranspose_regions):
Hoist USE_SAFE_ALLOC + SAFE_FREE out of 'if'.
* editfns.c (check_translation):
Allocate larger buffers on the heap.
* eval.c (internal_lisp_condition_case):
Check for MAX_ALLOCA overflow.
* fns.c (sort_vector): Use SAFE_ALLOCA_LISP rather than Fmake_vector.
(Fbase64_encode_region, Fbase64_decode_region):
Avoid unnecessary calls to SAFE_FREE before 'error'.
* buffer.c (mouse_face_overlay_overlaps):
* editfns.c (Fget_pos_property, check_translation):
* eval.c (Ffuncall):
* font.c (font_unparse_xlfd, font_find_for_lface):
* ftfont.c (ftfont_drive_otf):
* keyboard.c (echo_add_key, read_decoded_event_from_main_queue)
(menu_bar_items, tool_bar_items):
* sound.c (Fplay_sound_internal):
* xdisp.c (load_overlay_strings, dump_glyph_row):
Use an ordinary auto buffer rather than alloca, since the
allocation size is fixed and small.
* ftfont.c: Include <c-strcase.h>.
(matching_prefix): New function.
(get_adstyle_property): Use it, to avoid need for alloca.
* keyboard.c (echo_add_key):
* keymap.c (describe_map): Use ptrdiff_t, not int.
* keyboard.c (echo_add_key): Prefer sizeof to strlen.
* keymap.c (Fdescribe_buffer_bindings): Use SBYTES, not SCHARS,
when counting bytes.
* lisp.h (xlispstrdupa): Remove, replacing with ...
(SAFE_ALLOCA_STRING): ... new macro with different API.
This fixes a portability problem, namely, alloca result
passed to another function. All uses changed.
(SAFE_ALLOCA, SAFE_ALLOCA_LISP): Check for MAX_ALLOCA,
not MAX_ALLOCA - 1.
* regex.c (REGEX_USE_SAFE_ALLOCA, REGEX_SAFE_FREE)
(REGEX_ALLOCATE): New macros.
(REGEX_REALLOCATE, REGEX_ALLOCATE_STACK, REGEX_REALLOCATE_STACK)
(REGEX_FREE_STACK, FREE_VARIABLES, re_match_2_internal):
Use them.
* xdisp.c (message3): Use SAFE_ALLOCA_STRING rather than doing it
by hand.
(decode_mode_spec_coding): Store directly into buf rather than
into an alloca temporary and copying the temporary to the buf.
Fixes: debbugs:18410
* configure.ac (toplevel): Check whether GNU/Linux-specific
timerfd functions and macros are available.
* m4/clock_time.m4 (gl_CLOCK_TIME): Check for clock_getres as well.
* src/atimer.c (toplevel) [HAVE_TIMERFD]: Include sys/timerfd.h.
(toplevel): Rename alarm_timer_ok to special_timer_available.
[HAVE_TIMERFD]: Declare timerfd.
[HAVE_CLOCK_GETRES]: Declare resolution.
(start_atimer) [HAVE_CLOCK_GETRES]: Round up timestamp to
system timer resolution.
(set_alarm) [HAVE_TIMERFD]: Use timerfd_settime.
(timerfd_callback) [HAVE_TIMERFD]: New function.
(atimer_result, debug_timer_callback, Fdebug_timer_check)
[ENABLE_CHECKING]: New function for the sake of automated tests.
(init_atimer) [HAVE_TIMERFD]: Setup timerfd.
[HAVE_CLOCK_GETRES]: Likewise for system timer resolution.
[ENABLE_CHECKING]: Defsubr test function.
* src/atimer.h (timerfd_callback) [HAVE_TIMERFD]: Add prototype.
* src/lisp.h (add_timer_wait_descriptor) [HAVE_TIMERFD]: Likewise.
* src/process.c (add_timer_wait_descriptor) [HAVE_TIMERFD]: New function.
* test/automated/timer-tests.el (timer-tests-debug-timer-check): New test.
There is certainly nothing wrong with writing code like 'lo <= i
&& i <= hi', even if LO happens to a constant. There isn't even
anything wrong in general with writing 'a <= b' if A happens to
be a constant. At any rate stylistic changes shouldn't
be done like this without discussion.
(wait_reading_process_output, Fprocess_filter_multibyte_p):
Check that infd is nonnegative before using it as an fd.
(read_and_dispose_of_process_output, Fprocess_send_eof):
Likewise, for outfd.
(wait_reading_process_output): Omit unnecessary check of infd.
Fixes: debbugs:17844
* image.c (Fimagemagick_types):
* lisp.h (lisp_h_CHECK_TYPE, CHECK_TYPE, CHECK_ARRAY):
* process.c (Fmake_network_process):
Rename C local identifier 'Qfoo to avoid giving the false
impression that it stands for the symbol 'foo'.
* lisp.h, process.c (wait_reading_process_input):
Return int, not bool. All uses changed.
* process.c (SELECT_CANT_DO_WRITE_MASK):
Remove macro, replacing with ...
(SELECT_CAN_DO_WRITE_MASK): ... new constant, with inverted sense.
All uses changed.
(status_notify): New arg WAIT_PROC. Return int, not void.
All uses changed.
Fixes: debbugs:17647
* doc/lispref/processes.texi (Accepting Output):
* src/process.c (Faccept_process_output)
(wait_reading_process_output): Mention that if PROCESS is non-nil,
the return value is about PROCESS, not about other processes.
* nt/inc/ms-w32.h (POLL_FOR_INPUT): Likewise.
* src/keyboard.c, src/process.c: Do not define POLL_FOR_INPUT here
because it will be defined in generated config.h if needed.
* process.c (process_send_signal): Fix race condition where a
subprocess was reaped by a signal handler between the check for
liveness and calling 'kill', which meant that Emacs could in
theory kill an innocent bystander process. Do the fix by blocking
SIGCHLD in a critical section that checks liveness before killing.
Fixes: debbugs:17561
* lib-src/emacsclient.c (WCONTINUED): Move to ../src/syswait.h.
* src/process.c (handle_child_signal): Remove WCONTINUED ifdef,
because WCONTINUED is always defined now.
* src/syswait.h (WCONTINUED): Move here from ../lib-src/emacsclient.c.
Fixes: debbugs:15110 debbugs:17339
src/unexcoff.c [MSDOS]: Include libc/atexit.h.
(copy_text_and_data): Zero out the atexit chain pointer before
dumping Emacs.
src/termhooks.h (encode_terminal_code): Update prototype.
src/term.c (encode_terminal_code) [DOS_NT]: Make it externally
visible for all DOS_NT ports, not just WINDOWSNT.
(syms_of_term) [!MSDOS]: Don't define 'tty-menu-*' symbols on MSDOS.
src/sysdep.c (emacs_sigaction_init, init_signals): Don't use SIGCHLD
unless it is defined.
(emacs_pipe) [MSDOS]: Redirect to 'pipe'.
src/process.c (close_on_exec, accept4, process_socket): Move into
the "ifdef subprocesses" part.
(catch_child_signal): Condition by "ifdef subprocesses".
(syms_of_process) <Qinternal_default_process_sentinel>
<Qinternal_default_process_filter>: Condition by "ifdef subprocesses".
src/msdos.h: Add prototypes for new functions.
(EINPROGRESS): Define.
(O_CLOEXEC): Define to zero.
src/msdos.c (check_window_system): Remove unnecessary an
incompatible duplicate function.
(sys_opendir, readlinkat, faccessat, fstatat, unsetenv): New
functions in support of new functionality.
src/menu.c (single_menu_item): Add visual indication of submenu
also for menus on MSDOS frames.
(Fx_popup_menu) [!MSDOS]: Do not call tty_menu_show on MSDOS.
src/lisp.h (CHECK_PROCESS) [!subprocesses]: Do not define
when async subprocesses aren't supported.
src/font.h (FONT_WIDTH) [MSDOS]: MSDOS-specific definition.
src/emacs.c (close_output_streams): Zero out errno before calling
close_stream.
src/dired.c [MSDOS]: Include msdos.h.
src/conf_post.h (opendir) [MSDOS]: Redirect to sys_opendir.
(DATA_START) [MSDOS]: Define.
(SYSTEM_PURESIZE_EXTRA) [MSDOS]: Enlarge by 25K.
src/callproc.c (block_child_signal, unblock_child_signal) [MSDOS]:
Ifdef away for MSDOS.
(record_kill_process) [MSDOS]: Ifdef away the entire body for MSDOS.
(call_process_cleanup) [MSDOS]: Ifdef away portions not relevant
for MSDOS.
(call_process) [MSDOS]: Fix call sequence of dostounix_filename.
Use temporary file template that is compatible with mkostemp.
Move vfork-related portions under #ifndef MSDOS.
(syms_of_callproc): Unify templates of MSDOS and WINDOWSNT.
lisp/term/pc-win.el (x-list-fonts, x-get-selection-value): Provide
doc strings, as required by snarf-documentation.
msdos/sedlisp.inp:
msdos/sedlibmk.inp:
msdos/sedleim.inp:
msdos/sed3v2.inp:
msdos/sed2v2.inp:
msdos/sed1v2.inp: Update Sed scripts for Emacs 24.4.
msdos/inttypes.h: Add PRIdMAX.
msdos/INSTALL: Update for Emacs 24.4.
msdos/sedadmin.inp: New file.
* atimer.c (sigmask_atimers): Remove.
Remaining use rewritten to use body of this function.
* atimer.c (block_atimers, unblock_atimers):
* callproc.c (block_child_signal, unblock_child_signal):
* sysdep.c (block_tty_out_signal, unblock_tty_out_signal):
New arg OLDSET. All callers changed.
* atimer.c (block_atimers, unblock_atimers):
* callproc.c (block_child_signal, unblock_child_signal):
* keyboard.c (handle_interrupt):
* sound.c (vox_configure, vox_close):
Restore the old signal mask rather than unilaterally clearing bits
from the mask, in case a handler is running within another
handler. All callers changed.
* lisp.h, process.c, process.h, term.c:
Adjust decls and callers to match new API.
* sysdep.c (emacs_sigaction_init): Don't worry about masking SIGFPE;
signal handlers aren't supposed to use floating point anyway.
(handle_arith_signal): Unblock just SIGFPE rather than clearing mask.
Fixes: debbugs:15561
* lisp.h (GCPRO7): New macro.
* lread.c (openp): Use bool for boolean; all callers changed.
Protect save_string from GC. Don't assume that file descriptors
are nonzero. Redo save_mtime comparison to avoid bogus GCC
warning about uninitialized variable.
redisplay--mode-lines-cause.
(redisplay_internal): Keep them uptodate. Remove redundant check of
buffer_shared_and_changed.
* *.[chm]: Number every assignment to update_mode_lines so we
can track why it is set.
* gnutls.c (emacs_gnutls_handle_error): Adjust log level for EAGAIN.
(Fgnutls_boot): Set process gnutls_p later, after initialization.
* process.c (wait_reading_process_output, read_process_output)
(send_process): Check gnutls_state is not NULL.
Especially, C99 prohibits nesting a struct X inside struct Y if
struct X has a flexible array member.
Also, merge from gnulib, incorporating:
2013-11-03 intprops: port to Oracle Studio c99
* lib/intprops.h: Update from gnulib.
* src/alloc.c (struct sdata): New type.
(sdata): Implement in terms of struct sdata.
Remove u member; all uses replaced by next_vector, set_next_vector.
(SDATA_SELECTOR, SDATA_DATA, SDATA_DATA_OFFSET): Adjust to sdata change.
(SDATA_DATA_OFFSET): Now a constant, not a macro.
(struct sblock): Rename first_data member to data, which is now
a flexible array member. All uses changed.
(next_vector, set_next_vector, large_vector_vec): New functions.
(vector_alignment): New constant.
(roundup_size): Make it a multiple of ALIGNOF_STRUCT_LISP_VECTOR, too.
(struct large-vector): Now merely a NEXT member, since the old approach
ran afoul of stricter C99. All uses changed to use
large_vector_vec or large_vector_offset.
(large_vector_offset): New constant.
* src/dispnew.c: Include tparam.h, for tgetent.
Do not include term.h; no longer needed.
* src/gnutls.c (Fgnutls_boot): Don't continue after calling a _Noreturn.
* src/lisp.h (ENUM_BF) [__SUNPRO_C && __STDC__]: Use unsigned int.
(struct Lisp_Vector): Use a flexible array member for contents,
instead of a union with a member that is an array of size 1.
All uses changed.
(ALIGNOF_STRUCT_LISP_VECTOR): New constant, to make up for the
fact that the struct no longer contains a union.
(struct Lisp_Misc_Any, struct Lisp_Marker, struct Lisp_Overlay)
(struct Lisp_Save_Value, struct Lisp_Free):
Use unsigned, not int, for spacers, to avoid c99 warning.
(union specbinding): Use unsigned, not bool, for bitfield, as
bool is not portable to pre-C99 hosts.
src/w32.c (network_interface_get_info, network_interface_list)
(network_interface_info): New functions.
(GetAdaptersInfo_Proc): New typedef.
(get_adapters_info): New wrapper function.
(globals_of_w32): Initialize g_b_init_get_adapters_info.
src/process.h (network_interface_list, network_interface_info): New
prototypes.
src/process.c (conv_sockaddr_to_lisp): Now externally-visible.
(Fnetwork_interface_list, Fnetwork_interface_info): Define for
all systems. Return non-nil for systems that HAVE_NET_IF_H and
for WINDOWSNT. Doc fix.
(syms_of_process): Defsubr Snetwork_interface_list and
Snetwork_interface_info unconditionally.
