[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] /srv/bzr/emacs/trunk r105581: Integer and memory overflow
|
From: |
Paul Eggert |
|
Subject: |
[Emacs-diffs] /srv/bzr/emacs/trunk r105581: Integer and memory overflow issues (Bug#9196). |
|
Date: |
Fri, 26 Aug 2011 09:36:17 -0700 |
|
User-agent: |
Bazaar (2.3.1) |
------------------------------------------------------------
revno: 105581 [merge]
fixes bug(s): http://debbugs.gnu.org/9196
committer: Paul Eggert <address@hidden>
branch nick: trunk
timestamp: Fri 2011-08-26 09:36:17 -0700
message:
Integer and memory overflow issues (Bug#9196).
modified:
src/ChangeLog
src/alloc.c
src/bidi.c
src/buffer.c
src/callproc.c
src/category.c
src/ccl.c
src/character.c
src/character.h
src/charset.c
src/charset.h
src/cmds.c
src/coding.c
src/coding.h
src/composite.c
src/composite.h
src/dispextern.h
src/dispnew.c
src/doc.c
src/editfns.c
src/emacs.c
src/eval.c
src/fileio.c
src/fns.c
src/frame.c
src/frame.h
src/fringe.c
src/ftfont.c
src/gtkutil.c
src/gtkutil.h
src/image.c
src/indent.c
src/keyboard.c
src/keyboard.h
src/keymap.c
src/keymap.h
src/lisp.h
src/lread.c
src/macros.c
src/minibuf.c
src/nsmenu.m
src/nsterm.h
src/nsterm.m
src/process.c
src/region-cache.c
src/region-cache.h
src/scroll.c
src/search.c
src/sysdep.c
src/term.c
src/termcap.c
src/termhooks.h
src/tparam.c
src/window.c
src/xdisp.c
src/xfaces.c
src/xfns.c
src/xgselect.c
src/xrdb.c
src/xselect.c
src/xsmfns.c
src/xterm.c
=== modified file 'src/ChangeLog'
--- a/src/ChangeLog 2011-08-26 10:07:06 +0000
+++ b/src/ChangeLog 2011-08-26 16:13:07 +0000
@@ -1,3 +1,427 @@
+2011-08-26 Paul Eggert <address@hidden>
+
+ Integer and memory overflow issues (Bug#9196).
+
+ * doc.c (get_doc_string): Rework so that
+ get_doc_string_buffer_size is the actual buffer size, rather than
+ being 1 less than the actual buffer size; this makes xpalloc more
+ convenient.
+
+ * image.c (x_allocate_bitmap_record, cache_image):
+ * xselect.c (Fx_register_dnd_atom):
+ Simplify previous changes by using xpalloc.
+
+ * buffer.c (overlay_str_len): Now ptrdiff_t, not EMACS_INT,
+ since either will do and ptrdiff_t is convenient with xpalloc.
+
+ * charset.c (charset_table_size)
+ (struct charset_sort_data.priority): Now ptrdiff_t.
+ (charset_compare): Don't overflow if priorities differ greatly.
+ (Fsort_charsets): Don't assume list length fits in int.
+ Check for size-calculation overflow when allocating sort data.
+ (syms_of_charset): Allocate an initial charset table that is
+ just under 64 KiB, to avoid problems with glibc malloc and mmap.
+
+ * cmds.c (internal_self_insert): Check for size-calculation overflow.
+
+ * composite.h (struct composition.glyph_len): Now int, not unsigned.
+ The actual value is always <= INT_MAX, and leaving it unsigned made
+ overflow checking harder.
+
+ * dispextern.h (struct glyph_matrix.rows_allocated)
+ (struct face_cache.size): Now ptrdiff_t, for convenience in use
+ with xpalloc. The values are still always <= INT_MAX.
+
+ * indent.c (compute_motion): Adjust to region_cache_forward sig change.
+
+ * lisp.h (xnmalloc, xnrealloc, xpalloc): New decls.
+ (SAFE_NALLOCA): New macro.
+
+ * region-cache.c (struct boundary.pos, find_cache_boundary)
+ (move_cache_gap, insert_cache_boundary, delete_cache_boundaries)
+ (set_cache_region, invalidate_region_cache)
+ (revalidate_region_cache, know_region_cache, region_cache_forward)
+ (region_cache_backward, pp_cache):
+ Use ptrdiff_t, not EMACS_INT, since either will do. This is needed
+ so that ptrdiff_t * can be passed to xpalloc.
+ (struct region_cache): Similarly, for gap_start, gap_len, cache_len,
+ beg_unchanged, end_unchanged, buffer_beg, buffer_end members.
+ (pp_cache): Don't assume cache_len fits in int.
+ * region-cache.h: Adjust extern decls to match.
+
+ * search.c (scan_buffer, Freplace_match): Use ptrdiff_t, not
+ EMACS_INT, since either will do, for xpalloc.
+
+ * alloc.c: Include verify.h, and check that int fits in ptrdiff_t.
+ (xnmalloc, xnrealloc, xpalloc): New functions.
+
+ * bidi.c (bidi_shelve_header_size): New constant.
+ (bidi_cache_ensure_space, bidi_shelve_cache): Use it.
+ (bidi_cache_ensure_space): Avoid integer overflow when allocating.
+
+ * bidi.c (bidi_cache_shrink):
+ * buffer.c (overlays_at, overlays_in, record_overlay_string)
+ (overlay_strings):
+ Don't update size of array until after memory allocation succeeds,
+ because xmalloc/xrealloc may not return.
+ (struct sortstrlist.bytes): Now ptrdiff_t, as EMACS_INT doesn't help
+ now that we have proper integer overflow checking.
+ (record_overlay_string, overlay_strings): Catch overflows when
+ calculating size of overlay_str_buf.
+
+ * callproc.c (Fcall_process): Check for size overflow when
+ calculating size of args2.
+ (child_setup): Avoid overflow by using size_t rather than ptrdiff_t.
+ Normally we prefer signed values, but sticking with ptrdiff_t would
+ require adding more-complicated checks.
+
+ * ccl.c (Fccl_execute_on_string): Check for memory overflow.
+ Use ptrdiff_t rather than EMACS_INT where ptrdiff_t will do.
+ Redo buffer-overflow calculations to avoid integer overflow.
+ Add a FIXME comment where memory seems to be over-allocated.
+
+ * character.c (Fstring): Check for size-calculation overflow.
+
+ * coding.c (produce_chars): Redo buffer-overflow calculations to avoid
+ unnecessary integer overflow. Check for size overflow.
+ (encode_coding_object): Don't update size until xmalloc succeeds.
+
+ * composite.c (get_composition_id): Check for overflow in glyph
+ length calculations.
+
+ Integer and memory overflow fixes for display code.
+ * dispextern.h (struct glyph_pool.nglyphs): Now ptrdiff_t, not int.
+ * dispnew.c (adjust_glyph_matrix, realloc_glyph_pool)
+ (scrolling_window): Check for overflow in size calculations.
+ (line_draw_cost, realloc_glyph_pool, add_row_entry):
+ Don't assume glyph table len fits in int.
+ (struct row_entry.bucket, row_entry_pool_size, row_entry_idx)
+ (row_table_size): Now ptrdiff_t, not int.
+ (scrolling_window): Avoid overflow in size calculations.
+ Don't update size until allocation succeeds.
+ * fns.c (concat): Check for overflow in size calculations.
+ (next_almost_prime): Verify NEXT_ALMOST_PRIME_LIMIT.
+ * lisp.h (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros.
+ (NEXT_ALMOST_PRIME_LIMIT): New constant.
+
+ * doc.c (get_doc_string_buffer_size): Now ptrdiff_t, not int.
+ (get_doc_string): Check for size calculation overflow.
+ Don't update size until allocation succeeds.
+ (get_doc_string, Fsubstitute_command_keys): Use ptrdiff_t, not
+ EMACS_INT, where ptrdiff_t will do.
+ (Fsubstitute_command_keys): Check for string overflow.
+
+ * editfns.c (set_time_zone_rule): Don't assume environment length
+ fits in int.
+ (message_length): Now ptrdiff_t, not int.
+ (Fmessage_box): Don't update size until allocation succeeds.
+ Don't assume message length fits in int.
+ (Fformat): Use ptrdiff_t, not EMACS_INT, where ptrdiff_t will do.
+
+ * emacs.c (main): Do not reallocate argv, since there is a null at
+ the end that can be overwritten, and this way there's no need to
+ worry about size-calculation overflow.
+ (sort_args): Check for size-calculation overflow.
+
+ * eval.c (init_eval_once, grow_specpdl): Don't update size until
+ alloc succeeds.
+ (call_debugger, grow_specpdl): Redo calculations to avoid overflow.
+
+ * frame.c (set_menu_bar_lines, x_set_frame_parameters)
+ (x_set_scroll_bar_width, x_figure_window_size):
+ Check for integer overflow.
+ (x_set_alpha): Do not assume XINT fits in int.
+
+ * frame.h (struct frame): Use int, not EMACS_INT, where int works.
+ This is for the members text_lines, text_cols, total_lines, total_cols,
+ where the system imposes an 'int' limit.
+
+ * fringe.c (Fdefine_fringe_bitmap):
+ Don't update size until alloc works.
+
+ * ftfont.c (ftfont_get_open_type_spec, setup_otf_gstring)
+ (ftfont_shape_by_flt): Check for integer overflow in size calculations.
+
+ * gtkutil.c (get_utf8_string, xg_store_widget_in_map):
+ Check for size-calculation overflow.
+ (get_utf8_string): Use ptrdiff_t, not size_t, where either will
+ do, as we prefer signed integers.
+ (id_to_widget.max_size, id_to_widget.used)
+ (xg_store_widget_in_map, xg_remove_widget_from_map)
+ (xg_get_widget_from_map, xg_get_scroll_id_for_window)
+ (xg_remove_scroll_bar, xg_update_scrollbar_pos):
+ Use and return ptrdiff_t, not int.
+ (xg_gtk_scroll_destroy): Don't assume ptrdiff_t fits in int.
+ * gtkutil.h: Change prototypes to match the above.
+
+ * image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): Remove; these
+ are duplicate now that they've been promoted to lisp.h.
+ (x_allocate_bitmap_record, x_alloc_image_color)
+ (make_image_cache, cache_image, xpm_load):
+ Don't update size until alloc is done.
+ (xpm_load, lookup_rgb_color, lookup_pixel_color, x_to_xcolors)
+ (x_detect_edges):
+ Check for size calculation overflow.
+ (ct_colors_allocated_max): New constant.
+ (x_to_xcolors, x_detect_edges): Reorder multiplicands to avoid
+ overflow.
+
+ * keyboard.c (read_char, menu_bar_items, tool_bar_items)
+ (read_char_x_menu_prompt, read_char_minibuf_menu_width)
+ (read_char_minibuf_menu_prompt, follow_key, read_key_sequence):
+ Use ptrdiff_t, not int, to count maps.
+ (read_char_minibuf_menu_prompt): Check for overflow in size
+ calculations. Don't update size until allocation succeeds. Redo
+ calculations to avoid overflow.
+ * keyboard.h: Change prototypes to match the above.
+
+ * keymap.c (cmm_size, current_minor_maps): Use ptrdiff_t, not int,
+ to count maps.
+ (current_minor_maps): Check for size calculation overflow.
+ * keymap.h: Change prototypes to match the above.
+
+ * lread.c (read1, init_obarray): Don't update size until alloc done.
+
+ * macros.c (Fstart_kbd_macro): Don't update size until alloc done.
+ (store_kbd_macro_char): Reorder multiplicands to avoid overflow.
+
+ * nsterm.h (struct ns_color_table.size, struct ns_color_table.avail):
+ Now ptrdiff_t, not int.
+ * nsterm.m (ns_index_color): Use ptrdiff_t, not int, for table indexes.
+ (ns_draw_fringe_bitmap): Rewrite to avoid overflow.
+
+ * process.c (Fnetwork_interface_list): Check for overflow
+ in size calculation.
+
+ * region-cache.c (move_cache_gap): Check for size calculation overflow.
+
+ * scroll.c (do_line_insertion_deletion_costs): Check for size calc
+ overflow. Don't bother calling xmalloc when xrealloc will do.
+
+ * search.c (Freplace_match): Check for size calculation overflow.
+ (Fset_match_data): Don't assume list lengths fit in 'int'.
+
+ * sysdep.c (system_process_attributes): Use ptrdiff_t, not int,
+ for command line length. Do not attempt to address one before the
+ beginning of an array, as that's not portable.
+
+ * term.c (max_frame_lines): Remove; unused.
+ (encode_terminal_src_size, encode_terminal_dst_size): Now ptrdiff_t,
+ not int.
+ (encode_terminal_code, calculate_costs): Check for size
+ calculation overflow.
+ (encode_terminal_code): Use ptrdiff_t, not int, to record glyph
+ table lengths and related sizes. Don't update size until alloc
+ done. Redo calculations to avoid overflow.
+ (calculate_costs): Don't bother calling xmalloc when xrealloc will do.
+
+ * termcap.c (tgetent): Use ptrdiff_t, not int, to record results of
+ subtracting pointers.
+ (gobble_line): Check for overflow more carefully. Don't update size
+ until alloc done.
+
+ * tparam.c (tparam1): Use ptrdiff_t, not int, for sizes.
+ Don't update size until alloc done.
+ Redo size calculations to avoid overflow.
+ Check for size calculation overflow.
+ (main) [DEBUG]: Fix typo in invoking tparam1.
+
+ * xdisp.c (store_mode_line_noprop_char, x_consider_frame_title):
+ Use ptrdiff_t, not int, for sizes.
+ (store_mode_line_noprop_char): Don't update size until alloc done.
+
+ * xfaces.c (lface_id_to_name_size, Finternal_make_lisp_face):
+ Use ptrdiff_t, not int, for sizes.
+ (Finternal_make_lisp_face, cache_face):
+ Check for size calculation overflow.
+ (cache_face): Treat size calculation overflows as if they were
+ memory exhaustion (the usual treatment), rather than aborting.
+
+ * xfns.c (x_encode_text, x_set_name_internal)
+ (Fx_change_window_property): Use ptrdiff_t, not int, to count
+ sizes, since they can exceed INT_MAX in size. Check for size
+ calculation overflow.
+
+ * xgselect.c (gfds_size): Now ptrdiff_t, for convenience with xpalloc.
+ (xg_select): Check for size calculation overflow.
+ Don't update size until alloc done.
+
+ * xrdb.c (get_environ_db): Don't assume path length fits in int,
+ as sprintf is limited to int lengths.
+
+ * xselect.c (X_LONG_SIZE, X_SHRT_MAX, X_SHRT_MIN, X_LONG_MAX)
+ (X_LONG_MIN): New macros.
+ Use them to make the following changes clearer.
+ (MAX_SELECTION_QUANTUM): Make the other bounds on this value clearer.
+ This change doesn't affect the value now, but it may help remind
+ future maintainers not to raise the value too much later.
+ (SELECTION_QUANTUM): Remove, replacing with ...
+ (selection_quantum): ... new function, which avoids overflow.
+ All uses changed.
+ (struct selection_data.size): Now ptrdiff_t, not int, to avoid
+ assumption that selection length fits in 'int'.
+ (x_reply_selection_request, x_handle_selection_request)
+ (x_get_window_property, receive_incremental_selection)
+ (x_get_window_property_as_lisp_data, selection_data_to_lisp_data)
+ (lisp_data_to_selection_data, clean_local_selection_data):
+ Use ptrdiff_t, not int, to record length of selection.
+ (x_reply_selection_request, x_get_window_property)
+ (receive_incremental_selection, x_property_data_to_lisp):
+ Redo calculations to avoid overflow.
+ (x_reply_selection_request): When sending hint, ceiling it at
+ X_LONG_MAX rather than relying on wraparound overflow to send
+ something.
+ (x_get_window_property, receive_incremental_selection)
+ (lisp_data_to_selection_data, x_property_data_to_lisp):
+ Check for size-calculation overflow.
+ (x_get_window_property, receive_incremental_selection)
+ (lisp_data_to_selection_data, Fx_register_dnd_atom):
+ Don't store size until memory allocation succeeds.
+ (x_get_window_property): Plug memory leak on memory exhaustion.
+ Don't double-block input; malloc is safe here. Don't assume 2**34
+ - 4 fits in unsigned long. Add an xassert to check
+ XGetWindowProperty overflow. Be more careful about overflow
+ calculations, and distinguish size from memory overflow better.
+ (receive_incremental_selection): When tracing, don't assume
+ unsigned int is less than INT_MAX.
+ (x_selection_data_to_lisp_data): Remove unnecessary (and in theory
+ harmful) conversions of unsigned short to int.
+ (lisp_data_to_selection_data): Don't assume that integers
+ in the range -65535 through -1 fit in an X unsigned short.
+ Don't assume that ULONG_MAX == X_ULONG_MAX. Don't store into
+ result parameters unless successful. Rely on cons_to_unsigned
+ to report problems with elements; the old code wasn't right anyway.
+ (x_check_property_data): Check for int overflow; we cannot use
+ a wider type due to X limits.
+ (x_handle_dnd_message): Use unsigned int, to avoid int overflow.
+
+ * xsmfns.c (smc_save_yourself_CB): Check for size calc overflow.
+
+ * xterm.c (x_color_cells, x_send_scrollbar_event, handle_one_xevent)
+ (x_term_init): Check for size calculation overflow.
+ (x_color_cells): Don't store size until memory allocation succeeds.
+ (handle_one_xevent): Use ptrdiff_t, not int, for byte counts.
+ Don't assume alloca size is less than MAX_ALLOCA.
+ (x_term_init): Don't assume length fits in int (sprintf is limited
+ to int size).
+
+ Use ptrdiff_t for composition IDs.
+ * character.c (lisp_string_width):
+ * composite.c (composition_table_size, n_compositions)
+ (get_composition_id, composition_gstring_from_id):
+ * dispextern.h (struct glyph_string.cmp_id, struct composition_it.id):
+ * xdisp.c (BUILD_COMPOSITE_GLYPH_STRING):
+ * window.c (Frecenter):
+ Use ptrdiff_t, not int, for composition IDs.
+ * composite.c (get_composition_id): Check for integer overflow.
+ * composite.h: Adjust prototypes to match the above changes.
+
+ Use ptrdiff_t for hash table indexes.
+ * category.c (hash_get_category_set):
+ * ccl.c (ccl_driver):
+ * charset.h (struct charset.hash_index, CHECK_CHARSET_GET_ID):
+ * coding.c (coding_system_charset_list, detect_coding_system):
+ * coding.h (struct coding_system.id):
+ * composite.c (get_composition_id, gstring_lookup_cache):
+ * fns.c (hash_lookup, hash_put, Fgethash, Fputhash):
+ * image.c (xpm_get_color_table_h):
+ * lisp.h (hash_lookup, hash_put):
+ * minibuf.c (Ftest_completion):
+ Use ptrdiff_t for hash table indexes, not int (which is too
+ narrow, on 64-bit hosts) or EMACS_INT (which is too wide, on
+ 32-bit --with-wide-int hosts).
+
+ * charset.c (Fdefine_charset_internal): Check for integer overflow.
+ Add a FIXME comment about memory leaks.
+ (syms_of_charset): Don't assume xmalloc returns.
+
+ Don't assume that stated character widths fit in int.
+ * character.c (Fchar_width, c_string_width, lisp_string_width):
+ * character.h (CHAR_WIDTH):
+ * indent.c (MULTIBYTE_BYTES_WIDTH):
+ Use sanitize_char_width to avoid undefined and/or bad behavior
+ with outlandish widths.
+ * character.h (sanitize_tab_width): Renamed from sanitize_width,
+ now that we have two such functions. All uses changed.
+ (sanitize_char_width): New inline function.
+
+ Don't assume that tab-width fits in int.
+ * character.h (sanitize_width): New inline function.
+ (SANE_TAB_WIDTH): New macro.
+ (ASCII_CHAR_WIDTH): Use it.
+ * indent.c (sane_tab_width): Remove. All uses replaced by
+ SANE_TAB_WIDTH (current_buffer).
+ * xdisp.c (init_iterator): Use SANE_TAB_WIDTH.
+
+ * fileio.c: Integer overflow issues with file modes.
+ (Fset_file_modes, auto_save_1): Don't assume EMACS_INT fits in int.
+
+ * charset.c (read_hex): New arg OVERFLOW. All uses changed.
+ Remove unreachable code.
+ (read_hex, load_charset_map_from_file): Check for integer overflow.
+
+ * xterm.c: don't go over XClientMessageEvent limit
+ (scroll_bar_windows_size): Now ptrdiff_t, as we prefer signed.
+ (x_send_scroll_bar_event): Likewise. Check that the size does not
+ exceed limits imposed by XClientMessageEvent, as well as the usual
+ ptrdiff_t and size_t limits.
+
+ * keyboard.c: Overflow, signedness and related fixes.
+ (make_lispy_movement): Use same integer type in forward decl
+ that is used in the definition.
+ (read_key_sequence, keyremap_step):
+ Change bufsize argument back to int, undoing my 2011-03-30 change.
+ We prefer signed types, and int is wide enough here.
+ (parse_tool_bar_item): Don't assume tool_bar_max_label_size is less
+ than TYPE_MAXIMUM (EMACS_INT) / 2. Don't let the label size grow
+ larger than STRING_BYTES_BOUND. Use ptrdiff_t for Emacs string
+ length, not size_t. Use ptrdiff_t for index, not int.
+ (keyremap_step, read_key_sequence): Redo bufsize check to avoid
+ possibility of integer overflow.
+
+ Overflow, signedness and related fixes for images.
+
+ * dispextern.h (struct it.stack[0].u.image.image_id)
+ (struct_it.image_id, struct image.id, struct image_cache.size)
+ (struct image_cache.used, struct image_cache.ref_count):
+ * gtkutil.c (update_frame_tool_bar):
+ * image.c (x_reference_bitmap, Fimage_size, Fimage_mask_p)
+ (Fimage_metadata, free_image_cache, clear_image_cache, lookup_image)
+ (cache_image, mark_image_cache, x_kill_gs_process, Flookup_image):
+ * nsmenu.m (update_frame_tool_bar):
+ * xdisp.c (calc_pixel_width_or_height):
+ * xfns.c (image_cache_refcount):
+ Image IDs are now ptrdiff_t, not int, to avoid arbitrary limits
+ on typical 64-bit hosts.
+
+ * image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros.
+ (x_bitmap_pixmap, x_create_x_image_and_pixmap):
+ Omit unnecessary casts to int.
+ (parse_image_spec): Check that integers fall into 'int' range
+ when the callers expect that.
+ (image_ascent): Redo ascent calculation to avoid int overflow.
+ (clear_image_cache): Avoid overflow when sqrt (INT_MAX) < nimages.
+ (lookup_image): Remove unnecessary tests.
+ (xbm_image_p): Locals are now of int, not EMACS_INT,
+ since parse_image_check makes sure they fit into int.
+ (png_load, gif_load, svg_load_image):
+ Prefer int to unsigned where either will do.
+ (tiff_handler): New function, combining the cores of the
+ old tiff_error_handler and tiff_warning_handler. This
+ function is rewritten to use vsnprintf and thereby avoid
+ stack buffer overflows. It uses only the features of vsnprintf
+ that are common to both POSIX and native Microsoft.
+ (tiff_error_handler, tiff_warning_handler): Use it.
+ (tiff_load, gif_load, imagemagick_load_image):
+ Don't assume :index value fits in 'int'.
+ (gif_load): Omit unnecessary cast to double, and avoid double-rounding.
+ (imagemagick_load_image): Check that crop parameters fit into
+ the integer types that MagickCropImage accepts. Don't assume
+ Vimagemagick_render_type has a nonnegative value. Don't assume
+ size_t fits in 'long'.
+ (gs_load): Use printmax_t to print the widest integers possible.
+ Check for integer overflow when computing image height and width.
+
2011-08-26 Eli Zaretskii <address@hidden>
* xdisp.c (redisplay_window): Don't force window start if point
=== modified file 'src/alloc.c'
--- a/src/alloc.c 2011-08-04 17:04:39 +0000
+++ b/src/alloc.c 2011-08-05 02:19:34 +0000
@@ -46,6 +46,7 @@
#include "syssignal.h"
#include "termhooks.h" /* For struct terminal. */
#include <setjmp.h>
+#include <verify.h>
/* GC_MALLOC_CHECK defined means perform validity checks of malloc'd
memory. Can do this only if using gmalloc.c. */
@@ -733,6 +734,93 @@
}
+/* Other parts of Emacs pass large int values to allocator functions
+ expecting ptrdiff_t. This is portable in practice, but check it to
+ be safe. */
+verify (INT_MAX <= PTRDIFF_MAX);
+
+
+/* Allocate an array of NITEMS items, each of size ITEM_SIZE.
+ Signal an error on memory exhaustion, and block interrupt input. */
+
+void *
+xnmalloc (ptrdiff_t nitems, ptrdiff_t item_size)
+{
+ xassert (0 <= nitems && 0 < item_size);
+ if (min (PTRDIFF_MAX, SIZE_MAX) / item_size < nitems)
+ memory_full (SIZE_MAX);
+ return xmalloc (nitems * item_size);
+}
+
+
+/* Reallocate an array PA to make it of NITEMS items, each of size ITEM_SIZE.
+ Signal an error on memory exhaustion, and block interrupt input. */
+
+void *
+xnrealloc (void *pa, ptrdiff_t nitems, ptrdiff_t item_size)
+{
+ xassert (0 <= nitems && 0 < item_size);
+ if (min (PTRDIFF_MAX, SIZE_MAX) / item_size < nitems)
+ memory_full (SIZE_MAX);
+ return xrealloc (pa, nitems * item_size);
+}
+
+
+/* Grow PA, which points to an array of *NITEMS items, and return the
+ location of the reallocated array, updating *NITEMS to reflect its
+ new size. The new array will contain at least NITEMS_INCR_MIN more
+ items, but will not contain more than NITEMS_MAX items total.
+ ITEM_SIZE is the size of each item, in bytes.
+
+ ITEM_SIZE and NITEMS_INCR_MIN must be positive. *NITEMS must be
+ nonnegative. If NITEMS_MAX is -1, it is treated as if it were
+ infinity.
+
+ If PA is null, then allocate a new array instead of reallocating
+ the old one. Thus, to grow an array A without saving its old
+ contents, invoke xfree (A) immediately followed by xgrowalloc (0,
+ &NITEMS, ...).
+
+ Block interrupt input as needed. If memory exhaustion occurs, set
+ *NITEMS to zero if PA is null, and signal an error (i.e., do not
+ return). */
+
+void *
+xpalloc (void *pa, ptrdiff_t *nitems, ptrdiff_t nitems_incr_min,
+ ptrdiff_t nitems_max, ptrdiff_t item_size)
+{
+ /* The approximate size to use for initial small allocation
+ requests. This is the largest "small" request for the GNU C
+ library malloc. */
+ enum { DEFAULT_MXFAST = 64 * sizeof (size_t) / 4 };
+
+ /* If the array is tiny, grow it to about (but no greater than)
+ DEFAULT_MXFAST bytes. Otherwise, grow it by about 50%. */
+ ptrdiff_t n = *nitems;
+ ptrdiff_t tiny_max = DEFAULT_MXFAST / item_size - n;
+ ptrdiff_t half_again = n >> 1;
+ ptrdiff_t incr_estimate = max (tiny_max, half_again);
+
+ /* Adjust the increment according to three constraints: NITEMS_INCR_MIN,
+ NITEMS_MAX, and what the C language can represent safely. */
+ ptrdiff_t C_language_max = min (PTRDIFF_MAX, SIZE_MAX) / item_size;
+ ptrdiff_t n_max = (0 <= nitems_max && nitems_max < C_language_max
+ ? nitems_max : C_language_max);
+ ptrdiff_t nitems_incr_max = n_max - n;
+ ptrdiff_t incr = max (nitems_incr_min, min (incr_estimate, nitems_incr_max));
+
+ xassert (0 < item_size && 0 < nitems_incr_min && 0 <= n && -1 <= nitems_max);
+ if (! pa)
+ *nitems = 0;
+ if (nitems_incr_max < incr)
+ memory_full (SIZE_MAX);
+ n += incr;
+ pa = xrealloc (pa, n * item_size);
+ *nitems = n;
+ return pa;
+}
+
+
/* Like strdup, but uses xmalloc. */
char *
=== modified file 'src/bidi.c'
--- a/src/bidi.c 2011-08-25 10:45:33 +0000
+++ b/src/bidi.c 2011-08-25 19:06:56 +0000
@@ -316,6 +316,21 @@
static ptrdiff_t bidi_cache_start = 0; /* start of cache for this
"stack" level */
+/* 5-slot stack for saving the start of the previous level of the
+ cache. xdisp.c maintains a 5-slot stack for its iterator state,
+ and we need the same size of our stack. */
+static ptrdiff_t bidi_cache_start_stack[IT_STACK_SIZE];
+static int bidi_cache_sp;
+
+/* Size of header used by bidi_shelve_cache. */
+enum
+ {
+ bidi_shelve_header_size =
+ (sizeof (bidi_cache_idx) + sizeof (bidi_cache_start_stack)
+ + sizeof (bidi_cache_sp) + sizeof (bidi_cache_start)
+ + sizeof (bidi_cache_last_idx))
+ };
+
/* Reset the cache state to the empty state. We only reset the part
of the cache relevant to iteration of the current object. Previous
objects, which are pushed on the display iterator's stack, are left
@@ -338,9 +353,9 @@
{
if (bidi_cache_size > BIDI_CACHE_CHUNK)
{
+ bidi_cache =
+ (struct bidi_it *) xrealloc (bidi_cache, BIDI_CACHE_CHUNK * elsz);
bidi_cache_size = BIDI_CACHE_CHUNK;
- bidi_cache =
- (struct bidi_it *) xrealloc (bidi_cache, bidi_cache_size * elsz);
}
bidi_cache_reset ();
}
@@ -473,21 +488,19 @@
/* Enlarge the cache as needed. */
if (idx >= bidi_cache_size)
{
- ptrdiff_t new_size;
-
/* The bidi cache cannot be larger than the largest Lisp string
or buffer. */
ptrdiff_t string_or_buffer_bound =
max (BUF_BYTES_MAX, STRING_BYTES_BOUND);
/* Also, it cannot be larger than what C can represent. */
- ptrdiff_t c_bound = min (PTRDIFF_MAX, SIZE_MAX) / elsz;
+ ptrdiff_t c_bound =
+ (min (PTRDIFF_MAX, SIZE_MAX) - bidi_shelve_header_size) / elsz;
- if (min (string_or_buffer_bound, c_bound) <= idx)
- memory_full (SIZE_MAX);
- new_size = idx - idx % BIDI_CACHE_CHUNK + BIDI_CACHE_CHUNK;
- bidi_cache = (struct bidi_it *) xrealloc (bidi_cache, new_size * elsz);
- bidi_cache_size = new_size;
+ bidi_cache =
+ xpalloc (bidi_cache, &bidi_cache_size,
+ max (BIDI_CACHE_CHUNK, idx - bidi_cache_size + 1),
+ min (string_or_buffer_bound, c_bound), elsz);
}
}
@@ -580,11 +593,6 @@
/***********************************************************************
Pushing and popping the bidi iterator state
***********************************************************************/
-/* 5-slot stack for saving the start of the previous level of the
- cache. xdisp.c maintains a 5-slot stack for its iterator state,
- and we need the same size of our stack. */
-static ptrdiff_t bidi_cache_start_stack[IT_STACK_SIZE];
-static int bidi_cache_sp;
/* Push the bidi iterator state in preparation for reordering a
different object, e.g. display string found at certain buffer
@@ -639,21 +647,16 @@
bidi_shelve_cache (void)
{
unsigned char *databuf;
+ ptrdiff_t alloc;
/* Empty cache. */
if (bidi_cache_idx == 0)
return NULL;
- databuf = xmalloc (sizeof (bidi_cache_idx)
- + bidi_cache_idx * sizeof (struct bidi_it)
- + sizeof (bidi_cache_start_stack)
- + sizeof (bidi_cache_sp) + sizeof (bidi_cache_start)
- + sizeof (bidi_cache_last_idx));
- bidi_cache_total_alloc +=
- sizeof (bidi_cache_idx) + bidi_cache_idx * sizeof (struct bidi_it)
- + sizeof (bidi_cache_start_stack)
- + sizeof (bidi_cache_sp) + sizeof (bidi_cache_start)
- + sizeof (bidi_cache_last_idx);
+ alloc = (bidi_shelve_header_size
+ + bidi_cache_idx * sizeof (struct bidi_it));
+ databuf = xmalloc (alloc);
+ bidi_cache_total_alloc += alloc;
memcpy (databuf, &bidi_cache_idx, sizeof (bidi_cache_idx));
memcpy (databuf + sizeof (bidi_cache_idx),
@@ -706,9 +709,7 @@
memcpy (&idx, p, sizeof (bidi_cache_idx));
bidi_cache_total_alloc -=
- sizeof (bidi_cache_idx) + idx * sizeof (struct bidi_it)
- + sizeof (bidi_cache_start_stack) + sizeof (bidi_cache_sp)
- + sizeof (bidi_cache_start) + sizeof (bidi_cache_last_idx);
+ bidi_shelve_header_size + idx * sizeof (struct bidi_it);
}
else
{
@@ -737,9 +738,7 @@
+ sizeof (bidi_cache_start),
sizeof (bidi_cache_last_idx));
bidi_cache_total_alloc -=
- sizeof (bidi_cache_idx) + bidi_cache_idx * sizeof (struct bidi_it)
- + sizeof (bidi_cache_start_stack) + sizeof (bidi_cache_sp)
- + sizeof (bidi_cache_start) + sizeof (bidi_cache_last_idx);
+ bidi_shelve_header_size + bidi_cache_idx * sizeof (struct bidi_it);
}
xfree (p);
=== modified file 'src/buffer.c'
--- a/src/buffer.c 2011-08-25 00:45:23 +0000
+++ b/src/buffer.c 2011-08-25 19:06:56 +0000
@@ -2557,13 +2557,10 @@
Either make it bigger, or don't store any more in it. */
if (extend)
{
- if ((OVERLAY_COUNT_MAX - 4) / 2 < len)
- memory_full (SIZE_MAX);
- /* Make it work with an initial len == 0. */
- len = len * 2 + 4;
- *len_ptr = len;
- vec = (Lisp_Object *) xrealloc (vec, len * sizeof
(Lisp_Object));
+ vec = xpalloc (vec, len_ptr, 1, OVERLAY_COUNT_MAX,
+ sizeof *vec);
*vec_ptr = vec;
+ len = *len_ptr;
}
else
inhibit_storing = 1;
@@ -2600,13 +2597,10 @@
{
if (extend)
{
- if ((OVERLAY_COUNT_MAX - 4) / 2 < len)
- memory_full (SIZE_MAX);
- /* Make it work with an initial len == 0. */
- len = len * 2 + 4;
- *len_ptr = len;
- vec = (Lisp_Object *) xrealloc (vec, len * sizeof
(Lisp_Object));
+ vec = xpalloc (vec, len_ptr, 1, OVERLAY_COUNT_MAX,
+ sizeof *vec);
*vec_ptr = vec;
+ len = *len_ptr;
}
else
inhibit_storing = 1;
@@ -2697,13 +2691,10 @@
Either make it bigger, or don't store any more in it. */
if (extend)
{
- if ((OVERLAY_COUNT_MAX - 4) / 2 < len)
- memory_full (SIZE_MAX);
- /* Make it work with an initial len == 0. */
- len = len * 2 + 4;
- *len_ptr = len;
- vec = (Lisp_Object *) xrealloc (vec, len * sizeof
(Lisp_Object));
+ vec = xpalloc (vec, len_ptr, 1, OVERLAY_COUNT_MAX,
+ sizeof *vec);
*vec_ptr = vec;
+ len = *len_ptr;
}
else
inhibit_storing = 1;
@@ -2745,13 +2736,10 @@
{
if (extend)
{
- if ((OVERLAY_COUNT_MAX - 4) / 2 < len)
- memory_full (SIZE_MAX);
- /* Make it work with an initial len == 0. */
- len = len * 2 + 4;
- *len_ptr = len;
- vec = (Lisp_Object *) xrealloc (vec, len * sizeof
(Lisp_Object));
+ vec = xpalloc (vec, len_ptr, 1, OVERLAY_COUNT_MAX,
+ sizeof *vec);
*vec_ptr = vec;
+ len = *len_ptr;
}
else
inhibit_storing = 1;
@@ -2933,7 +2921,7 @@
struct sortstr *buf; /* An array that expands as needed; never freed. */
ptrdiff_t size; /* Allocated length of that array. */
ptrdiff_t used; /* How much of the array is currently in use. */
- EMACS_INT bytes; /* Total length of the strings in buf. */
+ ptrdiff_t bytes; /* Total length of the strings in buf. */
};
/* Buffers for storing information about the overlays touching a given
@@ -2944,7 +2932,7 @@
static unsigned char *overlay_str_buf;
/* Allocated length of overlay_str_buf. */
-static EMACS_INT overlay_str_len;
+static ptrdiff_t overlay_str_len;
/* A comparison function suitable for passing to qsort. */
static int
@@ -2966,17 +2954,7 @@
EMACS_INT nbytes;
if (ssl->used == ssl->size)
- {
- if (min (PTRDIFF_MAX, SIZE_MAX) / (sizeof (struct sortstr) * 2)
- < ssl->size)
- memory_full (SIZE_MAX);
- else if (0 < ssl->size)
- ssl->size *= 2;
- else
- ssl->size = 5;
- ssl->buf = ((struct sortstr *)
- xrealloc (ssl->buf, ssl->size * sizeof (struct sortstr)));
- }
+ ssl->buf = xpalloc (ssl->buf, &ssl->size, 5, -1, sizeof *ssl->buf);
ssl->buf[ssl->used].string = str;
ssl->buf[ssl->used].string2 = str2;
ssl->buf[ssl->used].size = size;
@@ -2991,6 +2969,8 @@
else
nbytes = SBYTES (str);
+ if (INT_ADD_OVERFLOW (ssl->bytes, nbytes))
+ memory_full (SIZE_MAX);
ssl->bytes += nbytes;
if (STRINGP (str2))
@@ -3003,6 +2983,8 @@
else
nbytes = SBYTES (str2);
+ if (INT_ADD_OVERFLOW (ssl->bytes, nbytes))
+ memory_full (SIZE_MAX);
ssl->bytes += nbytes;
}
}
@@ -3096,14 +3078,15 @@
Lisp_Object tem;
EMACS_INT i;
unsigned char *p;
- EMACS_INT total = overlay_heads.bytes + overlay_tails.bytes;
+ ptrdiff_t total;
+ if (INT_ADD_OVERFLOW (overlay_heads.bytes, overlay_tails.bytes))
+ memory_full (SIZE_MAX);
+ total = overlay_heads.bytes + overlay_tails.bytes;
if (total > overlay_str_len)
- {
- overlay_str_len = total;
- overlay_str_buf = (unsigned char *)xrealloc (overlay_str_buf,
- total);
- }
+ overlay_str_buf = xpalloc (overlay_str_buf, &overlay_str_len,
+ total - overlay_str_len, -1, 1);
+
p = overlay_str_buf;
for (i = overlay_tails.used; --i >= 0;)
{
=== modified file 'src/callproc.c'
--- a/src/callproc.c 2011-08-04 03:08:01 +0000
+++ b/src/callproc.c 2011-08-05 02:19:34 +0000
@@ -252,7 +252,7 @@
val = Qraw_text;
else
{
- SAFE_ALLOCA (args2, Lisp_Object *, (nargs + 1) * sizeof *args2);
+ SAFE_NALLOCA (args2, 1, nargs + 1);
args2[0] = Qcall_process;
for (i = 0; i < nargs; i++) args2[i + 1] = args[i];
coding_systems = Ffind_operation_coding_system (nargs + 1, args2);
@@ -726,7 +726,7 @@
{
ptrdiff_t i;
- SAFE_ALLOCA (args2, Lisp_Object *, (nargs + 1) * sizeof *args2);
+ SAFE_NALLOCA (args2, 1, nargs + 1);
args2[0] = Qcall_process;
for (i = 0; i < nargs; i++) args2[i + 1] = args[i];
coding_systems
@@ -1024,7 +1024,7 @@
else
{
USE_SAFE_ALLOCA;
- SAFE_ALLOCA (args2, Lisp_Object *, (nargs + 1) * sizeof *args2);
+ SAFE_NALLOCA (args2, 1, nargs + 1);
args2[0] = Qcall_process_region;
for (i = 0; i < nargs; i++) args2[i + 1] = args[i];
coding_systems = Ffind_operation_coding_system (nargs + 1, args2);
@@ -1153,7 +1153,7 @@
cleaned up in the usual way. */
{
register char *temp;
- register int i;
+ size_t i; /* size_t, because ptrdiff_t might overflow here! */
i = SBYTES (current_dir);
#ifdef MSDOS
=== modified file 'src/category.c'
--- a/src/category.c 2011-06-24 21:25:22 +0000
+++ b/src/category.c 2011-07-19 06:07:07 +0000
@@ -67,7 +67,7 @@
hash_get_category_set (Lisp_Object table, Lisp_Object category_set)
{
struct Lisp_Hash_Table *h;
- EMACS_INT i;
+ ptrdiff_t i;
EMACS_UINT hash;
if (NILP (XCHAR_TABLE (table)->extras[1]))
=== modified file 'src/ccl.c'
--- a/src/ccl.c 2011-06-24 21:25:22 +0000
+++ b/src/ccl.c 2011-08-05 02:15:35 +0000
@@ -1303,7 +1303,7 @@
case CCL_LookupIntConstTbl:
{
- EMACS_INT eop;
+ ptrdiff_t eop;
struct Lisp_Hash_Table *h;
GET_CCL_RANGE (eop, ccl_prog, ic++, 0,
(VECTORP (Vtranslation_hash_table_vector)
@@ -1329,7 +1329,7 @@
case CCL_LookupCharConstTbl:
{
- EMACS_INT eop;
+ ptrdiff_t eop;
struct Lisp_Hash_Table *h;
GET_CCL_RANGE (eop, ccl_prog, ic++, 0,
(VECTORP (Vtranslation_hash_table_vector)
@@ -2061,12 +2061,13 @@
Lisp_Object val;
struct ccl_program ccl;
int i;
- EMACS_INT outbufsize;
+ ptrdiff_t outbufsize;
unsigned char *outbuf, *outp;
- EMACS_INT str_chars, str_bytes;
+ ptrdiff_t str_chars, str_bytes;
#define CCL_EXECUTE_BUF_SIZE 1024
int source[CCL_EXECUTE_BUF_SIZE], destination[CCL_EXECUTE_BUF_SIZE];
- EMACS_INT consumed_chars, consumed_bytes, produced_chars;
+ ptrdiff_t consumed_chars, consumed_bytes, produced_chars;
+ int buf_magnification;
if (setup_ccl_program (&ccl, ccl_prog) < 0)
error ("Invalid CCL program");
@@ -2093,6 +2094,10 @@
ccl.ic = i;
}
+ buf_magnification = ccl.buf_magnification ? ccl.buf_magnification : 1;
+
+ if ((min (PTRDIFF_MAX, SIZE_MAX) - 256) / buf_magnification < str_bytes)
+ memory_full (SIZE_MAX);
outbufsize = (ccl.buf_magnification
? str_bytes * ccl.buf_magnification + 256
: str_bytes + 256);
@@ -2127,12 +2132,18 @@
produced_chars += ccl.produced;
if (NILP (unibyte_p))
{
- if (outp - outbuf + MAX_MULTIBYTE_LENGTH * ccl.produced
- > outbufsize)
+ /* FIXME: Surely this should be buf_magnification instead.
+ MAX_MULTIBYTE_LENGTH overestimates the storage needed. */
+ int magnification = MAX_MULTIBYTE_LENGTH;
+
+ ptrdiff_t offset = outp - outbuf;
+ ptrdiff_t shortfall;
+ if (INT_MULTIPLY_OVERFLOW (ccl.produced, magnification))
+ memory_full (SIZE_MAX);
+ shortfall = ccl.produced * magnification - (outbufsize - offset);
+ if (0 < shortfall)
{
- EMACS_INT offset = outp - outbuf;
- outbufsize += MAX_MULTIBYTE_LENGTH * ccl.produced;
- outbuf = (unsigned char *) xrealloc (outbuf, outbufsize);
+ outbuf = xpalloc (outbuf, &outbufsize, shortfall, -1, 1);
outp = outbuf + offset;
}
for (j = 0; j < ccl.produced; j++)
@@ -2140,11 +2151,11 @@
}
else
{
- if (outp - outbuf + ccl.produced > outbufsize)
+ ptrdiff_t offset = outp - outbuf;
+ ptrdiff_t shortfall = ccl.produced - (outbufsize - offset);
+ if (0 < shortfall)
{
- EMACS_INT offset = outp - outbuf;
- outbufsize += ccl.produced;
- outbuf = (unsigned char *) xrealloc (outbuf, outbufsize);
+ outbuf = xpalloc (outbuf, &outbufsize, shortfall, -1, 1);
outp = outbuf + offset;
}
for (j = 0; j < ccl.produced; j++)
=== modified file 'src/character.c'
--- a/src/character.c 2011-07-12 21:17:39 +0000
+++ b/src/character.c 2011-08-05 02:15:35 +0000
@@ -326,7 +326,7 @@
disp = dp ? DISP_CHAR_VECTOR (dp, c) : Qnil;
if (VECTORP (disp))
- width = ASIZE (disp);
+ width = sanitize_char_width (ASIZE (disp));
else
width = CHAR_WIDTH (c);
@@ -358,7 +358,7 @@
{
val = DISP_CHAR_VECTOR (dp, c);
if (VECTORP (val))
- thiswidth = ASIZE (val);
+ thiswidth = sanitize_char_width (ASIZE (val));
else
thiswidth = CHAR_WIDTH (c);
}
@@ -423,7 +423,7 @@
{
EMACS_INT chars, bytes, thiswidth;
Lisp_Object val;
- int cmp_id;
+ ptrdiff_t cmp_id;
EMACS_INT ignore, end;
if (find_composition (i, -1, &ignore, &end, &val, string)
@@ -451,7 +451,7 @@
{
val = DISP_CHAR_VECTOR (dp, c);
if (VECTORP (val))
- thiswidth = ASIZE (val);
+ thiswidth = sanitize_char_width (ASIZE (val));
else
thiswidth = CHAR_WIDTH (c);
}
@@ -902,7 +902,7 @@
Lisp_Object str;
USE_SAFE_ALLOCA;
- SAFE_ALLOCA (buf, unsigned char *, MAX_MULTIBYTE_LENGTH * n);
+ SAFE_NALLOCA (buf, MAX_MULTIBYTE_LENGTH, n);
p = buf;
for (i = 0; i < n; i++)
=== modified file 'src/character.h'
--- a/src/character.h 2011-07-06 23:28:00 +0000
+++ b/src/character.h 2011-07-19 00:42:24 +0000
@@ -556,6 +556,16 @@
} while (0)
+/* Return a non-outlandish value for the tab width. */
+
+#define SANE_TAB_WIDTH(buf) \
+ sanitize_tab_width (XFASTINT (BVAR (buf, tab_width)))
+static inline int
+sanitize_tab_width (EMACS_INT width)
+{
+ return 0 < width && width <= 1000 ? width : 8;
+}
+
/* Return the width of ASCII character C. The width is measured by
how many columns C will occupy on the screen when displayed in the
current buffer. */
@@ -563,12 +573,20 @@
#define ASCII_CHAR_WIDTH(c) \
(c < 0x20 \
? (c == '\t'
\
- ? XFASTINT (BVAR (current_buffer, tab_width))
\
+ ? SANE_TAB_WIDTH (current_buffer)
\
: (c == '\n' ? 0 : (NILP (BVAR (current_buffer, ctl_arrow)) ? 4 : 2)))
\
: (c < 0x7f \
? 1 \
: ((NILP (BVAR (current_buffer, ctl_arrow)) ? 4 : 2))))
+/* Return a non-outlandish value for a character width. */
+
+static inline int
+sanitize_char_width (EMACS_INT width)
+{
+ return 0 <= width && width <= 1000 ? width : 1000;
+}
+
/* Return the width of character C. The width is measured by how many
columns C will occupy on the screen when displayed in the current
buffer. */
@@ -576,7 +594,7 @@
#define CHAR_WIDTH(c) \
(ASCII_CHAR_P (c) \
? ASCII_CHAR_WIDTH (c) \
- : XINT (CHAR_TABLE_REF (Vchar_width_table, c)))
+ : sanitize_char_width (XINT (CHAR_TABLE_REF (Vchar_width_table, c))))
/* If C is a variation selector, return the index numnber of the
variation selector (1..256). Otherwise, return 0. */
=== modified file 'src/charset.c'
--- a/src/charset.c 2011-06-14 18:57:19 +0000
+++ b/src/charset.c 2011-08-05 02:15:35 +0000
@@ -61,7 +61,7 @@
/* Table of struct charset. */
struct charset *charset_table;
-static int charset_table_size;
+static ptrdiff_t charset_table_size;
static int charset_table_used;
Lisp_Object Qcharsetp;
@@ -419,7 +419,7 @@
paying attention to comment character '#'. */
static inline unsigned
-read_hex (FILE *fp, int *eof)
+read_hex (FILE *fp, int *eof, int *overflow)
{
int c;
unsigned n;
@@ -441,15 +441,16 @@
*eof = 1;
return 0;
}
- *eof = 0;
n = 0;
- if (c == 'x')
- while ((c = getc (fp)) != EOF && isxdigit (c))
+ while (isxdigit (c = getc (fp)))
+ {
+ if (UINT_MAX >> 4 < n)
+ *overflow = 1;
n = ((n << 4)
- | (c <= '9' ? c - '0' : c <= 'F' ? c - 'A' + 10 : c - 'a' + 10));
- else
- while ((c = getc (fp)) != EOF && isdigit (c))
- n = (n * 10) + c - '0';
+ | (c - ('0' <= c && c <= '9' ? '0'
+ : 'A' <= c && c <= 'F' ? 'A' - 10
+ : 'a' - 10)));
+ }
if (c != EOF)
ungetc (c, fp);
return n;
@@ -479,7 +480,6 @@
unsigned max_code = CHARSET_MAX_CODE (charset);
int fd;
FILE *fp;
- int eof;
Lisp_Object suffixes;
struct charset_map_entries *head, *entries;
int n_entries, count;
@@ -504,22 +504,27 @@
memset (entries, 0, sizeof (struct charset_map_entries));
n_entries = 0;
- eof = 0;
while (1)
{
- unsigned from, to;
- int c;
+ unsigned from, to, c;
int idx;
+ int eof = 0, overflow = 0;
- from = read_hex (fp, &eof);
+ from = read_hex (fp, &eof, &overflow);
if (eof)
break;
if (getc (fp) == '-')
- to = read_hex (fp, &eof);
+ to = read_hex (fp, &eof, &overflow);
else
to = from;
- c = (int) read_hex (fp, &eof);
+ if (eof)
+ break;
+ c = read_hex (fp, &eof, &overflow);
+ if (eof)
+ break;
+ if (overflow)
+ continue;
if (from < min_code || to > max_code || from > to || c > MAX_CHAR)
continue;
@@ -1145,13 +1150,25 @@
hash_code);
if (charset_table_used == charset_table_size)
{
- struct charset *new_table
- = (struct charset *) xmalloc (sizeof (struct charset)
- * (charset_table_size + 16));
- memcpy (new_table, charset_table,
- sizeof (struct charset) * charset_table_size);
- charset_table_size += 16;
+ /* Ensure that charset IDs fit into 'int' as well as into the
+ restriction imposed by fixnums. Although the 'int' restriction
+ could be removed, too much other code would need altering; for
+ example, the IDs are stuffed into struct
+ coding_system.charbuf[i] entries, which are 'int'. */
+ int old_size = charset_table_size;
+ struct charset *new_table =
+ xpalloc (0, &charset_table_size, 1,
+ min (INT_MAX, MOST_POSITIVE_FIXNUM),
+ sizeof *charset_table);
+ memcpy (new_table, charset_table, old_size * sizeof *new_table);
charset_table = new_table;
+ /* FIXME: Doesn't this leak memory? The old charset_table becomes
+ unreachable. It could be that this is intentional, because the
+ old charset table may be in a dumped emacs, and reallocating such
+ a table may not work. If the memory leak is intentional, a
+ comment should be added to explain this. If not, the old
+ charset_table should be freed, by passing it as the 1st argument
+ to xpalloc and removing the memcpy. */
}
id = charset_table_used++;
new_definition_p = 1;
@@ -2210,14 +2227,16 @@
{
Lisp_Object charset;
int id;
- int priority;
+ ptrdiff_t priority;
};
static int
charset_compare (const void *d1, const void *d2)
{
const struct charset_sort_data *data1 = d1, *data2 = d2;
- return (data1->priority - data2->priority);
+ if (data1->priority != data2->priority)
+ return data1->priority < data2->priority ? -1 : 1;
+ return 0;
}
DEFUN ("sort-charsets", Fsort_charsets, Ssort_charsets, 1, 1, 0,
@@ -2227,7 +2246,8 @@
(Lisp_Object charsets)
{
Lisp_Object len = Flength (charsets);
- int n = XFASTINT (len), i, j, done;
+ ptrdiff_t n = XFASTINT (len), i, j;
+ int done;
Lisp_Object tail, elt, attrs;
struct charset_sort_data *sort_data;
int id, min_id = INT_MAX, max_id = INT_MIN;
@@ -2235,7 +2255,7 @@
if (n == 0)
return Qnil;
- SAFE_ALLOCA (sort_data, struct charset_sort_data *, sizeof (*sort_data) * n);
+ SAFE_NALLOCA (sort_data, 1, n);
for (tail = charsets, i = 0; CONSP (tail); tail = XCDR (tail), i++)
{
elt = XCAR (tail);
@@ -2310,6 +2330,17 @@
void
syms_of_charset (void)
{
+ /* Allocate an initial charset table that is just under 64 KiB in size.
+ This should be large enough so that the charset table need not be
+ reallocated during an initial bootstrap. Allocating anything larger than
+ 64 KiB in an initial run may not work, because glibc malloc might use
+ mmap for larger allocations, and these don't work well across dumped
+ systems. */
+ enum {
+ initial_malloc_max = (1 << 16) - 1,
+ charset_table_size_init = initial_malloc_max / sizeof (struct charset)
+ };
+
DEFSYM (Qcharsetp, "charsetp");
DEFSYM (Qascii, "ascii");
@@ -2342,9 +2373,9 @@
Vcharset_hash_table = Fmake_hash_table (2, args);
}
- charset_table_size = 128;
- charset_table = ((struct charset *)
- xmalloc (sizeof (struct charset) * charset_table_size));
+ charset_table = (struct charset *) xmalloc (sizeof (struct charset)
+ * charset_table_size_init);
+ charset_table_size = charset_table_size_init;
charset_table_used = 0;
defsubr (&Scharsetp);
=== modified file 'src/charset.h'
--- a/src/charset.h 2011-06-15 18:57:45 +0000
+++ b/src/charset.h 2011-07-19 06:07:07 +0000
@@ -148,7 +148,7 @@
int id;
/* Index to Vcharset_hash_table. */
- EMACS_INT hash_index;
+ ptrdiff_t hash_index;
/* Dimension of the charset: 1, 2, 3, or 4. */
int dimension;
@@ -341,7 +341,7 @@
number of the charset. Otherwise, signal an error. */
#define CHECK_CHARSET_GET_ID(x, id) \
do { \
- int idx; \
+ ptrdiff_t idx; \
\
if (! SYMBOLP (x) || (idx = CHARSET_SYMBOL_HASH_INDEX (x)) < 0) \
wrong_type_argument (Qcharsetp, (x)); \
=== modified file 'src/cmds.c'
--- a/src/cmds.c 2011-08-23 03:09:59 +0000
+++ b/src/cmds.c 2011-08-24 21:20:36 +0000
@@ -472,7 +472,7 @@
{
USE_SAFE_ALLOCA;
char *strn, *p;
- SAFE_ALLOCA (strn, char *, n * len);
+ SAFE_NALLOCA (strn, len, n);
for (p = strn; n > 0; n--, p += len)
memcpy (p, str, len);
insert_and_inherit (strn, p - strn);
=== modified file 'src/coding.c'
--- a/src/coding.c 2011-07-01 11:03:55 +0000
+++ b/src/coding.c 2011-07-28 20:31:29 +0000
@@ -5838,7 +5838,7 @@
Lisp_Object
coding_system_charset_list (Lisp_Object coding_system)
{
- int id;
+ ptrdiff_t id;
Lisp_Object attrs, charset_list;
CHECK_CODING_SYSTEM_GET_ID (coding_system, id);
@@ -6683,8 +6683,12 @@
break;
}
- if (dst + MAX_MULTIBYTE_LENGTH * to_nchars > dst_end)
+ if ((dst_end - dst) / MAX_MULTIBYTE_LENGTH < to_nchars)
{
+ if (((min (PTRDIFF_MAX, SIZE_MAX) - (buf_end - buf))
+ / MAX_MULTIBYTE_LENGTH)
+ < to_nchars)
+ memory_full (SIZE_MAX);
dst = alloc_destination (coding,
buf_end - buf
+ MAX_MULTIBYTE_LENGTH * to_nchars,
@@ -7888,11 +7892,10 @@
}
else if (EQ (dst_object, Qt))
{
+ ptrdiff_t dst_bytes = max (1, coding->src_chars);
coding->dst_object = Qnil;
- coding->dst_bytes = coding->src_chars;
- if (coding->dst_bytes == 0)
- coding->dst_bytes = 1;
- coding->destination = (unsigned char *) xmalloc (coding->dst_bytes);
+ coding->destination = (unsigned char *) xmalloc (dst_bytes);
+ coding->dst_bytes = dst_bytes;
coding->dst_multibyte = 0;
}
else
@@ -8076,7 +8079,7 @@
Lisp_Object attrs, eol_type;
Lisp_Object val = Qnil;
struct coding_system coding;
- int id;
+ ptrdiff_t id;
struct coding_detection_info detect_info;
enum coding_category base_category;
int null_byte_found = 0, eight_bit_found = 0;
=== modified file 'src/coding.h'
--- a/src/coding.h 2011-04-11 06:58:57 +0000
+++ b/src/coding.h 2011-07-19 06:07:07 +0000
@@ -415,7 +415,7 @@
setup_coding_system. At the early stage of building time, this
value is -1 in the array coding_categories to indicate that no
coding-system of that category is yet defined. */
- int id;
+ ptrdiff_t id;
/* Flag bits of the coding system. The meaning of each bit is common
to all types of coding systems. */
=== modified file 'src/composite.c'
--- a/src/composite.c 2011-08-07 19:40:08 +0000
+++ b/src/composite.c 2011-08-14 06:40:45 +0000
@@ -142,10 +142,10 @@
struct composition **composition_table;
/* The current size of `composition_table'. */
-static int composition_table_size;
+static ptrdiff_t composition_table_size;
/* Number of compositions currently made. */
-int n_compositions;
+ptrdiff_t n_compositions;
/* Hash table for compositions. The key is COMPONENTS-VEC of
`composition' property. The value is the corresponding
@@ -172,19 +172,30 @@
If the composition is invalid, return -1. */
-int
+ptrdiff_t
get_composition_id (EMACS_INT charpos, EMACS_INT bytepos, EMACS_INT nchars,
Lisp_Object prop, Lisp_Object string)
{
Lisp_Object id, length, components, key, *key_contents;
- int glyph_len;
+ ptrdiff_t glyph_len;
struct Lisp_Hash_Table *hash_table = XHASH_TABLE (composition_hash_table);
- EMACS_INT hash_index;
+ ptrdiff_t hash_index;
EMACS_UINT hash_code;
+ enum composition_method method;
struct composition *cmp;
EMACS_INT i;
int ch;
+ /* Maximum length of a string of glyphs. XftGlyphExtents limits
+ this to INT_MAX, and Emacs limits it further. Divide INT_MAX - 1
+ by 2 because x_produce_glyphs computes glyph_len * 2 + 1. Divide
+ the size by MAX_MULTIBYTE_LENGTH because encode_terminal_code
+ multiplies glyph_len by MAX_MULTIBYTE_LENGTH. */
+ enum {
+ GLYPH_LEN_MAX = min ((INT_MAX - 1) / 2,
+ min (PTRDIFF_MAX, SIZE_MAX) / MAX_MULTIBYTE_LENGTH)
+ };
+
/* PROP should be
Form-A: ((LENGTH . COMPONENTS) . MODIFICATION-FUNC)
or
@@ -258,21 +269,9 @@
/* This composition is a new one. We must register it. */
/* Check if we have sufficient memory to store this information. */
- if (composition_table_size == 0)
- {
- composition_table_size = 256;
- composition_table
- = (struct composition **) xmalloc (sizeof (composition_table[0])
- * composition_table_size);
- }
- else if (composition_table_size <= n_compositions)
- {
- composition_table_size += 256;
- composition_table
- = (struct composition **) xrealloc (composition_table,
- sizeof (composition_table[0])
- * composition_table_size);
- }
+ if (composition_table_size <= n_compositions)
+ composition_table = xpalloc (composition_table, &composition_table_size,
+ 1, -1, sizeof *composition_table);
key_contents = XVECTOR (key)->contents;
@@ -316,20 +315,26 @@
/* Register the composition in composition_hash_table. */
hash_index = hash_put (hash_table, key, id, hash_code);
+ method = (NILP (components)
+ ? COMPOSITION_RELATIVE
+ : ((INTEGERP (components) || STRINGP (components))
+ ? COMPOSITION_WITH_ALTCHARS
+ : COMPOSITION_WITH_RULE_ALTCHARS));
+
+ glyph_len = (method == COMPOSITION_WITH_RULE_ALTCHARS
+ ? (ASIZE (key) + 1) / 2
+ : ASIZE (key));
+
+ if (GLYPH_LEN_MAX < glyph_len)
+ memory_full (SIZE_MAX);
+
/* Register the composition in composition_table. */
cmp = (struct composition *) xmalloc (sizeof (struct composition));
- cmp->method = (NILP (components)
- ? COMPOSITION_RELATIVE
- : ((INTEGERP (components) || STRINGP (components))
- ? COMPOSITION_WITH_ALTCHARS
- : COMPOSITION_WITH_RULE_ALTCHARS));
+ cmp->method = method;
cmp->hash_index = hash_index;
- glyph_len = (cmp->method == COMPOSITION_WITH_RULE_ALTCHARS
- ? (ASIZE (key) + 1) / 2
- : ASIZE (key));
cmp->glyph_len = glyph_len;
- cmp->offsets = (short *) xmalloc (sizeof (short) * glyph_len * 2);
+ cmp->offsets = xnmalloc (glyph_len, 2 * sizeof *cmp->offsets);
cmp->font = NULL;
if (cmp->method != COMPOSITION_WITH_RULE_ALTCHARS)
@@ -656,7 +661,7 @@
gstring_lookup_cache (Lisp_Object header)
{
struct Lisp_Hash_Table *h = XHASH_TABLE (gstring_hash_table);
- EMACS_INT i = hash_lookup (h, header, NULL);
+ ptrdiff_t i = hash_lookup (h, header, NULL);
return (i >= 0 ? HASH_VALUE (h, i) : Qnil);
}
@@ -691,7 +696,7 @@
}
Lisp_Object
-composition_gstring_from_id (int id)
+composition_gstring_from_id (ptrdiff_t id)
{
struct Lisp_Hash_Table *h = XHASH_TABLE (gstring_hash_table);
=== modified file 'src/composite.h'
--- a/src/composite.h 2011-06-12 23:25:12 +0000
+++ b/src/composite.h 2011-08-05 02:15:35 +0000
@@ -170,7 +170,7 @@
struct composition {
/* Number of glyphs of the composition components. */
- unsigned glyph_len;
+ int glyph_len;
/* Width, ascent, and descent pixels of the composition. */
short pixel_width, ascent, descent;
@@ -193,7 +193,7 @@
void *font;
/* Pointer to an array of x-offset and y-offset (by pixels) of
- glyphs. This points to a sufficient memory space (sizeof (int) *
+ glyphs. This points to a sufficient memory space (sizeof (short) *
glyph_len * 2) that is allocated when the composition is
registered in composition_table. X-offset and Y-offset of Nth
glyph are (2N)th and (2N+1)th elements respectively. */
@@ -204,7 +204,7 @@
COMPOSITION-ID. */
extern struct composition **composition_table;
/* Number of the currently registered compositions. */
-extern int n_compositions;
+extern ptrdiff_t n_compositions;
/* Mask bits for CHECK_MASK arg to update_compositions.
For a change in the region FROM and TO, check compositions ... */
@@ -216,8 +216,8 @@
extern Lisp_Object Qcomposition;
extern Lisp_Object composition_hash_table;
-extern int get_composition_id (EMACS_INT, EMACS_INT, EMACS_INT,
- Lisp_Object, Lisp_Object);
+extern ptrdiff_t get_composition_id (EMACS_INT, EMACS_INT, EMACS_INT,
+ Lisp_Object, Lisp_Object);
extern int find_composition (EMACS_INT, EMACS_INT, EMACS_INT *, EMACS_INT *,
Lisp_Object *, Lisp_Object);
extern void update_compositions (EMACS_INT, EMACS_INT, int);
@@ -299,7 +299,7 @@
struct font_metrics;
extern Lisp_Object composition_gstring_put_cache (Lisp_Object, EMACS_INT);
-extern Lisp_Object composition_gstring_from_id (int);
+extern Lisp_Object composition_gstring_from_id (ptrdiff_t);
extern int composition_gstring_p (Lisp_Object);
extern int composition_gstring_width (Lisp_Object, EMACS_INT, EMACS_INT,
struct font_metrics *);
=== modified file 'src/dispextern.h'
--- a/src/dispextern.h 2011-08-25 10:45:33 +0000
+++ b/src/dispextern.h 2011-08-25 19:06:56 +0000
@@ -575,7 +575,7 @@
struct glyph *glyphs;
/* Allocated size of `glyphs'. */
- int nglyphs;
+ ptrdiff_t nglyphs;
/* Number of rows and columns in a matrix. */
int nrows, ncolumns;
@@ -625,7 +625,7 @@
struct glyph_row *rows;
/* Number of elements allocated for the vector rows above. */
- int rows_allocated;
+ ptrdiff_t rows_allocated;
/* The number of rows used by the window if all lines were displayed
with the smallest possible character height. */
@@ -1240,7 +1240,7 @@
struct composition *cmp;
/* If not negative, this string describes a compos. */
- int cmp_id;
+ ptrdiff_t cmp_id;
/* Start and end glyph indices in a glyph-string. */
int cmp_from, cmp_to;
@@ -1708,7 +1708,8 @@
struct face **faces_by_id;
/* The allocated size, and number of used slots of faces_by_id. */
- int size, used;
+ ptrdiff_t size;
+ int used;
/* Flag indicating that attributes of the `menu' face have been
changed. */
@@ -2059,7 +2060,7 @@
EMACS_INT stop_pos;
/* ID number of the composition or glyph-string. If negative, we
are not iterating over a composition now. */
- int id;
+ ptrdiff_t id;
/* If non-negative, character that triggers the automatic
composition at `stop_pos', and this is an automatic composition.
If negative, this is a static composition. This is set to -2
@@ -2249,7 +2250,7 @@
struct {
Lisp_Object object;
struct it_slice slice;
- int image_id;
+ ptrdiff_t image_id;
} image;
/* method == GET_FROM_COMPOSITION */
struct {
@@ -2379,7 +2380,7 @@
enum glyphless_display_method glyphless_method;
/* If what == IT_IMAGE, the id of the image to display. */
- int image_id;
+ ptrdiff_t image_id;
/* Values from `slice' property. */
struct it_slice slice;
@@ -2829,7 +2830,7 @@
EMACS_UINT hash;
/* Image id of this image. */
- int id;
+ ptrdiff_t id;
/* Hash collision chain. */
struct image *next, *prev;
@@ -2848,13 +2849,13 @@
struct image **images;
/* Allocated size of `images'. */
- unsigned size;
+ ptrdiff_t size;
/* Number of images in the cache. */
- unsigned used;
+ ptrdiff_t used;
/* Reference count (number of frames sharing this cache). */
- int refcount;
+ ptrdiff_t refcount;
};
@@ -3121,7 +3122,7 @@
extern int x_bitmap_height (struct frame *, ptrdiff_t);
extern int x_bitmap_width (struct frame *, ptrdiff_t);
extern int x_bitmap_pixmap (struct frame *, ptrdiff_t);
-extern void x_reference_bitmap (struct frame *, int);
+extern void x_reference_bitmap (struct frame *, ptrdiff_t);
extern ptrdiff_t x_create_bitmap_from_data (struct frame *, char *,
unsigned int, unsigned int);
extern ptrdiff_t x_create_bitmap_from_file (struct frame *, Lisp_Object);
@@ -3142,7 +3143,7 @@
void mark_image_cache (struct image_cache *);
int valid_image_p (Lisp_Object);
void prepare_image_for_display (struct frame *, struct image *);
-int lookup_image (struct frame *, Lisp_Object);
+ptrdiff_t lookup_image (struct frame *, Lisp_Object);
unsigned long image_background (struct image *, struct frame *,
XImagePtr_or_DC ximg);
=== modified file 'src/dispnew.c'
--- a/src/dispnew.c 2011-08-23 08:38:29 +0000
+++ b/src/dispnew.c 2011-08-24 21:20:36 +0000
@@ -499,12 +499,12 @@
/* Enlarge MATRIX->rows if necessary. New rows are cleared. */
if (matrix->rows_allocated < dim.height)
{
- ptrdiff_t size = dim.height * sizeof (struct glyph_row);
+ int old_alloc = matrix->rows_allocated;
new_rows = dim.height - matrix->rows_allocated;
- matrix->rows = (struct glyph_row *) xrealloc (matrix->rows, size);
- memset (matrix->rows + matrix->rows_allocated, 0,
- new_rows * sizeof *matrix->rows);
- matrix->rows_allocated = dim.height;
+ matrix->rows = xpalloc (matrix->rows, &matrix->rows_allocated,
+ new_rows, INT_MAX, sizeof *matrix->rows);
+ memset (matrix->rows + old_alloc, 0,
+ (matrix->rows_allocated - old_alloc) * sizeof *matrix->rows);
}
else
new_rows = 0;
@@ -576,9 +576,8 @@
while (row < end)
{
row->glyphs[LEFT_MARGIN_AREA]
- = (struct glyph *) xrealloc (row->glyphs[LEFT_MARGIN_AREA],
- (dim.width
- * sizeof (struct glyph)));
+ = xnrealloc (row->glyphs[LEFT_MARGIN_AREA],
+ dim.width, sizeof (struct glyph));
/* The mode line never has marginal areas. */
if (row == matrix->rows + dim.height - 1
@@ -1217,7 +1216,7 @@
struct glyph *end = beg + row->used[TEXT_AREA];
int len;
Lisp_Object *glyph_table_base = GLYPH_TABLE_BASE;
- int glyph_table_len = GLYPH_TABLE_LENGTH;
+ ptrdiff_t glyph_table_len = GLYPH_TABLE_LENGTH;
/* Ignore trailing and leading spaces if we can. */
if (!FRAME_MUST_WRITE_SPACES (SELECTED_FRAME ())) /* XXX Is SELECTED_FRAME
OK here? */
@@ -1391,7 +1390,7 @@
static int
realloc_glyph_pool (struct glyph_pool *pool, struct dim matrix_dim)
{
- int needed;
+ ptrdiff_t needed;
int changed_p;
changed_p = (pool->glyphs == 0
@@ -1399,24 +1398,17 @@
|| matrix_dim.width != pool->ncolumns);
/* Enlarge the glyph pool. */
- needed = matrix_dim.width * matrix_dim.height;
+ needed = matrix_dim.width;
+ if (INT_MULTIPLY_OVERFLOW (needed, matrix_dim.height))
+ memory_full (SIZE_MAX);
+ needed *= matrix_dim.height;
if (needed > pool->nglyphs)
{
- ptrdiff_t size = needed * sizeof (struct glyph);
-
- if (pool->glyphs)
- {
- pool->glyphs = (struct glyph *) xrealloc (pool->glyphs, size);
- memset (pool->glyphs + pool->nglyphs, 0,
- size - pool->nglyphs * sizeof (struct glyph));
- }
- else
- {
- pool->glyphs = (struct glyph *) xmalloc (size);
- memset (pool->glyphs, 0, size);
- }
-
- pool->nglyphs = needed;
+ ptrdiff_t old_nglyphs = pool->nglyphs;
+ pool->glyphs = xpalloc (pool->glyphs, &pool->nglyphs,
+ needed - old_nglyphs, -1, sizeof *pool->glyphs);
+ memset (pool->glyphs + old_nglyphs, 0,
+ (pool->nglyphs - old_nglyphs) * sizeof *pool->glyphs);
}
/* Remember the number of rows and columns because (a) we use them
@@ -4166,7 +4158,7 @@
int new_line_number;
/* Bucket index of this row_entry in the hash table row_table. */
- int bucket;
+ ptrdiff_t bucket;
/* The row described by this entry. */
struct glyph_row *row;
@@ -4180,29 +4172,29 @@
that we need a larger one. */
static struct row_entry *row_entry_pool;
-static int row_entry_pool_size;
+static ptrdiff_t row_entry_pool_size;
/* Index of next free entry in row_entry_pool. */
-static int row_entry_idx;
+static ptrdiff_t row_entry_idx;
/* The hash table used during scrolling, and the table's size. This
table is used to quickly identify equal rows in the desired and
current matrix. */
static struct row_entry **row_table;
-static int row_table_size;
+static ptrdiff_t row_table_size;
/* Vectors of pointers to row_entry structures belonging to the
current and desired matrix, and the size of the vectors. */
static struct row_entry **old_lines, **new_lines;
-static int old_lines_size, new_lines_size;
+static ptrdiff_t old_lines_size, new_lines_size;
/* A pool to allocate run structures from, and its size. */
static struct run *run_pool;
-static int runs_size;
+static ptrdiff_t runs_size;
/* A vector of runs of lines found during scrolling. */
@@ -4214,7 +4206,7 @@
add_row_entry (struct glyph_row *row)
{
struct row_entry *entry;
- int i = row->hash % row_table_size;
+ ptrdiff_t i = row->hash % row_table_size;
entry = row_table[i];
while (entry && !row_equal_p (entry->row, row, 1))
@@ -4267,9 +4259,10 @@
struct glyph_matrix *desired_matrix = w->desired_matrix;
struct glyph_matrix *current_matrix = w->current_matrix;
int yb = window_text_bottom_y (w);
- int i, j, first_old, first_new, last_old, last_new;
- int nruns, n, run_idx;
- ptrdiff_t nbytes;
+ ptrdiff_t i;
+ int j, first_old, first_new, last_old, last_new;
+ int nruns, run_idx;
+ ptrdiff_t n;
struct row_entry *entry;
struct redisplay_interface *rif = FRAME_RIF (XFRAME (WINDOW_FRAME (w)));
@@ -4354,45 +4347,59 @@
if (last_new == first_new)
return 0;
+ /* Check for integer overflow in size calculation.
+
+ If next_almost_prime checks (N) for divisibility by 2..10, then
+ it can return at most N + 10, e.g., next_almost_prime (1) == 11.
+ So, set next_almost_prime_increment_max to 10.
+
+ It's just a coincidence that next_almost_prime_increment_max ==
+ NEXT_ALMOST_PRIME_LIMIT - 1. If NEXT_ALMOST_PRIME_LIMIT were
+ 13, then next_almost_prime_increment_max would be 14, e.g.,
+ because next_almost_prime (113) would be 127. */
+ {
+ verify (NEXT_ALMOST_PRIME_LIMIT == 11);
+ enum { next_almost_prime_increment_max = 10 };
+ ptrdiff_t row_table_max =
+ (min (PTRDIFF_MAX, SIZE_MAX) / (3 * sizeof *row_table)
+ - next_almost_prime_increment_max);
+ ptrdiff_t current_nrows_max = row_table_max - desired_matrix->nrows;
+ if (current_nrows_max < current_matrix->nrows)
+ memory_full (SIZE_MAX);
+ }
+
/* Reallocate vectors, tables etc. if necessary. */
if (current_matrix->nrows > old_lines_size)
- {
- old_lines_size = current_matrix->nrows;
- nbytes = old_lines_size * sizeof *old_lines;
- old_lines = (struct row_entry **) xrealloc (old_lines, nbytes);
- }
+ old_lines = xpalloc (old_lines, &old_lines_size,
+ current_matrix->nrows - old_lines_size,
+ INT_MAX, sizeof *old_lines);
if (desired_matrix->nrows > new_lines_size)
- {
- new_lines_size = desired_matrix->nrows;
- nbytes = new_lines_size * sizeof *new_lines;
- new_lines = (struct row_entry **) xrealloc (new_lines, nbytes);
- }
+ new_lines = xpalloc (new_lines, &new_lines_size,
+ desired_matrix->nrows - new_lines_size,
+ INT_MAX, sizeof *new_lines);
- n = desired_matrix->nrows + current_matrix->nrows;
- if (3 * n > row_table_size)
+ n = desired_matrix->nrows;
+ n += current_matrix->nrows;
+ if (row_table_size < 3 * n)
{
- row_table_size = next_almost_prime (3 * n);
- nbytes = row_table_size * sizeof *row_table;
- row_table = (struct row_entry **) xrealloc (row_table, nbytes);
- memset (row_table, 0, nbytes);
+ ptrdiff_t size = next_almost_prime (3 * n);
+ row_table = xnrealloc (row_table, size, sizeof *row_table);
+ row_table_size = size;
+ memset (row_table, 0, size * sizeof *row_table);
}
if (n > row_entry_pool_size)
- {
- row_entry_pool_size = n;
- nbytes = row_entry_pool_size * sizeof *row_entry_pool;
- row_entry_pool = (struct row_entry *) xrealloc (row_entry_pool, nbytes);
- }
+ row_entry_pool = xpalloc (row_entry_pool, &row_entry_pool_size,
+ n - row_entry_pool_size,
+ -1, sizeof *row_entry_pool);
if (desired_matrix->nrows > runs_size)
{
+ runs = xnrealloc (runs, desired_matrix->nrows, sizeof *runs);
+ run_pool = xnrealloc (run_pool, desired_matrix->nrows, sizeof *run_pool);
runs_size = desired_matrix->nrows;
- nbytes = runs_size * sizeof *runs;
- runs = (struct run **) xrealloc (runs, nbytes);
- nbytes = runs_size * sizeof *run_pool;
- run_pool = (struct run *) xrealloc (run_pool, nbytes);
}
nruns = run_idx = 0;
=== modified file 'src/doc.c'
--- a/src/doc.c 2011-07-15 15:31:36 +0000
+++ b/src/doc.c 2011-08-18 08:37:41 +0000
@@ -39,7 +39,7 @@
extern Lisp_Object Qclosure;
/* Buffer used for reading from documentation file. */
static char *get_doc_string_buffer;
-static int get_doc_string_buffer_size;
+static ptrdiff_t get_doc_string_buffer_size;
static unsigned char *read_bytecode_pointer;
static Lisp_Object Fdocumentation_property (Lisp_Object, Lisp_Object,
@@ -166,20 +166,19 @@
p = get_doc_string_buffer;
while (1)
{
- EMACS_INT space_left = (get_doc_string_buffer_size
+ ptrdiff_t space_left = (get_doc_string_buffer_size - 1
- (p - get_doc_string_buffer));
int nread;
/* Allocate or grow the buffer if we need to. */
- if (space_left == 0)
+ if (space_left <= 0)
{
- EMACS_INT in_buffer = p - get_doc_string_buffer;
- get_doc_string_buffer_size += 16 * 1024;
- get_doc_string_buffer
- = (char *) xrealloc (get_doc_string_buffer,
- get_doc_string_buffer_size + 1);
+ ptrdiff_t in_buffer = p - get_doc_string_buffer;
+ get_doc_string_buffer =
+ xpalloc (get_doc_string_buffer, &get_doc_string_buffer_size,
+ 16 * 1024, -1, 1);
p = get_doc_string_buffer + in_buffer;
- space_left = (get_doc_string_buffer_size
+ space_left = (get_doc_string_buffer_size - 1
- (p - get_doc_string_buffer));
}
@@ -713,16 +712,16 @@
int changed = 0;
register unsigned char *strp;
register char *bufp;
- EMACS_INT idx;
- EMACS_INT bsize;
+ ptrdiff_t idx;
+ ptrdiff_t bsize;
Lisp_Object tem;
Lisp_Object keymap;
unsigned char *start;
- EMACS_INT length, length_byte;
+ ptrdiff_t length, length_byte;
Lisp_Object name;
struct gcpro gcpro1, gcpro2, gcpro3, gcpro4;
int multibyte;
- EMACS_INT nchars;
+ ptrdiff_t nchars;
if (NILP (string))
return Qnil;
@@ -774,7 +773,7 @@
}
else if (strp[0] == '\\' && strp[1] == '[')
{
- EMACS_INT start_idx;
+ ptrdiff_t start_idx;
int follow_remap = 1;
changed = 1;
@@ -813,7 +812,9 @@
if (NILP (tem)) /* but not on any keys */
{
- EMACS_INT offset = bufp - buf;
+ ptrdiff_t offset = bufp - buf;
+ if (STRING_BYTES_BOUND - 4 < bsize)
+ string_overflow ();
buf = (char *) xrealloc (buf, bsize += 4);
bufp = buf + offset;
memcpy (bufp, "M-x ", 4);
@@ -836,7 +837,7 @@
else if (strp[0] == '\\' && (strp[1] == '{' || strp[1] == '<'))
{
struct buffer *oldbuf;
- EMACS_INT start_idx;
+ ptrdiff_t start_idx;
/* This is for computing the SHADOWS arg for describe_map_tree. */
Lisp_Object active_maps = Fcurrent_active_maps (Qnil, Qnil);
Lisp_Object earlier_maps;
@@ -907,7 +908,9 @@
length_byte = SBYTES (tem);
subst:
{
- EMACS_INT offset = bufp - buf;
+ ptrdiff_t offset = bufp - buf;
+ if (STRING_BYTES_BOUND - length_byte < bsize)
+ string_overflow ();
buf = (char *) xrealloc (buf, bsize += length_byte);
bufp = buf + offset;
memcpy (bufp, start, length_byte);
=== modified file 'src/editfns.c'
--- a/src/editfns.c 2011-08-08 15:53:35 +0000
+++ b/src/editfns.c 2011-08-19 06:11:38 +0000
@@ -2107,7 +2107,7 @@
void
set_time_zone_rule (const char *tzstring)
{
- int envptrs;
+ ptrdiff_t envptrs;
char **from, **to, **newenv;
/* Make the ENVIRON vector longer with room for TZSTRING. */
@@ -3357,7 +3357,7 @@
static char *message_text;
/* Allocated length of that buffer. */
-static int message_length;
+static ptrdiff_t message_length;
DEFUN ("message", Fmessage, Smessage, 1, MANY, 0,
doc: /* Display a message at the bottom of the screen.
@@ -3439,8 +3439,8 @@
}
if (SBYTES (val) > message_length)
{
+ message_text = (char *) xrealloc (message_text, SBYTES (val));
message_length = SBYTES (val);
- message_text = (char *)xrealloc (message_text, message_length);
}
memcpy (message_text, SDATA (val), SBYTES (val));
message2 (message_text, SBYTES (val),
@@ -3889,7 +3889,7 @@
: -1)),
/* Maximum number of bytes generated by any format, if
- precision is no more than DBL_USEFUL_PRECISION_MAX.
+ precision is no more than USEFUL_PRECISION_MAX.
On all practical hosts, %f is the worst case. */
SPRINTF_BUFSIZE =
sizeof "-." + (DBL_MAX_10_EXP + 1) + USEFUL_PRECISION_MAX,
@@ -4165,7 +4165,7 @@
character. CONVBYTES says how much room is needed. Allocate
enough room (and then some) and do it again. */
{
- EMACS_INT used = p - buf;
+ ptrdiff_t used = p - buf;
if (max_bufsize - used < convbytes)
string_overflow ();
=== modified file 'src/emacs.c'
--- a/src/emacs.c 2011-08-04 17:04:39 +0000
+++ b/src/emacs.c 2011-08-05 02:19:34 +0000
@@ -1358,24 +1358,17 @@
/* If we have the form --display=NAME,
convert it into -d name.
This requires inserting a new element into argv. */
- if (displayname != 0 && skip_args - count_before == 1)
+ if (displayname && count_before < skip_args)
{
- char **new = (char **) xmalloc (sizeof (char *) * (argc + 2));
- int j;
-
- for (j = 0; j < count_before + 1; j++)
- new[j] = argv[j];
- new[count_before + 1] = (char *) "-d";
- new[count_before + 2] = displayname;
- for (j = count_before + 2; j <argc; j++)
- new[j + 1] = argv[j];
- argv = new;
- argc++;
+ if (skip_args == count_before + 1)
+ {
+ memmove (argv + count_before + 3, argv + count_before + 2,
+ (argc - (count_before + 2)) * sizeof *argv);
+ argv[count_before + 2] = displayname;
+ argc++;
+ }
+ argv[count_before + 1] = (char *) "-d";
}
- /* Change --display to -d, when its arg is separate. */
- else if (displayname != 0 && skip_args > count_before
- && argv[count_before + 1][1] == '-')
- argv[count_before + 1] = (char *) "-d";
if (! no_site_lisp)
{
@@ -1838,8 +1831,8 @@
0 for an option that takes no arguments,
1 for an option that takes one argument, etc.
-1 for an ordinary non-option argument. */
- int *options = (int *) xmalloc (sizeof (int) * argc);
- int *priority = (int *) xmalloc (sizeof (int) * argc);
+ int *options = xnmalloc (argc, sizeof *options);
+ int *priority = xnmalloc (argc, sizeof *priority);
int to = 1;
int incoming_used = 1;
int from;
=== modified file 'src/eval.c'
--- a/src/eval.c 2011-08-20 21:22:46 +0000
+++ b/src/eval.c 2011-08-24 21:20:36 +0000
@@ -133,8 +133,9 @@
void
init_eval_once (void)
{
- specpdl_size = 50;
- specpdl = (struct specbinding *) xmalloc (specpdl_size * sizeof (struct
specbinding));
+ enum { size = 50 };
+ specpdl = (struct specbinding *) xmalloc (size * sizeof (struct
specbinding));
+ specpdl_size = size;
specpdl_ptr = specpdl;
/* Don't forget to update docs (lispref node "Local Variables"). */
max_specpdl_size = 1300; /* 1000 is not enough for CEDET's c-by.el. */
@@ -192,7 +193,7 @@
if (lisp_eval_depth + 40 > max_lisp_eval_depth)
max_lisp_eval_depth = lisp_eval_depth + 40;
- if (SPECPDL_INDEX () + 100 > max_specpdl_size)
+ if (max_specpdl_size - 100 < SPECPDL_INDEX ())
max_specpdl_size = SPECPDL_INDEX () + 100;
#ifdef HAVE_WINDOW_SYSTEM
@@ -3254,17 +3255,21 @@
grow_specpdl (void)
{
register int count = SPECPDL_INDEX ();
- if (specpdl_size >= max_specpdl_size)
+ int max_size =
+ min (max_specpdl_size,
+ min (max (PTRDIFF_MAX, SIZE_MAX) / sizeof (struct specbinding),
+ INT_MAX));
+ int size;
+ if (max_size <= specpdl_size)
{
if (max_specpdl_size < 400)
- max_specpdl_size = 400;
- if (specpdl_size >= max_specpdl_size)
+ max_size = max_specpdl_size = 400;
+ if (max_size <= specpdl_size)
signal_error ("Variable binding depth exceeds max-specpdl-size", Qnil);
}
- specpdl_size *= 2;
- if (specpdl_size > max_specpdl_size)
- specpdl_size = max_specpdl_size;
- specpdl = (struct specbinding *) xrealloc (specpdl, specpdl_size * sizeof
(struct specbinding));
+ size = specpdl_size < max_size / 2 ? 2 * specpdl_size : max_size;
+ specpdl = xnrealloc (specpdl, size, sizeof *specpdl);
+ specpdl_size = size;
specpdl_ptr = specpdl + count;
}
=== modified file 'src/fileio.c'
--- a/src/fileio.c 2011-07-19 20:33:28 +0000
+++ b/src/fileio.c 2011-07-19 20:37:27 +0000
@@ -2912,7 +2912,7 @@
encoded_absname = ENCODE_FILE (absname);
- if (chmod (SSDATA (encoded_absname), XINT (mode)) < 0)
+ if (chmod (SSDATA (encoded_absname), XINT (mode) & 07777) < 0)
report_file_error ("Doing chmod", Fcons (absname, Qnil));
return Qnil;
@@ -5114,11 +5114,11 @@
{
if (stat (SSDATA (BVAR (current_buffer, filename)), &st) >= 0)
/* But make sure we can overwrite it later! */
- auto_save_mode_bits = st.st_mode | 0600;
+ auto_save_mode_bits = (st.st_mode | 0600) & 0777;
else if ((modes = Ffile_modes (BVAR (current_buffer, filename)),
INTEGERP (modes)))
/* Remote files don't cooperate with stat. */
- auto_save_mode_bits = XINT (modes) | 0600;
+ auto_save_mode_bits = (XINT (modes) | 0600) & 0777;
}
return
=== modified file 'src/fns.c'
--- a/src/fns.c 2011-07-08 00:51:25 +0000
+++ b/src/fns.c 2011-08-05 02:15:35 +0000
@@ -602,7 +602,7 @@
prev = Qnil;
if (STRINGP (val))
- SAFE_ALLOCA (textprops, struct textprop_rec *, sizeof (struct
textprop_rec) * nargs);
+ SAFE_NALLOCA (textprops, 1, nargs);
for (argnum = 0; argnum < nargs; argnum++)
{
@@ -3395,11 +3395,13 @@
/* Value is the next integer I >= N, N >= 0 which is "almost" a prime
- number. */
+ number. A number is "almost" a prime number if it is not divisible
+ by any integer in the range 2 .. (NEXT_ALMOST_PRIME_LIMIT - 1). */
EMACS_INT
next_almost_prime (EMACS_INT n)
{
+ verify (NEXT_ALMOST_PRIME_LIMIT == 11);
for (n |= 1; ; n += 2)
if (n % 3 != 0 && n % 5 != 0 && n % 7 != 0)
return n;
@@ -3787,11 +3789,11 @@
the hash code of KEY. Value is the index of the entry in H
matching KEY, or -1 if not found. */
-EMACS_INT
+ptrdiff_t
hash_lookup (struct Lisp_Hash_Table *h, Lisp_Object key, EMACS_UINT *hash)
{
EMACS_UINT hash_code;
- EMACS_INT start_of_bucket;
+ ptrdiff_t start_of_bucket;
Lisp_Object idx;
hash_code = h->hashfn (h, key);
@@ -3821,11 +3823,11 @@
HASH is a previously computed hash code of KEY.
Value is the index of the entry in H matching KEY. */
-EMACS_INT
+ptrdiff_t
hash_put (struct Lisp_Hash_Table *h, Lisp_Object key, Lisp_Object value,
EMACS_UINT hash)
{
- EMACS_INT start_of_bucket, i;
+ ptrdiff_t start_of_bucket, i;
xassert ((hash & ~INTMASK) == 0);
@@ -4482,7 +4484,7 @@
(Lisp_Object key, Lisp_Object table, Lisp_Object dflt)
{
struct Lisp_Hash_Table *h = check_hash_table (table);
- EMACS_INT i = hash_lookup (h, key, NULL);
+ ptrdiff_t i = hash_lookup (h, key, NULL);
return i >= 0 ? HASH_VALUE (h, i) : dflt;
}
@@ -4494,7 +4496,7 @@
(Lisp_Object key, Lisp_Object value, Lisp_Object table)
{
struct Lisp_Hash_Table *h = check_hash_table (table);
- EMACS_INT i;
+ ptrdiff_t i;
EMACS_UINT hash;
i = hash_lookup (h, key, &hash);
=== modified file 'src/frame.c'
--- a/src/frame.c 2011-08-09 22:13:11 +0000
+++ b/src/frame.c 2011-08-14 06:40:45 +0000
@@ -160,7 +160,7 @@
if (FRAME_MINIBUF_ONLY_P (f))
return;
- if (INTEGERP (value))
+ if (TYPE_RANGED_INTEGERP (int, value))
nlines = XINT (value);
else
nlines = 0;
@@ -2992,7 +2992,7 @@
f->size_hint_flags &= ~ (XNegative | YNegative);
if (EQ (left, Qminus))
f->size_hint_flags |= XNegative;
- else if (INTEGERP (left))
+ else if (TYPE_RANGED_INTEGERP (int, left))
{
leftpos = XINT (left);
if (leftpos < 0)
@@ -3000,21 +3000,21 @@
}
else if (CONSP (left) && EQ (XCAR (left), Qminus)
&& CONSP (XCDR (left))
- && INTEGERP (XCAR (XCDR (left))))
+ && RANGED_INTEGERP (-INT_MAX, XCAR (XCDR (left)), INT_MAX))
{
leftpos = - XINT (XCAR (XCDR (left)));
f->size_hint_flags |= XNegative;
}
else if (CONSP (left) && EQ (XCAR (left), Qplus)
&& CONSP (XCDR (left))
- && INTEGERP (XCAR (XCDR (left))))
+ && TYPE_RANGED_INTEGERP (int, XCAR (XCDR (left))))
{
leftpos = XINT (XCAR (XCDR (left)));
}
if (EQ (top, Qminus))
f->size_hint_flags |= YNegative;
- else if (INTEGERP (top))
+ else if (TYPE_RANGED_INTEGERP (int, top))
{
toppos = XINT (top);
if (toppos < 0)
@@ -3022,14 +3022,14 @@
}
else if (CONSP (top) && EQ (XCAR (top), Qminus)
&& CONSP (XCDR (top))
- && INTEGERP (XCAR (XCDR (top))))
+ && RANGED_INTEGERP (-INT_MAX, XCAR (XCDR (top)), INT_MAX))
{
toppos = - XINT (XCAR (XCDR (top)));
f->size_hint_flags |= YNegative;
}
else if (CONSP (top) && EQ (XCAR (top), Qplus)
&& CONSP (XCDR (top))
- && INTEGERP (XCAR (XCDR (top))))
+ && TYPE_RANGED_INTEGERP (int, XCAR (XCDR (top))))
{
toppos = XINT (XCAR (XCDR (top)));
}
@@ -3481,7 +3481,7 @@
x_set_window_size (f, 0, FRAME_COLS (f), FRAME_LINES (f));
do_pending_window_change (0);
}
- else if (INTEGERP (arg) && XINT (arg) > 0
+ else if (RANGED_INTEGERP (1, arg, INT_MAX)
&& XFASTINT (arg) != FRAME_CONFIG_SCROLL_BAR_WIDTH (f))
{
if (XFASTINT (arg) <= 2 * VERTICAL_SCROLL_BAR_WIDTH_TRIM)
@@ -3520,7 +3520,7 @@
{
double alpha = 1.0;
double newval[2];
- int i, ialpha;
+ int i;
Lisp_Object item;
for (i = 0; i < 2; i++)
@@ -3544,7 +3544,7 @@
}
else if (INTEGERP (item))
{
- ialpha = XINT (item);
+ EMACS_INT ialpha = XINT (item);
if (ialpha < 0 || 100 < ialpha)
args_out_of_range (make_number (0), make_number (100));
else
@@ -4031,11 +4031,15 @@
if (!EQ (tem0, Qunbound))
{
CHECK_NUMBER (tem0);
+ if (! (0 <= XINT (tem0) && XINT (tem0) <= INT_MAX))
+ xsignal1 (Qargs_out_of_range, tem0);
FRAME_LINES (f) = XINT (tem0);
}
if (!EQ (tem1, Qunbound))
{
CHECK_NUMBER (tem1);
+ if (! (0 <= XINT (tem1) && XINT (tem1) <= INT_MAX))
+ xsignal1 (Qargs_out_of_range, tem1);
SET_FRAME_COLS (f, XINT (tem1));
}
if (!NILP (tem2) && !EQ (tem2, Qunbound))
@@ -4066,12 +4070,10 @@
? tool_bar_button_relief
: DEFAULT_TOOL_BAR_BUTTON_RELIEF);
- if (INTEGERP (Vtool_bar_button_margin)
- && XINT (Vtool_bar_button_margin) > 0)
+ if (RANGED_INTEGERP (1, Vtool_bar_button_margin, INT_MAX))
margin = XFASTINT (Vtool_bar_button_margin);
else if (CONSP (Vtool_bar_button_margin)
- && INTEGERP (XCDR (Vtool_bar_button_margin))
- && XINT (XCDR (Vtool_bar_button_margin)) > 0)
+ && RANGED_INTEGERP (1, XCDR (Vtool_bar_button_margin), INT_MAX))
margin = XFASTINT (XCDR (Vtool_bar_button_margin));
else
margin = 0;
@@ -4097,14 +4099,14 @@
}
else if (CONSP (tem0) && EQ (XCAR (tem0), Qminus)
&& CONSP (XCDR (tem0))
- && INTEGERP (XCAR (XCDR (tem0))))
+ && RANGED_INTEGERP (-INT_MAX, XCAR (XCDR (tem0)), INT_MAX))
{
f->top_pos = - XINT (XCAR (XCDR (tem0)));
window_prompting |= YNegative;
}
else if (CONSP (tem0) && EQ (XCAR (tem0), Qplus)
&& CONSP (XCDR (tem0))
- && INTEGERP (XCAR (XCDR (tem0))))
+ && TYPE_RANGED_INTEGERP (int, XCAR (XCDR (tem0))))
{
f->top_pos = XINT (XCAR (XCDR (tem0)));
}
@@ -4125,14 +4127,14 @@
}
else if (CONSP (tem1) && EQ (XCAR (tem1), Qminus)
&& CONSP (XCDR (tem1))
- && INTEGERP (XCAR (XCDR (tem1))))
+ && RANGED_INTEGERP (-INT_MAX, XCAR (XCDR (tem1)), INT_MAX))
{
f->left_pos = - XINT (XCAR (XCDR (tem1)));
window_prompting |= XNegative;
}
else if (CONSP (tem1) && EQ (XCAR (tem1), Qplus)
&& CONSP (XCDR (tem1))
- && INTEGERP (XCAR (XCDR (tem1))))
+ && TYPE_RANGED_INTEGERP (int, XCAR (XCDR (tem1))))
{
f->left_pos = XINT (XCAR (XCDR (tem1)));
}
=== modified file 'src/frame.h'
--- a/src/frame.h 2011-06-11 21:31:32 +0000
+++ b/src/frame.h 2011-07-28 21:51:29 +0000
@@ -258,11 +258,11 @@
/* Size of this frame, excluding fringes, scroll bars etc.,
in units of canonical characters. */
- EMACS_INT text_lines, text_cols;
+ int text_lines, text_cols;
/* Total size of this frame (i.e. its native window), in units of
canonical characters. */
- EMACS_INT total_lines, total_cols;
+ int total_lines, total_cols;
/* New text height and width for pending size change.
0 if no change pending. */
=== modified file 'src/fringe.c'
--- a/src/fringe.c 2011-06-24 21:25:22 +0000
+++ b/src/fringe.c 2011-07-28 23:47:01 +0000
@@ -1610,22 +1610,25 @@
if (n == max_fringe_bitmaps)
{
- if ((max_fringe_bitmaps + 20) > MAX_FRINGE_BITMAPS)
+ int bitmaps = max_fringe_bitmaps + 20;
+ if (MAX_FRINGE_BITMAPS < bitmaps)
error ("No free fringe bitmap slots");
i = max_fringe_bitmaps;
- max_fringe_bitmaps += 20;
fringe_bitmaps
= ((struct fringe_bitmap **)
- xrealloc (fringe_bitmaps, max_fringe_bitmaps * sizeof
(struct fringe_bitmap *)));
+ xrealloc (fringe_bitmaps, bitmaps * sizeof *fringe_bitmaps));
fringe_faces
- = (Lisp_Object *) xrealloc (fringe_faces, max_fringe_bitmaps *
sizeof (Lisp_Object));
+ = (Lisp_Object *) xrealloc (fringe_faces,
+ bitmaps * sizeof *fringe_faces);
- for (; i < max_fringe_bitmaps; i++)
+ for (i = max_fringe_bitmaps; i < bitmaps; i++)
{
fringe_bitmaps[i] = NULL;
fringe_faces[i] = Qnil;
}
+
+ max_fringe_bitmaps = bitmaps;
}
}
=== modified file 'src/ftfont.c'
--- a/src/ftfont.c 2011-08-08 14:49:34 +0000
+++ b/src/ftfont.c 2011-08-14 06:40:45 +0000
@@ -686,7 +686,10 @@
if (NILP (val))
continue;
len = Flength (val);
- spec->features[i] = malloc (sizeof (int) * XINT (len));
+ spec->features[i] =
+ (min (PTRDIFF_MAX, SIZE_MAX) / sizeof (int) < XINT (len)
+ ? 0
+ : malloc (sizeof (int) * XINT (len)));
if (! spec->features[i])
{
if (i > 0 && spec->features[0])
@@ -1765,15 +1768,10 @@
static void
setup_otf_gstring (int size)
{
- if (otf_gstring.size == 0)
- {
- otf_gstring.glyphs = (OTF_Glyph *) xmalloc (sizeof (OTF_Glyph) * size);
- otf_gstring.size = size;
- }
- else if (otf_gstring.size < size)
- {
- otf_gstring.glyphs = xrealloc (otf_gstring.glyphs,
- sizeof (OTF_Glyph) * size);
+ if (otf_gstring.size < size)
+ {
+ otf_gstring.glyphs = xnrealloc (otf_gstring.glyphs,
+ size, sizeof (OTF_Glyph));
otf_gstring.size = size;
}
otf_gstring.used = size;
@@ -2449,17 +2447,19 @@
}
}
+ if (INT_MAX / 2 < len)
+ memory_full (SIZE_MAX);
+
if (gstring.allocated == 0)
{
- gstring.allocated = len * 2;
gstring.glyph_size = sizeof (MFLTGlyph);
- gstring.glyphs = xmalloc (sizeof (MFLTGlyph) * gstring.allocated);
+ gstring.glyphs = xnmalloc (len * 2, sizeof (MFLTGlyph));
+ gstring.allocated = len * 2;
}
else if (gstring.allocated < len * 2)
{
+ gstring.glyphs = xnrealloc (gstring.glyphs, len * 2, sizeof (MFLTGlyph));
gstring.allocated = len * 2;
- gstring.glyphs = xrealloc (gstring.glyphs,
- sizeof (MFLTGlyph) * gstring.allocated);
}
memset (gstring.glyphs, 0, sizeof (MFLTGlyph) * len);
for (i = 0; i < len; i++)
@@ -2508,9 +2508,11 @@
int result = mflt_run (&gstring, 0, len, &flt_font_ft.flt_font, flt);
if (result != -2)
break;
- gstring.allocated += gstring.allocated;
- gstring.glyphs = xrealloc (gstring.glyphs,
- sizeof (MFLTGlyph) * gstring.allocated);
+ if (INT_MAX / 2 < gstring.allocated)
+ memory_full (SIZE_MAX);
+ gstring.glyphs = xnrealloc (gstring.glyphs,
+ gstring.allocated, 2 * sizeof (MFLTGlyph));
+ gstring.allocated *= 2;
}
if (gstring.used > LGSTRING_GLYPH_LEN (lgstring))
return Qnil;
=== modified file 'src/gtkutil.c'
--- a/src/gtkutil.c 2011-08-04 17:04:39 +0000
+++ b/src/gtkutil.c 2011-08-05 02:19:34 +0000
@@ -487,7 +487,8 @@
if (!utf8_str)
{
/* Probably some control characters in str. Escape them. */
- size_t nr_bad = 0;
+ ptrdiff_t len;
+ ptrdiff_t nr_bad = 0;
gsize bytes_read;
gsize bytes_written;
unsigned char *p = (unsigned char *)str;
@@ -511,7 +512,10 @@
}
if (cp) g_free (cp);
- up = utf8_str = xmalloc (strlen (str) + nr_bad * 4 + 1);
+ len = strlen (str);
+ if ((min (PTRDIFF_MAX, SIZE_MAX) - len - 1) / 4 < nr_bad)
+ memory_full (SIZE_MAX);
+ up = utf8_str = xmalloc (len + nr_bad * 4 + 1);
p = (unsigned char *)str;
while (! (cp = g_locale_to_utf8 ((char *)p, -1, &bytes_read,
@@ -3296,8 +3300,8 @@
static struct
{
GtkWidget **widgets;
- int max_size;
- int used;
+ ptrdiff_t max_size;
+ ptrdiff_t used;
} id_to_widget;
/* Grow this much every time we need to allocate more */
@@ -3306,17 +3310,20 @@
/* Store the widget pointer W in id_to_widget and return the integer index. */
-static int
+static ptrdiff_t
xg_store_widget_in_map (GtkWidget *w)
{
- int i;
+ ptrdiff_t i;
if (id_to_widget.max_size == id_to_widget.used)
{
- int new_size = id_to_widget.max_size + ID_TO_WIDGET_INCR;
+ ptrdiff_t new_size;
+ if (TYPE_MAXIMUM (Window) - ID_TO_WIDGET_INCR < id_to_widget.max_size)
+ memory_full (SIZE_MAX);
- id_to_widget.widgets = xrealloc (id_to_widget.widgets,
- sizeof (GtkWidget *)*new_size);
+ new_size = id_to_widget.max_size + ID_TO_WIDGET_INCR;
+ id_to_widget.widgets = xnrealloc (id_to_widget.widgets,
+ new_size, sizeof (GtkWidget *));
for (i = id_to_widget.max_size; i < new_size; ++i)
id_to_widget.widgets[i] = 0;
@@ -3345,7 +3352,7 @@
Called when scroll bar is destroyed. */
static void
-xg_remove_widget_from_map (int idx)
+xg_remove_widget_from_map (ptrdiff_t idx)
{
if (idx < id_to_widget.max_size && id_to_widget.widgets[idx] != 0)
{
@@ -3357,7 +3364,7 @@
/* Get the widget pointer at IDX from id_to_widget. */
static GtkWidget *
-xg_get_widget_from_map (int idx)
+xg_get_widget_from_map (ptrdiff_t idx)
{
if (idx < id_to_widget.max_size && id_to_widget.widgets[idx] != 0)
return id_to_widget.widgets[idx];
@@ -3396,10 +3403,10 @@
/* Return the scrollbar id for X Window WID on display DPY.
Return -1 if WID not in id_to_widget. */
-int
+ptrdiff_t
xg_get_scroll_id_for_window (Display *dpy, Window wid)
{
- int idx;
+ ptrdiff_t idx;
GtkWidget *w;
w = xg_win_to_widget (dpy, wid);
@@ -3421,7 +3428,7 @@
static void
xg_gtk_scroll_destroy (GtkWidget *widget, gpointer data)
{
- int id = (intptr_t) data;
+ intptr_t id = (intptr_t) data;
xg_remove_widget_from_map (id);
}
@@ -3496,7 +3503,7 @@
/* Remove the scroll bar represented by SCROLLBAR_ID from the frame F. */
void
-xg_remove_scroll_bar (FRAME_PTR f, int scrollbar_id)
+xg_remove_scroll_bar (FRAME_PTR f, ptrdiff_t scrollbar_id)
{
GtkWidget *w = xg_get_widget_from_map (scrollbar_id);
if (w)
@@ -3515,7 +3522,7 @@
void
xg_update_scrollbar_pos (FRAME_PTR f,
- int scrollbar_id,
+ ptrdiff_t scrollbar_id,
int top,
int left,
int width,
@@ -4429,7 +4436,7 @@
int enabled_p = !NILP (PROP (TOOL_BAR_ITEM_ENABLED_P));
int selected_p = !NILP (PROP (TOOL_BAR_ITEM_SELECTED_P));
int idx;
- int img_id;
+ ptrdiff_t img_id;
int icon_size = 0;
struct image *img = NULL;
Lisp_Object image;
=== modified file 'src/gtkutil.h'
--- a/src/gtkutil.h 2011-06-14 21:08:20 +0000
+++ b/src/gtkutil.h 2011-07-28 23:58:05 +0000
@@ -114,17 +114,17 @@
extern int xg_have_tear_offs (void);
-extern int xg_get_scroll_id_for_window (Display *dpy, Window wid);
+extern ptrdiff_t xg_get_scroll_id_for_window (Display *dpy, Window wid);
extern void xg_create_scroll_bar (FRAME_PTR f,
struct scroll_bar *bar,
GCallback scroll_callback,
GCallback end_callback,
const char *scroll_bar_name);
-extern void xg_remove_scroll_bar (FRAME_PTR f, int scrollbar_id);
+extern void xg_remove_scroll_bar (FRAME_PTR f, ptrdiff_t scrollbar_id);
extern void xg_update_scrollbar_pos (FRAME_PTR f,
- int scrollbar_id,
+ ptrdiff_t scrollbar_id,
int top,
int left,
int width,
@@ -185,4 +185,3 @@
#endif /* USE_GTK */
#endif /* GTKUTIL_H */
-
=== modified file 'src/image.c'
--- a/src/image.c 2011-08-22 02:34:23 +0000
+++ b/src/image.c 2011-08-24 21:20:36 +0000
@@ -196,7 +196,7 @@
int
x_bitmap_pixmap (FRAME_PTR f, ptrdiff_t id)
{
- return (int) FRAME_X_DISPLAY_INFO (f)->bitmaps[id - 1].pixmap;
+ return FRAME_X_DISPLAY_INFO (f)->bitmaps[id - 1].pixmap;
}
#endif
@@ -216,15 +216,6 @@
Display_Info *dpyinfo = FRAME_X_DISPLAY_INFO (f);
ptrdiff_t i;
- if (dpyinfo->bitmaps == NULL)
- {
- dpyinfo->bitmaps_size = 10;
- dpyinfo->bitmaps
- = (Bitmap_Record *) xmalloc (dpyinfo->bitmaps_size * sizeof
(Bitmap_Record));
- dpyinfo->bitmaps_last = 1;
- return 1;
- }
-
if (dpyinfo->bitmaps_last < dpyinfo->bitmaps_size)
return ++dpyinfo->bitmaps_last;
@@ -232,20 +223,16 @@
if (dpyinfo->bitmaps[i].refcount == 0)
return i + 1;
- if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof (Bitmap_Record) / 2
- < dpyinfo->bitmaps_size)
- memory_full (SIZE_MAX);
- dpyinfo->bitmaps_size *= 2;
- dpyinfo->bitmaps
- = (Bitmap_Record *) xrealloc (dpyinfo->bitmaps,
- dpyinfo->bitmaps_size * sizeof
(Bitmap_Record));
+ dpyinfo->bitmaps =
+ xpalloc (dpyinfo->bitmaps, &dpyinfo->bitmaps_size,
+ 10, -1, sizeof *dpyinfo->bitmaps);
return ++dpyinfo->bitmaps_last;
}
/* Add one reference to the reference count of the bitmap with id ID. */
void
-x_reference_bitmap (FRAME_PTR f, int id)
+x_reference_bitmap (FRAME_PTR f, ptrdiff_t id)
{
++FRAME_X_DISPLAY_INFO (f)->bitmaps[id - 1].refcount;
}
@@ -807,29 +794,30 @@
break;
case IMAGE_POSITIVE_INTEGER_VALUE:
- if (!INTEGERP (value) || XINT (value) <= 0)
+ if (! RANGED_INTEGERP (1, value, INT_MAX))
return 0;
break;
case IMAGE_POSITIVE_INTEGER_VALUE_OR_PAIR:
- if (INTEGERP (value) && XINT (value) >= 0)
+ if (RANGED_INTEGERP (1, value, INT_MAX))
break;
if (CONSP (value)
- && INTEGERP (XCAR (value)) && INTEGERP (XCDR (value))
- && XINT (XCAR (value)) >= 0 && XINT (XCDR (value)) >= 0)
+ && RANGED_INTEGERP (1, XCAR (value), INT_MAX)
+ && RANGED_INTEGERP (1, XCDR (value), INT_MAX))
break;
return 0;
case IMAGE_ASCENT_VALUE:
if (SYMBOLP (value) && EQ (value, Qcenter))
break;
- else if (INTEGERP (value)
- && XINT (value) >= 0
- && XINT (value) <= 100)
+ else if (RANGED_INTEGERP (0, value, 100))
break;
return 0;
case IMAGE_NON_NEGATIVE_INTEGER_VALUE:
+ /* Unlike the other integer-related cases, this one does not
+ verify that VALUE fits in 'int'. This is because callers
+ want EMACS_INT. */
if (!INTEGERP (value) || XINT (value) < 0)
return 0;
break;
@@ -849,7 +837,7 @@
break;
case IMAGE_INTEGER_VALUE:
- if (!INTEGERP (value))
+ if (! TYPE_RANGED_INTEGERP (int, value))
return 0;
break;
@@ -919,7 +907,7 @@
if (valid_image_p (spec))
{
struct frame *f = check_x_frame (frame);
- int id = lookup_image (f, spec);
+ ptrdiff_t id = lookup_image (f, spec);
struct image *img = IMAGE_FROM_ID (f, id);
int width = img->width + 2 * img->hmargin;
int height = img->height + 2 * img->vmargin;
@@ -949,7 +937,7 @@
if (valid_image_p (spec))
{
struct frame *f = check_x_frame (frame);
- int id = lookup_image (f, spec);
+ ptrdiff_t id = lookup_image (f, spec);
struct image *img = IMAGE_FROM_ID (f, id);
if (img->mask)
mask = Qt;
@@ -972,7 +960,7 @@
if (valid_image_p (spec))
{
struct frame *f = check_x_frame (frame);
- int id = lookup_image (f, spec);
+ ptrdiff_t id = lookup_image (f, spec);
struct image *img = IMAGE_FROM_ID (f, id);
ext = img->lisp_data;
}
@@ -1125,7 +1113,7 @@
ascent = height / 2;
}
else
- ascent = (int) (height * img->ascent / 100.0);
+ ascent = height * (img->ascent / 100.0);
return ascent;
}
@@ -1371,11 +1359,12 @@
{
/* This isn't called frequently so we get away with simply
reallocating the color vector to the needed size, here. */
- ++img->ncolors;
+ ptrdiff_t ncolors = img->ncolors + 1;
img->colors =
(unsigned long *) xrealloc (img->colors,
- img->ncolors * sizeof *img->colors);
- img->colors[img->ncolors - 1] = color.pixel;
+ ncolors * sizeof *img->colors);
+ img->colors[ncolors - 1] = color.pixel;
+ img->ncolors = ncolors;
result = color.pixel;
}
else
@@ -1403,8 +1392,9 @@
int size;
memset (c, 0, sizeof *c);
- c->size = 50;
- c->images = (struct image **) xmalloc (c->size * sizeof *c->images);
+ size = 50;
+ c->images = (struct image **) xmalloc (size * sizeof *c->images);
+ c->size = size;
size = IMAGE_CACHE_BUCKETS_SIZE * sizeof *c->buckets;
c->buckets = (struct image **) xmalloc (size);
memset (c->buckets, 0, size);
@@ -1470,7 +1460,7 @@
struct image_cache *c = FRAME_IMAGE_CACHE (f);
if (c)
{
- int i;
+ ptrdiff_t i;
/* Cache should not be referenced by any frame when freed. */
xassert (c->refcount == 0);
@@ -1500,7 +1490,7 @@
if (c)
{
- int i, nfreed = 0;
+ ptrdiff_t i, nfreed = 0;
/* Block input so that we won't be interrupted by a SIGIO
while being in an inconsistent state. */
@@ -1524,8 +1514,8 @@
{
/* Free cache based on timestamp. */
EMACS_TIME t;
- time_t old;
- int delay, nimages = 0;
+ double old, delay;
+ ptrdiff_t nimages = 0;
for (i = 0; i < c->used; ++i)
if (c->images[i])
@@ -1533,9 +1523,10 @@
/* If the number of cached images has grown unusually large,
decrease the cache eviction delay (Bug#6230). */
- delay = XFASTINT (Vimage_cache_eviction_delay);
+ delay = XINT (Vimage_cache_eviction_delay);
if (nimages > 40)
- delay = max (1, 1600 * delay / (nimages*nimages));
+ delay = 1600 * delay / nimages / nimages;
+ delay = max (delay, 1);
EMACS_GET_TIME (t);
old = EMACS_SECS (t) - delay;
@@ -1711,7 +1702,7 @@
/* Return the id of image with Lisp specification SPEC on frame F.
SPEC must be a valid Lisp image specification (see valid_image_p). */
-int
+ptrdiff_t
lookup_image (struct frame *f, Lisp_Object spec)
{
struct image *img;
@@ -1770,15 +1761,12 @@
img->ascent = CENTERED_IMAGE_ASCENT;
margin = image_spec_value (spec, QCmargin, NULL);
- if (INTEGERP (margin) && XINT (margin) >= 0)
+ if (INTEGERP (margin))
img->vmargin = img->hmargin = XFASTINT (margin);
- else if (CONSP (margin) && INTEGERP (XCAR (margin))
- && INTEGERP (XCDR (margin)))
+ else if (CONSP (margin))
{
- if (XINT (XCAR (margin)) > 0)
- img->hmargin = XFASTINT (XCAR (margin));
- if (XINT (XCDR (margin)) > 0)
- img->vmargin = XFASTINT (XCDR (margin));
+ img->hmargin = XFASTINT (XCAR (margin));
+ img->vmargin = XFASTINT (XCDR (margin));
}
relief = image_spec_value (spec, QCrelief, NULL);
@@ -1825,7 +1813,7 @@
cache_image (struct frame *f, struct image *img)
{
struct image_cache *c = FRAME_IMAGE_CACHE (f);
- int i;
+ ptrdiff_t i;
/* Find a free slot in c->images. */
for (i = 0; i < c->used; ++i)
@@ -1834,13 +1822,7 @@
/* If no free slot found, maybe enlarge c->images. */
if (i == c->used && c->used == c->size)
- {
- if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof *c->images / 2 < c->size)
- memory_full (SIZE_MAX);
- c->size *= 2;
- c->images = (struct image **) xrealloc (c->images,
- c->size * sizeof *c->images);
- }
+ c->images = xpalloc (c->images, &c->size, 1, -1, sizeof *c->images);
/* Add IMG to c->images, and assign IMG an id. */
c->images[i] = img;
@@ -1879,7 +1861,7 @@
{
if (c)
{
- int i;
+ ptrdiff_t i;
for (i = 0; i < c->used; ++i)
if (c->images[i])
mark_image (c->images[i]);
@@ -2076,7 +2058,7 @@
DWORD err = GetLastError ();
Lisp_Object errcode;
/* All system errors are < 10000, so the following is safe. */
- XSETINT (errcode, (int) err);
+ XSETINT (errcode, err);
image_error ("Unable to create bitmap, error code %d", errcode, Qnil);
x_destroy_x_image (*ximg);
return 0;
@@ -2355,7 +2337,7 @@
else
{
Lisp_Object data;
- EMACS_INT width, height;
+ int width, height;
/* Entries for `:width', `:height' and `:data' must be present. */
if (!kw[XBM_WIDTH].count
@@ -3587,9 +3569,8 @@
#endif /* HAVE_NTGUI */
/* Remember allocated colors. */
+ img->colors = xnmalloc (attrs.nalloc_pixels, sizeof *img->colors);
img->ncolors = attrs.nalloc_pixels;
- img->colors = (unsigned long *) xmalloc (img->ncolors
- * sizeof *img->colors);
for (i = 0; i < attrs.nalloc_pixels; ++i)
{
img->colors[i] = attrs.alloc_pixels[i];
@@ -3813,8 +3794,8 @@
int chars_len)
{
struct Lisp_Hash_Table *table = XHASH_TABLE (color_table);
- int i = hash_lookup (table, make_unibyte_string (chars_start, chars_len),
- NULL);
+ ptrdiff_t i =
+ hash_lookup (table, make_unibyte_string (chars_start, chars_len), NULL);
return i >= 0 ? HASH_VALUE (table, i) : Qnil;
}
@@ -4163,6 +4144,12 @@
/* Number of entries in the color table. */
static int ct_colors_allocated;
+enum
+{
+ ct_colors_allocated_max =
+ min (INT_MAX,
+ min (PTRDIFF_MAX, SIZE_MAX) / sizeof (unsigned long))
+};
/* Initialize the color table. */
@@ -4249,7 +4236,14 @@
XColor color;
Colormap cmap;
int rc;
-
+#else
+ COLORREF color;
+#endif
+
+ if (ct_colors_allocated_max <= ct_colors_allocated)
+ return FRAME_FOREGROUND_PIXEL (f);
+
+#ifdef HAVE_X_WINDOWS
color.red = r;
color.green = g;
color.blue = b;
@@ -4271,7 +4265,6 @@
return FRAME_FOREGROUND_PIXEL (f);
#else
- COLORREF color;
#ifdef HAVE_NTGUI
color = PALETTERGB (r, g, b);
#else
@@ -4312,6 +4305,9 @@
Colormap cmap;
int rc;
+ if (ct_colors_allocated_max <= ct_colors_allocated)
+ return FRAME_FOREGROUND_PIXEL (f);
+
#ifdef HAVE_X_WINDOWS
cmap = FRAME_X_COLORMAP (f);
color.pixel = pixel;
@@ -4450,7 +4446,9 @@
HGDIOBJ prev;
#endif /* HAVE_NTGUI */
- colors = (XColor *) xmalloc (img->width * img->height * sizeof *colors);
+ if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof *colors / img->width < img->height)
+ memory_full (SIZE_MAX);
+ colors = (XColor *) xmalloc (sizeof *colors * img->width * img->height);
#ifndef HAVE_NTGUI
/* Get the X image IMG->pixmap. */
@@ -4602,7 +4600,9 @@
#define COLOR(A, X, Y) ((A) + (Y) * img->width + (X))
- new = (XColor *) xmalloc (img->width * img->height * sizeof *new);
+ if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof *new / img->width < img->height)
+ memory_full (SIZE_MAX);
+ new = (XColor *) xmalloc (sizeof *new * img->width * img->height);
for (y = 0; y < img->height; ++y)
{
@@ -5880,7 +5880,7 @@
for (x = 0; x < width; ++x)
{
- unsigned r, g, b;
+ int r, g, b;
r = *p++ << 8;
g = *p++ << 8;
@@ -6745,17 +6745,29 @@
}
+static void tiff_handler (const char *, const char *, const char *, va_list)
+ ATTRIBUTE_FORMAT_PRINTF (3, 0);
+static void
+tiff_handler (const char *log_format, const char *title,
+ const char *format, va_list ap)
+{
+ /* doprnt is not suitable here, as TIFF handlers are called from
+ libtiff and are passed arbitrary printf directives. Instead, use
+ vsnprintf, taking care to be portable to nonstandard environments
+ where vsnprintf returns -1 on buffer overflow. Since it's just a
+ log entry, it's OK to truncate it. */
+ char buf[4000];
+ int len = vsnprintf (buf, sizeof buf, format, ap);
+ add_to_log (log_format, build_string (title),
+ make_string (buf, max (0, min (len, sizeof buf - 1))));
+}
+
static void tiff_error_handler (const char *, const char *, va_list)
ATTRIBUTE_FORMAT_PRINTF (2, 0);
static void
tiff_error_handler (const char *title, const char *format, va_list ap)
{
- char buf[512];
- int len;
-
- len = sprintf (buf, "TIFF error: %s ", title);
- vsprintf (buf + len, format, ap);
- add_to_log (buf, Qnil, Qnil);
+ tiff_handler ("TIFF error: %s %s", title, format, ap);
}
@@ -6764,12 +6776,7 @@
static void
tiff_warning_handler (const char *title, const char *format, va_list ap)
{
- char buf[512];
- int len;
-
- len = sprintf (buf, "TIFF warning: %s ", title);
- vsprintf (buf + len, format, ap);
- add_to_log (buf, Qnil, Qnil);
+ tiff_handler ("TIFF warning: %s %s", title, format, ap);
}
@@ -6845,8 +6852,9 @@
image = image_spec_value (img->spec, QCindex, NULL);
if (INTEGERP (image))
{
- int ino = XFASTINT (image);
- if (!fn_TIFFSetDirectory (tiff, ino))
+ EMACS_INT ino = XFASTINT (image);
+ if (! (TYPE_MINIMUM (tdir_t) <= ino && ino <= TYPE_MAXIMUM (tdir_t)
+ && fn_TIFFSetDirectory (tiff, ino)))
{
image_error ("Invalid image number `%s' in image `%s'",
image, img->spec);
@@ -7144,7 +7152,7 @@
Lisp_Object specified_file = image_spec_value (img->spec, QCfile, NULL);
Lisp_Object specified_data = image_spec_value (img->spec, QCdata, NULL);
unsigned long bgcolor = 0;
- int idx;
+ EMACS_INT idx;
if (NILP (specified_data))
{
@@ -7379,7 +7387,7 @@
img->lisp_data = Qnil;
if (gif->SavedImages[idx].ExtensionBlockCount > 0)
{
- unsigned int delay = 0;
+ int delay = 0;
ExtensionBlock *ext = gif->SavedImages[idx].ExtensionBlocks;
for (i = 0; i < gif->SavedImages[idx].ExtensionBlockCount; i++, ext++)
/* Append (... FUNCTION "BYTES") */
@@ -7400,7 +7408,7 @@
if (delay)
img->lisp_data
= Fcons (Qdelay,
- Fcons (make_float (((double) delay) * 0.01),
+ Fcons (make_float (delay / 100.0),
img->lisp_data));
}
@@ -7576,10 +7584,10 @@
Lisp_Object image;
Lisp_Object value;
Lisp_Object crop;
- long ino;
+ EMACS_INT ino;
int desired_width, desired_height;
double rotation;
- int imagemagick_rendermethod;
+ EMACS_INT imagemagick_rendermethod;
int pixelwidth;
ImageInfo *image_info;
ExceptionInfo *exception;
@@ -7606,7 +7614,7 @@
status = MagickPingImageBlob (ping_wand, contents, size);
}
- if (ino >= MagickGetNumberImages (ping_wand))
+ if (! (0 <= ino && ino < MagickGetNumberImages (ping_wand)))
{
image_error ("Invalid image number `%s' in image `%s'",
image, img->spec);
@@ -7681,28 +7689,28 @@
efficient. */
crop = image_spec_value (img->spec, QCcrop, NULL);
- if (CONSP (crop) && INTEGERP (XCAR (crop)))
+ if (CONSP (crop) && TYPE_RANGED_INTEGERP (size_t, XCAR (crop)))
{
/* After some testing, it seems MagickCropImage is the fastest crop
function in ImageMagick. This crop function seems to do less copying
than the alternatives, but it still reads the entire image into memory
- before croping, which is aparently difficult to avoid when using
+ before cropping, which is apparently difficult to avoid when using
imagemagick. */
- int w, h;
- w = XFASTINT (XCAR (crop));
+ size_t crop_width = XINT (XCAR (crop));
crop = XCDR (crop);
- if (CONSP (crop) && INTEGERP (XCAR (crop)))
+ if (CONSP (crop) && TYPE_RANGED_INTEGERP (size_t, XCAR (crop)))
{
- h = XFASTINT (XCAR (crop));
+ size_t crop_height = XINT (XCAR (crop));
crop = XCDR (crop);
- if (CONSP (crop) && INTEGERP (XCAR (crop)))
+ if (CONSP (crop) && TYPE_RANGED_INTEGERP (ssize_t, XCAR (crop)))
{
- x = XFASTINT (XCAR (crop));
+ ssize_t crop_x = XINT (XCAR (crop));
crop = XCDR (crop);
- if (CONSP (crop) && INTEGERP (XCAR (crop)))
+ if (CONSP (crop) && TYPE_RANGED_INTEGERP (ssize_t, XCAR (crop)))
{
- y = XFASTINT (XCAR (crop));
- MagickCropImage (image_wand, w, h, x, y);
+ ssize_t crop_y = XINT (XCAR (crop));
+ MagickCropImage (image_wand, crop_width, crop_height,
+ crop_x, crop_y);
}
}
}
@@ -7748,9 +7756,11 @@
init_color_table ();
imagemagick_rendermethod = (INTEGERP (Vimagemagick_render_type)
- ? XFASTINT (Vimagemagick_render_type) : 0);
+ ? XINT (Vimagemagick_render_type) : 0);
if (imagemagick_rendermethod == 0)
{
+ size_t image_height;
+
/* Try to create a x pixmap to hold the imagemagick pixmap. */
if (!x_create_x_image_and_pixmap (f, width, height, 0,
&ximg, &img->pixmap))
@@ -7779,7 +7789,8 @@
goto imagemagick_error;
}
- for (y = 0; y < (long) MagickGetImageHeight (image_wand); y++)
+ image_height = MagickGetImageHeight (image_wand);
+ for (y = 0; y < image_height; y++)
{
pixels = PixelGetNextIteratorRow (iterator, &width);
if (pixels == (PixelWand **) NULL)
@@ -8285,10 +8296,10 @@
{
for (x = 0; x < width; ++x)
{
- unsigned red;
- unsigned green;
- unsigned blue;
- unsigned opacity;
+ int red;
+ int green;
+ int blue;
+ int opacity;
red = *pixels++;
green = *pixels++;
@@ -8469,7 +8480,8 @@
static int
gs_load (struct frame *f, struct image *img)
{
- char buffer[100];
+ uprintmax_t printnum1, printnum2;
+ char buffer[sizeof " " + INT_STRLEN_BOUND (printmax_t)];
Lisp_Object window_and_pixmap_id = Qnil, loader, pt_height, pt_width;
Lisp_Object frame;
double in_width, in_height;
@@ -8481,16 +8493,19 @@
info. */
pt_width = image_spec_value (img->spec, QCpt_width, NULL);
in_width = INTEGERP (pt_width) ? XFASTINT (pt_width) / 72.0 : 0;
- img->width = in_width * FRAME_X_DISPLAY_INFO (f)->resx;
+ in_width *= FRAME_X_DISPLAY_INFO (f)->resx;
pt_height = image_spec_value (img->spec, QCpt_height, NULL);
in_height = INTEGERP (pt_height) ? XFASTINT (pt_height) / 72.0 : 0;
- img->height = in_height * FRAME_X_DISPLAY_INFO (f)->resy;
+ in_height *= FRAME_X_DISPLAY_INFO (f)->resy;
- if (!check_image_size (f, img->width, img->height))
+ if (! (in_width <= INT_MAX && in_height <= INT_MAX
+ && check_image_size (f, in_width, in_height)))
{
image_error ("Invalid image size (see `max-image-size')", Qnil, Qnil);
return 0;
}
+ img->width = in_width;
+ img->height = in_height;
/* Create the pixmap. */
xassert (img->pixmap == NO_PIXMAP);
@@ -8515,14 +8530,14 @@
if successful. We do not record_unwind_protect here because
other places in redisplay like calling window scroll functions
don't either. Let the Lisp loader use `unwind-protect' instead. */
- sprintf (buffer, "%lu %lu",
- (unsigned long) FRAME_X_WINDOW (f),
- (unsigned long) img->pixmap);
+ printnum1 = FRAME_X_WINDOW (f);
+ printnum2 = img->pixmap;
+ sprintf (buffer, "%"pMu" %"pMu, printnum1, printnum2);
window_and_pixmap_id = build_string (buffer);
- sprintf (buffer, "%lu %lu",
- FRAME_FOREGROUND_PIXEL (f),
- FRAME_BACKGROUND_PIXEL (f));
+ printnum1 = FRAME_FOREGROUND_PIXEL (f);
+ printnum2 = FRAME_BACKGROUND_PIXEL (f);
+ sprintf (buffer, "%"pMu" %"pMu, printnum1, printnum2);
pixel_colors = build_string (buffer);
XSETFRAME (frame, f);
@@ -8547,7 +8562,8 @@
x_kill_gs_process (Pixmap pixmap, struct frame *f)
{
struct image_cache *c = FRAME_IMAGE_CACHE (f);
- int class, i;
+ int class;
+ ptrdiff_t i;
struct image *img;
/* Find the image containing PIXMAP. */
@@ -8651,7 +8667,7 @@
DEFUN ("lookup-image", Flookup_image, Slookup_image, 1, 1, 0, "")
(Lisp_Object spec)
{
- int id = -1;
+ ptrdiff_t id = -1;
if (valid_image_p (spec))
id = lookup_image (SELECTED_FRAME (), spec);
=== modified file 'src/indent.c'
--- a/src/indent.c 2011-08-05 11:04:44 +0000
+++ b/src/indent.c 2011-08-05 23:35:10 +0000
@@ -284,7 +284,7 @@
else \
{
\
if (dp != 0 && VECTORP (DISP_CHAR_VECTOR (dp, ch))) \
- width = ASIZE (DISP_CHAR_VECTOR (dp, ch)); \
+ width = sanitize_char_width (ASIZE (DISP_CHAR_VECTOR (dp, ch))); \
else \
width = CHAR_WIDTH (ch); \
}
\
@@ -318,15 +318,6 @@
last_known_column_point = 0;
}
-/* Return a non-outlandish value for the tab width. */
-
-static int
-sane_tab_width (void)
-{
- EMACS_INT n = XFASTINT (BVAR (current_buffer, tab_width));
- return 0 < n && n <= 1000 ? n : 8;
-}
-
EMACS_INT
current_column (void)
{
@@ -335,7 +326,7 @@
register int tab_seen;
EMACS_INT post_tab;
register int c;
- int tab_width = sane_tab_width ();
+ int tab_width = SANE_TAB_WIDTH (current_buffer);
int ctl_arrow = !NILP (BVAR (current_buffer, ctl_arrow));
register struct Lisp_Char_Table *dp = buffer_display_table ();
@@ -515,7 +506,7 @@
static void
scan_for_column (EMACS_INT *endpos, EMACS_INT *goalcol, EMACS_INT *prevcol)
{
- int tab_width = sane_tab_width ();
+ int tab_width = SANE_TAB_WIDTH (current_buffer);
register int ctl_arrow = !NILP (BVAR (current_buffer, ctl_arrow));
register struct Lisp_Char_Table *dp = buffer_display_table ();
int multibyte = !NILP (BVAR (current_buffer, enable_multibyte_characters));
@@ -732,7 +723,7 @@
register int tab_seen;
int post_tab;
register int c;
- int tab_width = sane_tab_width ();
+ int tab_width = SANE_TAB_WIDTH (current_buffer);
int ctl_arrow = !NILP (current_buffer->ctl_arrow);
register struct Lisp_Char_Table *dp = buffer_display_table ();
int b, e;
@@ -808,7 +799,7 @@
{
EMACS_INT mincol;
register EMACS_INT fromcol;
- int tab_width = sane_tab_width ();
+ int tab_width = SANE_TAB_WIDTH (current_buffer);
CHECK_NUMBER (column);
if (NILP (minimum))
@@ -867,7 +858,7 @@
position_indentation (register int pos_byte)
{
register EMACS_INT column = 0;
- int tab_width = sane_tab_width ();
+ int tab_width = SANE_TAB_WIDTH (current_buffer);
register unsigned char *p;
register unsigned char *stop;
unsigned char *start;
@@ -1116,7 +1107,7 @@
register EMACS_INT pos;
EMACS_INT pos_byte;
register int c = 0;
- int tab_width = sane_tab_width ();
+ int tab_width = SANE_TAB_WIDTH (current_buffer);
register int ctl_arrow = !NILP (BVAR (current_buffer, ctl_arrow));
register struct Lisp_Char_Table *dp = window_display_table (win);
EMACS_INT selective
@@ -1432,7 +1423,7 @@
the text character-by-character. */
if (current_buffer->width_run_cache && pos >= next_width_run)
{
- EMACS_INT run_end;
+ ptrdiff_t run_end;
int common_width
= region_cache_forward (current_buffer,
current_buffer->width_run_cache,
=== modified file 'src/keyboard.c'
--- a/src/keyboard.c 2011-08-04 17:04:39 +0000
+++ b/src/keyboard.c 2011-08-05 02:19:34 +0000
@@ -435,16 +435,16 @@
static int read_avail_input (int);
static void get_input_pending (int *, int);
static int readable_events (int);
-static Lisp_Object read_char_x_menu_prompt (int, Lisp_Object *,
+static Lisp_Object read_char_x_menu_prompt (ptrdiff_t, Lisp_Object *,
Lisp_Object, int *);
-static Lisp_Object read_char_minibuf_menu_prompt (int, int,
+static Lisp_Object read_char_minibuf_menu_prompt (int, ptrdiff_t,
Lisp_Object *);
static Lisp_Object make_lispy_event (struct input_event *);
#if defined (HAVE_MOUSE) || defined (HAVE_GPM)
static Lisp_Object make_lispy_movement (struct frame *, Lisp_Object,
enum scroll_bar_part,
Lisp_Object, Lisp_Object,
- unsigned long);
+ Time);
#endif
static Lisp_Object modify_event_symbol (EMACS_INT, unsigned, Lisp_Object,
Lisp_Object, const char *const *,
@@ -1300,7 +1300,7 @@
/* This is the actual command reading loop,
sans error-handling encapsulation. */
-static int read_key_sequence (Lisp_Object *, size_t, Lisp_Object,
+static int read_key_sequence (Lisp_Object *, int, Lisp_Object,
int, int, int);
void safe_run_hooks (Lisp_Object);
static void adjust_point_for_property (EMACS_INT, int);
@@ -2267,7 +2267,8 @@
Value is t if we showed a menu and the user rejected it. */
Lisp_Object
-read_char (int commandflag, int nmaps, Lisp_Object *maps, Lisp_Object
prev_event,
+read_char (int commandflag, ptrdiff_t nmaps, Lisp_Object *maps,
+ Lisp_Object prev_event,
int *used_mouse_menu, struct timeval *end_time)
{
volatile Lisp_Object c;
@@ -7405,7 +7406,7 @@
{
/* The number of keymaps we're scanning right now, and the number of
keymaps we have allocated space for. */
- int nmaps;
+ ptrdiff_t nmaps;
/* maps[0..nmaps-1] are the prefix definitions of KEYBUF[0..t-1]
in the current keymaps, or nil where it is not a prefix. */
@@ -7413,7 +7414,7 @@
Lisp_Object def, tail;
- int mapno;
+ ptrdiff_t mapno;
Lisp_Object oquit;
/* In order to build the menus, we need to call the keymap
@@ -7458,7 +7459,7 @@
recognized when the menu-bar (or mode-line) is updated,
which does not normally happen after every command. */
Lisp_Object tem;
- int nminor;
+ ptrdiff_t nminor;
nminor = current_minor_maps (NULL, &tmaps);
maps = (Lisp_Object *) alloca ((nminor + 3) * sizeof (maps[0]));
nmaps = 0;
@@ -7962,7 +7963,7 @@
tool_bar_items (Lisp_Object reuse, int *nitems)
{
Lisp_Object *maps;
- int nmaps, i;
+ ptrdiff_t nmaps, i;
Lisp_Object oquit;
Lisp_Object *tmaps;
@@ -8002,7 +8003,7 @@
recognized when the tool-bar (or mode-line) is updated,
which does not normally happen after every command. */
Lisp_Object tem;
- int nminor;
+ ptrdiff_t nminor;
nminor = current_minor_maps (NULL, &tmaps);
maps = (Lisp_Object *) alloca ((nminor + 3) * sizeof (maps[0]));
nmaps = 0;
@@ -8274,10 +8275,11 @@
Lisp_Object tcapt = PROP (TOOL_BAR_ITEM_CAPTION);
const char *label = SYMBOLP (tkey) ? SSDATA (SYMBOL_NAME (tkey)) : "";
const char *capt = STRINGP (tcapt) ? SSDATA (tcapt) : "";
- EMACS_INT max_lbl = 2 * tool_bar_max_label_size;
+ ptrdiff_t max_lbl =
+ 2 * max (0, min (tool_bar_max_label_size, STRING_BYTES_BOUND / 2));
char *buf = (char *) xmalloc (max_lbl + 1);
Lisp_Object new_lbl;
- size_t caption_len = strlen (capt);
+ ptrdiff_t caption_len = strlen (capt);
if (caption_len <= max_lbl && capt[0] != '\0')
{
@@ -8290,7 +8292,7 @@
if (strlen (label) <= max_lbl && label[0] != '\0')
{
- int j;
+ ptrdiff_t j;
if (label != buf)
strcpy (buf, label);
@@ -8399,10 +8401,10 @@
and do auto-saving in the inner call of read_char. */
static Lisp_Object
-read_char_x_menu_prompt (int nmaps, Lisp_Object *maps, Lisp_Object prev_event,
- int *used_mouse_menu)
+read_char_x_menu_prompt (ptrdiff_t nmaps, Lisp_Object *maps,
+ Lisp_Object prev_event, int *used_mouse_menu)
{
- int mapno;
+ ptrdiff_t mapno;
if (used_mouse_menu)
*used_mouse_menu = 0;
@@ -8430,7 +8432,7 @@
Lisp_Object *realmaps
= (Lisp_Object *) alloca (nmaps * sizeof (Lisp_Object));
Lisp_Object value;
- int nmaps1 = 0;
+ ptrdiff_t nmaps1 = 0;
/* Use the maps that are not nil. */
for (mapno = 0; mapno < nmaps; mapno++)
@@ -8481,17 +8483,18 @@
We make this bigger when necessary, and never free it. */
static char *read_char_minibuf_menu_text;
/* Size of that buffer. */
-static int read_char_minibuf_menu_width;
+static ptrdiff_t read_char_minibuf_menu_width;
static Lisp_Object
-read_char_minibuf_menu_prompt (int commandflag, int nmaps, Lisp_Object *maps)
+read_char_minibuf_menu_prompt (int commandflag,
+ ptrdiff_t nmaps, Lisp_Object *maps)
{
- int mapno;
+ ptrdiff_t mapno;
register Lisp_Object name;
- int nlength;
+ ptrdiff_t nlength;
/* FIXME: Use the minibuffer's frame width. */
- int width = FRAME_COLS (SELECTED_FRAME ()) - 4;
- int idx = -1;
+ ptrdiff_t width = FRAME_COLS (SELECTED_FRAME ()) - 4;
+ ptrdiff_t idx = -1;
int nobindings = 1;
Lisp_Object rest, vector;
char *menu;
@@ -8516,16 +8519,13 @@
/* Make sure we have a big enough buffer for the menu text. */
width = max (width, SBYTES (name));
- if (read_char_minibuf_menu_text == 0)
- {
- read_char_minibuf_menu_width = width + 4;
- read_char_minibuf_menu_text = (char *) xmalloc (width + 4);
- }
- else if (width + 4 > read_char_minibuf_menu_width)
- {
- read_char_minibuf_menu_width = width + 4;
+ if (STRING_BYTES_BOUND - 4 < width)
+ memory_full (SIZE_MAX);
+ if (width + 4 > read_char_minibuf_menu_width)
+ {
read_char_minibuf_menu_text
= (char *) xrealloc (read_char_minibuf_menu_text, width + 4);
+ read_char_minibuf_menu_width = width + 4;
}
menu = read_char_minibuf_menu_text;
@@ -8544,7 +8544,7 @@
while (1)
{
int notfirst = 0;
- int i = nlength;
+ ptrdiff_t i = nlength;
Lisp_Object obj;
Lisp_Object orig_defn_macro;
@@ -8643,7 +8643,7 @@
< width
|| !notfirst)
{
- int thiswidth;
+ ptrdiff_t thiswidth;
/* Punctuate between strings. */
if (notfirst)
@@ -8659,9 +8659,7 @@
if (! char_matches)
{
/* Add as much of string as fits. */
- thiswidth = SCHARS (desc);
- if (thiswidth + i > width)
- thiswidth = width - i;
+ thiswidth = min (SCHARS (desc), width - i);
memcpy (menu + i, SDATA (desc), thiswidth);
i += thiswidth;
strcpy (menu + i, " = ");
@@ -8669,9 +8667,7 @@
}
/* Add as much of string as fits. */
- thiswidth = SCHARS (s);
- if (thiswidth + i > width)
- thiswidth = width - i;
+ thiswidth = min (SCHARS (s), width - i);
memcpy (menu + i, SDATA (s), thiswidth);
i += thiswidth;
menu[i] = 0;
@@ -8746,10 +8742,10 @@
NEXT may be the same array as CURRENT. */
static int
-follow_key (Lisp_Object key, int nmaps, Lisp_Object *current, Lisp_Object
*defs,
- Lisp_Object *next)
+follow_key (Lisp_Object key, ptrdiff_t nmaps, Lisp_Object *current,
+ Lisp_Object *defs, Lisp_Object *next)
{
- int i, first_binding;
+ ptrdiff_t i, first_binding;
first_binding = nmaps;
for (i = nmaps - 1; i >= 0; i--)
@@ -8849,7 +8845,7 @@
The return value is non-zero if the remapping actually took place. */
static int
-keyremap_step (Lisp_Object *keybuf, size_t bufsize, volatile keyremap *fkey,
+keyremap_step (Lisp_Object *keybuf, int bufsize, volatile keyremap *fkey,
int input, int doit, int *diff, Lisp_Object prompt)
{
Lisp_Object next, key;
@@ -8871,7 +8867,7 @@
*diff = len - (fkey->end - fkey->start);
- if (input + *diff >= bufsize)
+ if (bufsize - input <= *diff)
error ("Key sequence too long");
/* Shift the keys that follow fkey->end. */
@@ -8942,7 +8938,7 @@
from the selected window's buffer. */
static int
-read_key_sequence (Lisp_Object *keybuf, size_t bufsize, Lisp_Object prompt,
+read_key_sequence (Lisp_Object *keybuf, int bufsize, Lisp_Object prompt,
int dont_downcase_last, int can_return_switch_frame,
int fix_current_buffer)
{
@@ -8959,8 +8955,8 @@
/* The number of keymaps we're scanning right now, and the number of
keymaps we have allocated space for. */
- int nmaps;
- int nmaps_allocated = 0;
+ ptrdiff_t nmaps;
+ ptrdiff_t nmaps_allocated = 0;
/* defs[0..nmaps-1] are the definitions of KEYBUF[0..t-1] in
the current keymaps. */
@@ -8984,7 +8980,7 @@
/* The index in submaps[] of the first keymap that has a binding for
this key sequence. In other words, the lowest i such that
submaps[i] is non-nil. */
- int first_binding;
+ ptrdiff_t first_binding;
/* Index of the first key that has no binding.
It is useless to try fkey.start larger than that. */
int first_unbound;
@@ -9145,8 +9141,8 @@
}
else
{
- int nminor;
- int total;
+ ptrdiff_t nminor;
+ ptrdiff_t total;
Lisp_Object *maps;
nminor = current_minor_maps (0, &maps);
@@ -9212,7 +9208,8 @@
echo_local_start and keys_local_start allow us to throw away
just one key. */
int echo_local_start IF_LINT (= 0);
- int keys_local_start, local_first_binding;
+ int keys_local_start;
+ ptrdiff_t local_first_binding;
eassert (indec.end == t || (indec.end > t && indec.end <= mock_input));
eassert (indec.start <= indec.end);
@@ -9549,7 +9546,7 @@
&& (NILP (fake_prefixed_keys)
|| NILP (Fmemq (key, fake_prefixed_keys))))
{
- if (t + 1 >= bufsize)
+ if (bufsize - t <= 1)
error ("Key sequence too long");
keybuf[t] = posn;
@@ -9630,7 +9627,7 @@
insert the dummy prefix event `menu-bar'. */
if (EQ (posn, Qmenu_bar) || EQ (posn, Qtool_bar))
{
- if (t + 1 >= bufsize)
+ if (bufsize - t <= 1)
error ("Key sequence too long");
keybuf[t] = posn;
keybuf[t+1] = key;
=== modified file 'src/keyboard.h'
--- a/src/keyboard.h 2011-07-07 17:55:38 +0000
+++ b/src/keyboard.h 2011-07-29 00:30:00 +0000
@@ -440,7 +440,7 @@
extern Lisp_Object parse_modifiers (Lisp_Object);
extern Lisp_Object reorder_modifiers (Lisp_Object);
-extern Lisp_Object read_char (int, int, Lisp_Object *, Lisp_Object,
+extern Lisp_Object read_char (int, ptrdiff_t, Lisp_Object *, Lisp_Object,
int *, EMACS_TIME *);
extern int parse_solitary_modifier (Lisp_Object symbol);
=== modified file 'src/keymap.c'
--- a/src/keymap.c 2011-08-04 00:58:07 +0000
+++ b/src/keymap.c 2011-08-14 06:40:45 +0000
@@ -1399,7 +1399,7 @@
some systems, static gets macro-defined to be the empty string.
Ickypoo. */
static Lisp_Object *cmm_modes = NULL, *cmm_maps = NULL;
-static int cmm_size = 0;
+static ptrdiff_t cmm_size = 0;
/* Store a pointer to an array of the currently active minor modes in
*modeptr, a pointer to an array of the keymaps of the currently
@@ -1419,10 +1419,10 @@
loop. Instead, we'll use realloc/malloc and silently truncate the
list, let the key sequence be read, and hope some other piece of
code signals the error. */
-int
+ptrdiff_t
current_minor_maps (Lisp_Object **modeptr, Lisp_Object **mapptr)
{
- int i = 0;
+ ptrdiff_t i = 0;
int list_number = 0;
Lisp_Object alist, assoc, var, val;
Lisp_Object emulation_alists;
@@ -1465,9 +1465,16 @@
if (i >= cmm_size)
{
- int newsize, allocsize;
+ ptrdiff_t newsize, allocsize;
Lisp_Object *newmodes, *newmaps;
+ /* Check for size calculation overflow. Other code
+ (e.g., read_key_sequence) adds 3 to the count
+ later, so subtract 3 from the limit here. */
+ if (min (PTRDIFF_MAX, SIZE_MAX) / (2 * sizeof *newmodes) - 3
+ < cmm_size)
+ break;
+
newsize = cmm_size == 0 ? 30 : cmm_size * 2;
allocsize = newsize * sizeof *newmodes;
=== modified file 'src/keymap.h'
--- a/src/keymap.h 2011-07-07 17:19:10 +0000
+++ b/src/keymap.h 2011-07-29 00:32:09 +0000
@@ -38,7 +38,7 @@
EXFUN (Fset_keymap_parent, 2);
extern int describe_map_tree (Lisp_Object, int, Lisp_Object, Lisp_Object,
const char *, int, int, int, int);
-extern int current_minor_maps (Lisp_Object **, Lisp_Object **);
+extern ptrdiff_t current_minor_maps (Lisp_Object **, Lisp_Object **);
extern void initial_define_key (Lisp_Object, int, const char *);
extern void initial_define_lispy_key (Lisp_Object, const char *, const char *);
extern void syms_of_keymap (void);
=== modified file 'src/lisp.h'
--- a/src/lisp.h 2011-08-04 00:58:07 +0000
+++ b/src/lisp.h 2011-08-14 06:40:45 +0000
@@ -1704,6 +1704,11 @@
#define NUMBERP(x) (INTEGERP (x) || FLOATP (x))
#define NATNUMP(x) (INTEGERP (x) && XINT (x) >= 0)
+#define RANGED_INTEGERP(lo, x, hi) \
+ (INTEGERP (x) && (lo) <= XINT (x) && XINT (x) <= (hi))
+#define TYPE_RANGED_INTEGERP(type, x) \
+ RANGED_INTEGERP (TYPE_MINIMUM (type), x, TYPE_MAXIMUM (type))
+
#define INTEGERP(x) (LISP_INT_TAG_P (XTYPE ((x))))
#define SYMBOLP(x) (XTYPE ((x)) == Lisp_Symbol)
#define MISCP(x) (XTYPE ((x)) == Lisp_Misc)
@@ -2551,6 +2556,7 @@
/* Defined in fns.c */
extern Lisp_Object QCrehash_size, QCrehash_threshold;
+enum { NEXT_ALMOST_PRIME_LIMIT = 11 };
extern EMACS_INT next_almost_prime (EMACS_INT);
extern Lisp_Object larger_vector (Lisp_Object, EMACS_INT, Lisp_Object);
extern void sweep_weak_hash_tables (void);
@@ -2562,8 +2568,8 @@
Lisp_Object make_hash_table (Lisp_Object, Lisp_Object, Lisp_Object,
Lisp_Object, Lisp_Object, Lisp_Object,
Lisp_Object);
-EMACS_INT hash_lookup (struct Lisp_Hash_Table *, Lisp_Object, EMACS_UINT *);
-EMACS_INT hash_put (struct Lisp_Hash_Table *, Lisp_Object, Lisp_Object,
+ptrdiff_t hash_lookup (struct Lisp_Hash_Table *, Lisp_Object, EMACS_UINT *);
+ptrdiff_t hash_put (struct Lisp_Hash_Table *, Lisp_Object, Lisp_Object,
EMACS_UINT);
void init_weak_hash_tables (void);
extern void init_fns (void);
@@ -3569,6 +3575,9 @@
extern POINTER_TYPE *xmalloc (size_t);
extern POINTER_TYPE *xrealloc (POINTER_TYPE *, size_t);
extern void xfree (POINTER_TYPE *);
+extern void *xnmalloc (ptrdiff_t, ptrdiff_t);
+extern void *xnrealloc (void *, ptrdiff_t, ptrdiff_t);
+extern void *xpalloc (void *, ptrdiff_t *, ptrdiff_t, ptrdiff_t, ptrdiff_t);
extern char *xstrdup (const char *);
@@ -3686,6 +3695,23 @@
} \
} while (0)
+/* SAFE_NALLOCA sets BUF to a newly allocated array of MULTIPLIER *
+ NITEMS items, each of the same type as *BUF. MULTIPLIER must
+ positive. The code is tuned for MULTIPLIER being a constant. */
+
+#define SAFE_NALLOCA(buf, multiplier, nitems) \
+ do { \
+ if ((nitems) <= MAX_ALLOCA / sizeof *(buf) / (multiplier)) \
+ (buf) = alloca (sizeof *(buf) * (multiplier) * (nitems)); \
+ else \
+ { \
+ (buf) = xnmalloc (nitems, sizeof *(buf) * (multiplier)); \
+ sa_must_free = 1; \
+ record_unwind_protect (safe_alloca_unwind, \
+ make_save_value (buf, 0)); \
+ } \
+ } while (0)
+
/* SAFE_FREE frees xmalloced memory and enables GC as needed. */
#define SAFE_FREE() \
=== modified file 'src/lread.c'
--- a/src/lread.c 2011-08-17 08:50:08 +0000
+++ b/src/lread.c 2011-08-18 08:41:19 +0000
@@ -2637,14 +2637,14 @@
if (saved_doc_string_size == 0)
{
+ saved_doc_string = (char *) xmalloc (nskip + extra);
saved_doc_string_size = nskip + extra;
- saved_doc_string = (char *) xmalloc (saved_doc_string_size);
}
if (nskip > saved_doc_string_size)
{
- saved_doc_string_size = nskip + extra;
saved_doc_string = (char *) xrealloc (saved_doc_string,
- saved_doc_string_size);
+ nskip + extra);
+ saved_doc_string_size = nskip + extra;
}
saved_doc_string_position = file_tell (instream);
@@ -2907,7 +2907,8 @@
if (min (PTRDIFF_MAX, SIZE_MAX) / 2 < read_buffer_size)
memory_full (SIZE_MAX);
read_buffer = (char *) xrealloc (read_buffer,
- read_buffer_size *= 2);
+ read_buffer_size * 2);
+ read_buffer_size *= 2;
p = read_buffer + offset;
end = read_buffer + read_buffer_size;
}
@@ -3050,7 +3051,8 @@
if (min (PTRDIFF_MAX, SIZE_MAX) / 2 < read_buffer_size)
memory_full (SIZE_MAX);
read_buffer = (char *) xrealloc (read_buffer,
- read_buffer_size *= 2);
+ read_buffer_size * 2);
+ read_buffer_size *= 2;
p = read_buffer + offset;
end = read_buffer + read_buffer_size;
}
@@ -3080,7 +3082,8 @@
if (min (PTRDIFF_MAX, SIZE_MAX) / 2 < read_buffer_size)
memory_full (SIZE_MAX);
read_buffer = (char *) xrealloc (read_buffer,
- read_buffer_size *= 2);
+ read_buffer_size * 2);
+ read_buffer_size *= 2;
p = read_buffer + offset;
end = read_buffer + read_buffer_size;
}
@@ -3962,6 +3965,7 @@
init_obarray (void)
{
Lisp_Object oblength;
+ ptrdiff_t size = 100 + MAX_MULTIBYTE_LENGTH;
XSETFASTINT (oblength, OBARRAY_SIZE);
@@ -3994,8 +3998,8 @@
DEFSYM (Qvariable_documentation, "variable-documentation");
- read_buffer_size = 100 + MAX_MULTIBYTE_LENGTH;
- read_buffer = (char *) xmalloc (read_buffer_size);
+ read_buffer = (char *) xmalloc (size);
+ read_buffer_size = size;
}
�
void
=== modified file 'src/macros.c'
--- a/src/macros.c 2011-06-24 21:25:22 +0000
+++ b/src/macros.c 2011-07-29 01:00:29 +0000
@@ -62,9 +62,9 @@
if (!current_kboard->kbd_macro_buffer)
{
- current_kboard->kbd_macro_bufsize = 30;
current_kboard->kbd_macro_buffer
= (Lisp_Object *)xmalloc (30 * sizeof (Lisp_Object));
+ current_kboard->kbd_macro_bufsize = 30;
}
update_mode_lines++;
if (NILP (append))
@@ -202,7 +202,7 @@
if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof *kb->kbd_macro_buffer / 2
< kb->kbd_macro_bufsize)
memory_full (SIZE_MAX);
- nbytes = kb->kbd_macro_bufsize * 2 * sizeof *kb->kbd_macro_buffer;
+ nbytes = kb->kbd_macro_bufsize * (2 * sizeof *kb->kbd_macro_buffer);
kb->kbd_macro_buffer
= (Lisp_Object *) xrealloc (kb->kbd_macro_buffer, nbytes);
kb->kbd_macro_bufsize *= 2;
=== modified file 'src/minibuf.c'
--- a/src/minibuf.c 2011-07-19 17:33:06 +0000
+++ b/src/minibuf.c 2011-08-05 02:15:35 +0000
@@ -1723,7 +1723,7 @@
(Lisp_Object string, Lisp_Object collection, Lisp_Object predicate)
{
Lisp_Object regexps, tail, tem = Qnil;
- EMACS_INT i = 0;
+ ptrdiff_t i = 0;
CHECK_STRING (string);
=== modified file 'src/nsmenu.m'
--- a/src/nsmenu.m 2011-07-28 18:30:59 +0000
+++ b/src/nsmenu.m 2011-07-29 05:31:12 +0000
@@ -1014,7 +1014,7 @@
BOOL enabled_p = !NILP (TOOLPROP (TOOL_BAR_ITEM_ENABLED_P));
BOOL selected_p = !NILP (TOOLPROP (TOOL_BAR_ITEM_SELECTED_P));
int idx;
- int img_id;
+ ptrdiff_t img_id;
struct image *img;
Lisp_Object image;
Lisp_Object helpObj;
=== modified file 'src/nsterm.h'
--- a/src/nsterm.h 2011-08-14 10:39:38 +0000
+++ b/src/nsterm.h 2011-08-15 05:30:45 +0000
@@ -416,8 +416,8 @@
/* this to map between emacs color indices and NSColor objects */
struct ns_color_table
{
- unsigned int size;
- unsigned int avail;
+ ptrdiff_t size;
+ ptrdiff_t avail;
#ifdef __OBJC__
NSColor **colors;
NSMutableSet *empty_indices;
=== modified file 'src/nsterm.m'
--- a/src/nsterm.m 2011-08-14 10:39:38 +0000
+++ b/src/nsterm.m 2011-08-15 05:30:45 +0000
@@ -1341,7 +1341,7 @@
ns_index_color (NSColor *color, struct frame *f)
{
struct ns_color_table *color_table = FRAME_NS_DISPLAY_INFO (f)->color_table;
- int idx;
+ ptrdiff_t idx;
NSNumber *index;
if (!color_table->colors)
@@ -1356,7 +1356,7 @@
/* do we already have this color ? */
{
- int i;
+ ptrdiff_t i;
for (i = 1; i < color_table->avail; i++)
{
if (color_table->colors[i] && [color_table->colors[i] isEqual: color])
@@ -1371,17 +1371,14 @@
{
index = [color_table->empty_indices anyObject];
[color_table->empty_indices removeObject: index];
- idx = [index unsignedIntValue];
+ idx = [index unsignedLongValue];
}
else
{
if (color_table->avail == color_table->size)
- {
- color_table->size += NS_COLOR_CAPACITY;
- color_table->colors
- = (NSColor **)xrealloc (color_table->colors,
- color_table->size * sizeof (NSColor *));
- }
+ color_table->colors =
+ xpalloc (color_table->colors, &color_table->size, 1,
+ min (ULONG_MAX, PTRDIFF_MAX), sizeof *color_table->colors);
idx = color_table->avail++;
}
@@ -2321,7 +2318,7 @@
if (!img)
{
unsigned short *bits = p->bits + p->dh;
- int len = 8 * p->h/8;
+ int len = p->h;
int i;
unsigned char *cbits = xmalloc (len);
@@ -4867,7 +4864,7 @@
}
}
-
+
#if !defined (NS_IMPL_COCOA) || MAC_OS_X_VERSION_MAX_ALLOWED <
MAC_OS_X_VERSION_10_6
/* if we get here we should send the key for input manager processing */
if (firstTime && [[NSInputManager currentInputManager]
=== modified file 'src/process.c'
--- a/src/process.c 2011-08-24 01:55:10 +0000
+++ b/src/process.c 2011-08-24 21:20:36 +0000
@@ -3573,52 +3573,27 @@
struct ifconf ifconf;
struct ifreq *ifreq;
void *buf = NULL;
- int buf_size = 512, s, i;
+ ptrdiff_t buf_size = 512;
+ int s, i;
Lisp_Object res;
s = socket (AF_INET, SOCK_STREAM, 0);
if (s < 0)
return Qnil;
- ifconf.ifc_buf = 0;
- ifconf.ifc_len = 0;
- if (ioctl (s, SIOCGIFCONF, &ifconf) == 0 && ifconf.ifc_len > 0)
+ do
{
- ifconf.ifc_buf = xmalloc (ifconf.ifc_len);
- if (ifconf.ifc_buf == NULL)
- {
- close (s);
- return Qnil;
- }
+ buf = xpalloc (buf, &buf_size, 1, INT_MAX, 1);
+ ifconf.ifc_buf = buf;
+ ifconf.ifc_len = buf_size;
if (ioctl (s, SIOCGIFCONF, &ifconf))
{
close (s);
- xfree (ifconf.ifc_buf);
+ xfree (buf);
return Qnil;
}
}
- else
- do
- {
- buf_size *= 2;
- buf = xrealloc (buf, buf_size);
- if (!buf)
- {
- close (s);
- return Qnil;
- }
-
- ifconf.ifc_buf = buf;
- ifconf.ifc_len = buf_size;
- if (ioctl (s, SIOCGIFCONF, &ifconf))
- {
- close (s);
- xfree (buf);
- return Qnil;
- }
-
- }
- while (ifconf.ifc_len == buf_size);
+ while (ifconf.ifc_len == buf_size);
close (s);
=== modified file 'src/region-cache.c'
--- a/src/region-cache.c 2011-04-19 00:34:42 +0000
+++ b/src/region-cache.c 2011-08-05 02:15:35 +0000
@@ -63,7 +63,7 @@
revalidate_region_cache to see how this helps. */
struct boundary {
- EMACS_INT pos;
+ ptrdiff_t pos;
int value;
};
@@ -73,16 +73,16 @@
struct boundary *boundaries;
/* boundaries[gap_start ... gap_start + gap_len - 1] is the gap. */
- EMACS_INT gap_start, gap_len;
+ ptrdiff_t gap_start, gap_len;
/* The number of elements allocated to boundaries, not including the
gap. */
- EMACS_INT cache_len;
+ ptrdiff_t cache_len;
/* The areas that haven't changed since the last time we cleaned out
invalid entries from the cache. These overlap when the buffer is
entirely unchanged. */
- EMACS_INT beg_unchanged, end_unchanged;
+ ptrdiff_t beg_unchanged, end_unchanged;
/* The first and last positions in the buffer. Because boundaries
store their positions relative to the start (BEG) and end (Z) of
@@ -92,7 +92,7 @@
Yes, buffer_beg is always 1. It's there for symmetry with
buffer_end and the BEG and BUF_BEG macros. */
- EMACS_INT buffer_beg, buffer_end;
+ ptrdiff_t buffer_beg, buffer_end;
};
/* Return the position of boundary i in cache c. */
@@ -173,17 +173,17 @@
This operation should be logarithmic in the number of cache
entries. It would be nice if it took advantage of locality of
reference, too, by searching entries near the last entry found. */
-static EMACS_INT
-find_cache_boundary (struct region_cache *c, EMACS_INT pos)
+static ptrdiff_t
+find_cache_boundary (struct region_cache *c, ptrdiff_t pos)
{
- EMACS_INT low = 0, high = c->cache_len;
+ ptrdiff_t low = 0, high = c->cache_len;
while (low + 1 < high)
{
/* mid is always a valid index, because low < high and ">> 1"
rounds down. */
- EMACS_INT mid = (low + high) >> 1;
- EMACS_INT boundary = BOUNDARY_POS (c, mid);
+ ptrdiff_t mid = (low >> 1) + (high >> 1) + (low & high & 1);
+ ptrdiff_t boundary = BOUNDARY_POS (c, mid);
if (pos < boundary)
high = mid;
@@ -208,13 +208,13 @@
/* Move the gap of cache C to index POS, and make sure it has space
for at least MIN_SIZE boundaries. */
static void
-move_cache_gap (struct region_cache *c, EMACS_INT pos, EMACS_INT min_size)
+move_cache_gap (struct region_cache *c, ptrdiff_t pos, ptrdiff_t min_size)
{
/* Copy these out of the cache and into registers. */
- EMACS_INT gap_start = c->gap_start;
- EMACS_INT gap_len = c->gap_len;
- EMACS_INT buffer_beg = c->buffer_beg;
- EMACS_INT buffer_end = c->buffer_end;
+ ptrdiff_t gap_start = c->gap_start;
+ ptrdiff_t gap_len = c->gap_len;
+ ptrdiff_t buffer_beg = c->buffer_beg;
+ ptrdiff_t buffer_end = c->buffer_end;
if (pos < 0
|| pos > c->cache_len)
@@ -246,17 +246,11 @@
when the portion after the gap is smallest. */
if (gap_len < min_size)
{
- EMACS_INT i;
-
- /* Always make at least NEW_CACHE_GAP elements, as long as we're
- expanding anyway. */
- if (min_size < NEW_CACHE_GAP)
- min_size = NEW_CACHE_GAP;
+ ptrdiff_t i;
c->boundaries =
- (struct boundary *) xrealloc (c->boundaries,
- ((min_size + c->cache_len)
- * sizeof (*c->boundaries)));
+ xpalloc (c->boundaries, &c->cache_len, min_size, -1,
+ sizeof *c->boundaries);
/* Some systems don't provide a version of the copy routine that
can be trusted to shift memory upward into an overlapping
@@ -293,7 +287,7 @@
/* Insert a new boundary in cache C; it will have cache index I,
and have the specified POS and VALUE. */
static void
-insert_cache_boundary (struct region_cache *c, EMACS_INT i, EMACS_INT pos,
+insert_cache_boundary (struct region_cache *c, ptrdiff_t i, ptrdiff_t pos,
int value)
{
/* i must be a valid cache index. */
@@ -331,9 +325,9 @@
static void
delete_cache_boundaries (struct region_cache *c,
- EMACS_INT start, EMACS_INT end)
+ ptrdiff_t start, ptrdiff_t end)
{
- EMACS_INT len = end - start;
+ ptrdiff_t len = end - start;
/* Gotta be in range. */
if (start < 0
@@ -384,7 +378,7 @@
/* Set the value in cache C for the region START..END to VALUE. */
static void
set_cache_region (struct region_cache *c,
- EMACS_INT start, EMACS_INT end, int value)
+ ptrdiff_t start, ptrdiff_t end, int value)
{
if (start > end)
abort ();
@@ -407,8 +401,8 @@
index of the earliest boundary after the last character in
start..end. (This tortured terminology is intended to answer
all the "< or <=?" sort of questions.) */
- EMACS_INT start_ix = find_cache_boundary (c, start);
- EMACS_INT end_ix = find_cache_boundary (c, end - 1) + 1;
+ ptrdiff_t start_ix = find_cache_boundary (c, start);
+ ptrdiff_t end_ix = find_cache_boundary (c, end - 1) + 1;
/* We must remember the value established by the last boundary
before end; if that boundary's domain stretches beyond end,
@@ -486,7 +480,7 @@
args to pass are the same before and after such an operation.) */
void
invalidate_region_cache (struct buffer *buf, struct region_cache *c,
- EMACS_INT head, EMACS_INT tail)
+ ptrdiff_t head, ptrdiff_t tail)
{
/* Let chead = c->beg_unchanged, and
ctail = c->end_unchanged.
@@ -624,7 +618,7 @@
corresponds to the modified region of the buffer. */
else
{
- EMACS_INT modified_ix;
+ ptrdiff_t modified_ix;
/* These positions are correct, relative to both the cache basis
and the buffer basis. */
@@ -693,7 +687,7 @@
no newlines", in the case of the line cache). */
void
know_region_cache (struct buffer *buf, struct region_cache *c,
- EMACS_INT start, EMACS_INT end)
+ ptrdiff_t start, ptrdiff_t end)
{
revalidate_region_cache (buf, c);
@@ -708,14 +702,14 @@
position after POS where the knownness changes. */
int
region_cache_forward (struct buffer *buf, struct region_cache *c,
- EMACS_INT pos, EMACS_INT *next)
+ ptrdiff_t pos, ptrdiff_t *next)
{
revalidate_region_cache (buf, c);
{
- EMACS_INT i = find_cache_boundary (c, pos);
+ ptrdiff_t i = find_cache_boundary (c, pos);
int i_value = BOUNDARY_VALUE (c, i);
- EMACS_INT j;
+ ptrdiff_t j;
/* Beyond the end of the buffer is unknown, by definition. */
if (pos >= BUF_Z (buf))
@@ -744,7 +738,7 @@
the purposes of CACHE. If NEXT is non-zero, set *NEXT to the nearest
position before POS where the knownness changes. */
int region_cache_backward (struct buffer *buf, struct region_cache *c,
- EMACS_INT pos, EMACS_INT *next)
+ ptrdiff_t pos, ptrdiff_t *next)
{
revalidate_region_cache (buf, c);
@@ -757,9 +751,9 @@
}
{
- EMACS_INT i = find_cache_boundary (c, pos - 1);
+ ptrdiff_t i = find_cache_boundary (c, pos - 1);
int i_value = BOUNDARY_VALUE (c, i);
- EMACS_INT j;
+ ptrdiff_t j;
if (next)
{
@@ -785,18 +779,18 @@
void
pp_cache (struct region_cache *c)
{
- int i;
- EMACS_INT beg_u = c->buffer_beg + c->beg_unchanged;
- EMACS_INT end_u = c->buffer_end - c->end_unchanged;
+ ptrdiff_t i;
+ ptrdiff_t beg_u = c->buffer_beg + c->beg_unchanged;
+ ptrdiff_t end_u = c->buffer_end - c->end_unchanged;
fprintf (stderr,
- "basis: %"pI"d..%"pI"d modified: %"pI"d..%"pI"d\n",
+ "basis: %"pD"d..%"pD"d modified: %"pD"d..%"pD"d\n",
c->buffer_beg, c->buffer_end,
beg_u, end_u);
for (i = 0; i < c->cache_len; i++)
{
- EMACS_INT pos = BOUNDARY_POS (c, i);
+ ptrdiff_t pos = BOUNDARY_POS (c, i);
putc (((pos < beg_u) ? 'v'
: (pos == beg_u) ? '-'
@@ -806,6 +800,6 @@
: (pos == end_u) ? '-'
: ' '),
stderr);
- fprintf (stderr, "%"pI"d : %d\n", pos, BOUNDARY_VALUE (c, i));
+ fprintf (stderr, "%"pD"d : %d\n", pos, BOUNDARY_VALUE (c, i));
}
}
=== modified file 'src/region-cache.h'
--- a/src/region-cache.h 2011-04-14 06:48:41 +0000
+++ b/src/region-cache.h 2011-08-05 02:15:35 +0000
@@ -72,7 +72,7 @@
no newlines", in the case of the line cache). */
extern void know_region_cache (struct buffer *BUF,
struct region_cache *CACHE,
- EMACS_INT START, EMACS_INT END);
+ ptrdiff_t START, ptrdiff_t END);
/* Indicate that a section of BUF has changed, to invalidate CACHE.
HEAD is the number of chars unchanged at the beginning of the buffer.
@@ -84,7 +84,7 @@
args to pass are the same before and after such an operation.) */
extern void invalidate_region_cache (struct buffer *BUF,
struct region_cache *CACHE,
- EMACS_INT HEAD, EMACS_INT TAIL);
+ ptrdiff_t HEAD, ptrdiff_t TAIL);
/* The scanning functions.
@@ -100,13 +100,13 @@
position after POS where the knownness changes. */
extern int region_cache_forward (struct buffer *BUF,
struct region_cache *CACHE,
- EMACS_INT POS,
- EMACS_INT *NEXT);
+ ptrdiff_t POS,
+ ptrdiff_t *NEXT);
/* Return true if the text immediately before POS in BUF is known, for
the purposes of CACHE. If NEXT is non-zero, set *NEXT to the nearest
position before POS where the knownness changes. */
extern int region_cache_backward (struct buffer *BUF,
struct region_cache *CACHE,
- EMACS_INT POS,
- EMACS_INT *NEXT);
+ ptrdiff_t POS,
+ ptrdiff_t *NEXT);
=== modified file 'src/scroll.c'
--- a/src/scroll.c 2011-06-22 18:15:23 +0000
+++ b/src/scroll.c 2011-08-05 02:15:35 +0000
@@ -969,32 +969,14 @@
const char *cleanup_string,
int coefficient)
{
- if (FRAME_INSERT_COST (frame) != 0)
- {
- FRAME_INSERT_COST (frame) =
- (int *) xrealloc (FRAME_INSERT_COST (frame),
- FRAME_LINES (frame) * sizeof (int));
- FRAME_DELETEN_COST (frame) =
- (int *) xrealloc (FRAME_DELETEN_COST (frame),
- FRAME_LINES (frame) * sizeof (int));
- FRAME_INSERTN_COST (frame) =
- (int *) xrealloc (FRAME_INSERTN_COST (frame),
- FRAME_LINES (frame) * sizeof (int));
- FRAME_DELETE_COST (frame) =
- (int *) xrealloc (FRAME_DELETE_COST (frame),
- FRAME_LINES (frame) * sizeof (int));
- }
- else
- {
- FRAME_INSERT_COST (frame) =
- (int *) xmalloc (FRAME_LINES (frame) * sizeof (int));
- FRAME_DELETEN_COST (frame) =
- (int *) xmalloc (FRAME_LINES (frame) * sizeof (int));
- FRAME_INSERTN_COST (frame) =
- (int *) xmalloc (FRAME_LINES (frame) * sizeof (int));
- FRAME_DELETE_COST (frame) =
- (int *) xmalloc (FRAME_LINES (frame) * sizeof (int));
- }
+ FRAME_INSERT_COST (frame) =
+ xnrealloc (FRAME_INSERT_COST (frame), FRAME_LINES (frame), sizeof (int));
+ FRAME_DELETEN_COST (frame) =
+ xnrealloc (FRAME_DELETEN_COST (frame), FRAME_LINES (frame), sizeof (int));
+ FRAME_INSERTN_COST (frame) =
+ xnrealloc (FRAME_INSERTN_COST (frame), FRAME_LINES (frame), sizeof (int));
+ FRAME_DELETE_COST (frame) =
+ xnrealloc (FRAME_DELETE_COST (frame), FRAME_LINES (frame), sizeof (int));
ins_del_costs (frame,
ins_line_string, multi_ins_string,
=== modified file 'src/search.c'
--- a/src/search.c 2011-07-14 18:45:36 +0000
+++ b/src/search.c 2011-08-05 02:15:35 +0000
@@ -683,7 +683,7 @@
to see where we can avoid some scanning. */
if (target == '\n' && newline_cache)
{
- EMACS_INT next_change;
+ ptrdiff_t next_change;
immediate_quit = 0;
while (region_cache_forward
(current_buffer, newline_cache, start_byte, &next_change))
@@ -755,7 +755,7 @@
/* Consult the newline cache, if appropriate. */
if (target == '\n' && newline_cache)
{
- EMACS_INT next_change;
+ ptrdiff_t next_change;
immediate_quit = 0;
while (region_cache_backward
(current_buffer, newline_cache, start_byte, &next_change))
@@ -2640,15 +2640,17 @@
perform substitution on the replacement string. */
if (NILP (literal))
{
- EMACS_INT length = SBYTES (newtext);
+ ptrdiff_t length = SBYTES (newtext);
unsigned char *substed;
- EMACS_INT substed_alloc_size, substed_len;
+ ptrdiff_t substed_alloc_size, substed_len;
int buf_multibyte = !NILP (BVAR (current_buffer,
enable_multibyte_characters));
int str_multibyte = STRING_MULTIBYTE (newtext);
int really_changed = 0;
- substed_alloc_size = length * 2 + 100;
- substed = (unsigned char *) xmalloc (substed_alloc_size + 1);
+ substed_alloc_size = ((STRING_BYTES_BOUND - 100) / 2 < length
+ ? STRING_BYTES_BOUND
+ : length * 2 + 100);
+ substed = (unsigned char *) xmalloc (substed_alloc_size);
substed_len = 0;
/* Go thru NEWTEXT, producing the actual text to insert in
@@ -2659,7 +2661,7 @@
{
unsigned char str[MAX_MULTIBYTE_LENGTH];
const unsigned char *add_stuff = NULL;
- EMACS_INT add_len = 0;
+ ptrdiff_t add_len = 0;
int idx = -1;
if (str_multibyte)
@@ -2723,7 +2725,7 @@
set up ADD_STUFF and ADD_LEN to point to it. */
if (idx >= 0)
{
- EMACS_INT begbyte = CHAR_TO_BYTE (search_regs.start[idx]);
+ ptrdiff_t begbyte = CHAR_TO_BYTE (search_regs.start[idx]);
add_len = CHAR_TO_BYTE (search_regs.end[idx]) - begbyte;
if (search_regs.start[idx] < GPT && GPT < search_regs.end[idx])
move_gap (search_regs.start[idx]);
@@ -2734,12 +2736,11 @@
is invariably ADD_LEN bytes starting at ADD_STUFF. */
/* Make sure SUBSTED is big enough. */
- if (substed_len + add_len >= substed_alloc_size)
- {
- substed_alloc_size = substed_len + add_len + 500;
- substed = (unsigned char *) xrealloc (substed,
- substed_alloc_size + 1);
- }
+ if (substed_alloc_size - substed_len < add_len)
+ substed =
+ xpalloc (substed, &substed_alloc_size,
+ add_len - (substed_alloc_size - substed_len),
+ STRING_BYTES_BOUND, 1);
/* Now add to the end of SUBSTED. */
if (add_stuff)
@@ -2973,7 +2974,7 @@
If optional arg RESEAT is non-nil, make markers on LIST point nowhere. */)
(register Lisp_Object list, Lisp_Object reseat)
{
- register int i;
+ ptrdiff_t i;
register Lisp_Object marker;
if (running_asynch_code)
@@ -2987,31 +2988,21 @@
/* Allocate registers if they don't already exist. */
{
- int length = XFASTINT (Flength (list)) / 2;
+ ptrdiff_t length = XFASTINT (Flength (list)) / 2;
if (length > search_regs.num_regs)
{
- if (search_regs.num_regs == 0)
- {
- search_regs.start
- = (regoff_t *) xmalloc (length * sizeof (regoff_t));
- search_regs.end
- = (regoff_t *) xmalloc (length * sizeof (regoff_t));
- }
- else
- {
- search_regs.start
- = (regoff_t *) xrealloc (search_regs.start,
- length * sizeof (regoff_t));
- search_regs.end
- = (regoff_t *) xrealloc (search_regs.end,
- length * sizeof (regoff_t));
- }
+ ptrdiff_t num_regs = search_regs.num_regs;
+ search_regs.start =
+ xpalloc (search_regs.start, &num_regs, length - num_regs,
+ min (PTRDIFF_MAX, UINT_MAX), sizeof (regoff_t));
+ search_regs.end =
+ xrealloc (search_regs.end, num_regs * sizeof (regoff_t));
- for (i = search_regs.num_regs; i < length; i++)
+ for (i = search_regs.num_regs; i < num_regs; i++)
search_regs.start[i] = -1;
- search_regs.num_regs = length;
+ search_regs.num_regs = num_regs;
}
for (i = 0; CONSP (list); i++)
=== modified file 'src/sysdep.c'
--- a/src/sysdep.c 2011-07-11 06:05:57 +0000
+++ b/src/sysdep.c 2011-07-29 01:16:54 +0000
@@ -2640,7 +2640,7 @@
ssize_t nread;
const char *cmd = NULL;
char *cmdline = NULL;
- size_t cmdsize = 0, cmdline_size;
+ ptrdiff_t cmdsize = 0, cmdline_size;
unsigned char c;
int proc_id, ppid, uid, gid, pgrp, sess, tty, tpgid, thcount;
unsigned long long u_time, s_time, cutime, cstime, start;
@@ -2822,8 +2822,10 @@
if (fd >= 0)
{
char ch;
- for (cmdline_size = 0; emacs_read (fd, &ch, 1) == 1; cmdline_size++)
+ for (cmdline_size = 0; cmdline_size < STRING_BYTES_BOUND; cmdline_size++)
{
+ if (emacs_read (fd, &ch, 1) != 1)
+ break;
c = ch;
if (isspace (c) || c == '\\')
cmdline_size++; /* for later quoting, see below */
@@ -2844,7 +2846,7 @@
nread = 0;
}
/* We don't want trailing null characters. */
- for (p = cmdline + nread - 1; p > cmdline && !*p; p--)
+ for (p = cmdline + nread; p > cmdline + 1 && !p[-1]; p--)
nread--;
for (p = cmdline; p < cmdline + nread; p++)
{
=== modified file 'src/term.c'
--- a/src/term.c 2011-07-14 17:28:42 +0000
+++ b/src/term.c 2011-08-05 02:15:35 +0000
@@ -136,10 +136,6 @@
static int max_frame_cols;
-/* The largest frame height in any call to calculate_costs. */
-
-static int max_frame_lines;
-
/* Non-zero if we have dropped our controlling tty and therefore
should not open a frame on stdout. */
static int no_controlling_tty;
@@ -497,8 +493,8 @@
static unsigned char *encode_terminal_src;
static unsigned char *encode_terminal_dst;
/* Allocated sizes of the above buffers. */
-static int encode_terminal_src_size;
-static int encode_terminal_dst_size;
+static ptrdiff_t encode_terminal_src_size;
+static ptrdiff_t encode_terminal_dst_size;
/* Encode SRC_LEN glyphs starting at SRC to terminal output codes.
Set CODING->produced to the byte-length of the resulting byte
@@ -509,8 +505,8 @@
{
struct glyph *src_end = src + src_len;
unsigned char *buf;
- int nchars, nbytes, required;
- register int tlen = GLYPH_TABLE_LENGTH;
+ ptrdiff_t nchars, nbytes, required;
+ ptrdiff_t tlen = GLYPH_TABLE_LENGTH;
register Lisp_Object *tbase = GLYPH_TABLE_BASE;
Lisp_Object charset_list;
@@ -518,13 +514,13 @@
multibyte-form. But, it may be enlarged on demand if
Vglyph_table contains a string or a composite glyph is
encountered. */
- required = MAX_MULTIBYTE_LENGTH * src_len;
+ if (min (PTRDIFF_MAX, SIZE_MAX) / MAX_MULTIBYTE_LENGTH < src_len)
+ memory_full (SIZE_MAX);
+ required = src_len;
+ required *= MAX_MULTIBYTE_LENGTH;
if (encode_terminal_src_size < required)
{
- if (encode_terminal_src)
- encode_terminal_src = xrealloc (encode_terminal_src, required);
- else
- encode_terminal_src = xmalloc (required);
+ encode_terminal_src = xrealloc (encode_terminal_src, required);
encode_terminal_src_size = required;
}
@@ -544,19 +540,21 @@
if (src->u.cmp.automatic)
{
gstring = composition_gstring_from_id (src->u.cmp.id);
- required = src->slice.cmp.to + 1 - src->slice.cmp.from;
+ required = src->slice.cmp.to - src->slice.cmp.from + 1;
}
else
{
cmp = composition_table[src->u.cmp.id];
- required = MAX_MULTIBYTE_LENGTH * cmp->glyph_len;
+ required = cmp->glyph_len;
+ required *= MAX_MULTIBYTE_LENGTH;
}
- if (encode_terminal_src_size < nbytes + required)
+ if (encode_terminal_src_size - nbytes < required)
{
- encode_terminal_src_size = nbytes + required;
- encode_terminal_src = xrealloc (encode_terminal_src,
- encode_terminal_src_size);
+ encode_terminal_src =
+ xpalloc (encode_terminal_src, &encode_terminal_src_size,
+ required - (encode_terminal_src_size - nbytes),
+ -1, 1);
buf = encode_terminal_src + nbytes;
}
@@ -627,11 +625,11 @@
if (NILP (string))
{
nbytes = buf - encode_terminal_src;
- if (encode_terminal_src_size < nbytes + MAX_MULTIBYTE_LENGTH)
+ if (encode_terminal_src_size - nbytes < MAX_MULTIBYTE_LENGTH)
{
- encode_terminal_src_size = nbytes + MAX_MULTIBYTE_LENGTH;
- encode_terminal_src = xrealloc (encode_terminal_src,
- encode_terminal_src_size);
+ encode_terminal_src =
+ xpalloc (encode_terminal_src, &encode_terminal_src_size,
+ MAX_MULTIBYTE_LENGTH, -1, 1);
buf = encode_terminal_src + nbytes;
}
if (CHAR_BYTE8_P (c)
@@ -659,11 +657,13 @@
if (! STRING_MULTIBYTE (string))
string = string_to_multibyte (string);
nbytes = buf - encode_terminal_src;
- if (encode_terminal_src_size < nbytes + SBYTES (string))
+ if (encode_terminal_src_size - nbytes < SBYTES (string))
{
- encode_terminal_src_size = nbytes + SBYTES (string);
- encode_terminal_src = xrealloc (encode_terminal_src,
- encode_terminal_src_size);
+ encode_terminal_src =
+ xpalloc (encode_terminal_src, &encode_terminal_src_size,
+ (SBYTES (string)
+ - (encode_terminal_src_size - nbytes)),
+ -1, 1);
buf = encode_terminal_src + nbytes;
}
memcpy (buf, SDATA (string), SBYTES (string));
@@ -684,12 +684,9 @@
coding->source = encode_terminal_src;
if (encode_terminal_dst_size == 0)
{
+ encode_terminal_dst = xrealloc (encode_terminal_dst,
+ encode_terminal_src_size);
encode_terminal_dst_size = encode_terminal_src_size;
- if (encode_terminal_dst)
- encode_terminal_dst = xrealloc (encode_terminal_dst,
- encode_terminal_dst_size);
- else
- encode_terminal_dst = xmalloc (encode_terminal_dst_size);
}
coding->destination = encode_terminal_dst;
coding->dst_bytes = encode_terminal_dst_size;
@@ -1156,21 +1153,17 @@
char_ins_del_vector (i.e., char_ins_del_cost) isn't used because
X turns off char_ins_del_ok. */
- max_frame_lines = max (max_frame_lines, FRAME_LINES (frame));
max_frame_cols = max (max_frame_cols, FRAME_COLS (frame));
+ if ((min (PTRDIFF_MAX, SIZE_MAX) / sizeof (int) - 1) / 2
+ < max_frame_cols)
+ memory_full (SIZE_MAX);
- if (char_ins_del_vector != 0)
- char_ins_del_vector
- = (int *) xrealloc (char_ins_del_vector,
- (sizeof (int)
- + 2 * max_frame_cols * sizeof (int)));
- else
- char_ins_del_vector
- = (int *) xmalloc (sizeof (int)
- + 2 * max_frame_cols * sizeof (int));
+ char_ins_del_vector =
+ xrealloc (char_ins_del_vector,
+ (sizeof (int) + 2 * sizeof (int) * max_frame_cols));
memset (char_ins_del_vector, 0,
- (sizeof (int) + 2 * max_frame_cols * sizeof (int)));
+ (sizeof (int) + 2 * sizeof (int) * max_frame_cols));
if (f && (!tty->TS_ins_line && !tty->TS_del_line))
=== modified file 'src/termcap.c'
--- a/src/termcap.c 2011-07-10 08:20:10 +0000
+++ b/src/termcap.c 2011-08-05 02:15:35 +0000
@@ -480,7 +480,7 @@
/* If BP is malloc'd by us, make sure it is big enough. */
if (malloc_size)
{
- int offset1 = bp1 - bp, offset2 = tc_search_point - bp;
+ ptrdiff_t offset1 = bp1 - bp, offset2 = tc_search_point - bp;
malloc_size = offset1 + buf.size;
bp = termcap_name = (char *) xrealloc (bp, malloc_size);
bp1 = termcap_name + offset1;
@@ -619,7 +619,6 @@
register char *end;
register int nread;
register char *buf = bufp->beg;
- register char *tem;
if (!append_end)
append_end = bufp->ptr;
@@ -636,14 +635,14 @@
{
if (bufp->full == bufp->size)
{
- if ((PTRDIFF_MAX - 1) / 2 < bufp->size)
- memory_full (SIZE_MAX);
- bufp->size *= 2;
+ ptrdiff_t ptr_offset = bufp->ptr - buf;
+ ptrdiff_t append_end_offset = append_end - buf;
/* Add 1 to size to ensure room for terminating null. */
- tem = (char *) xrealloc (buf, bufp->size + 1);
- bufp->ptr = (bufp->ptr - buf) + tem;
- append_end = (append_end - buf) + tem;
- bufp->beg = buf = tem;
+ ptrdiff_t size = bufp->size + 1;
+ bufp->beg = buf = xpalloc (buf, &size, 1, -1, 1);
+ bufp->size = size - 1;
+ bufp->ptr = buf + ptr_offset;
+ append_end = buf + append_end_offset;
}
}
else
=== modified file 'src/termhooks.h'
--- a/src/termhooks.h 2011-06-06 19:43:39 +0000
+++ b/src/termhooks.h 2011-07-20 00:09:31 +0000
@@ -288,12 +288,12 @@
/* The next four modifier bits are used also in keyboard events at
the Lisp level.
- It's probably not the greatest idea to use the 2^23 bit for any
+ It's probably not the greatest idea to use the 2^28 bit for any
modifier. It may or may not be the sign bit, depending on
- VALBITS, so using it to represent a modifier key means that
+ FIXNUM_BITS, so using it to represent a modifier key means that
characters thus modified have different integer equivalents
depending on the architecture they're running on. Oh, and
- applying XINT to a character whose 2^23 bit is set sign-extends
+ applying XINT to a character whose 2^28 bit is set might sign-extend
it, so you get a bunch of bits in the mask you didn't want.
The CHAR_ macros are defined in lisp.h. */
=== modified file 'src/tparam.c'
--- a/src/tparam.c 2011-07-10 08:20:10 +0000
+++ b/src/tparam.c 2011-08-05 02:15:35 +0000
@@ -79,24 +79,25 @@
register const char *p = string;
register char *op = outstring;
char *outend;
- int outlen = 0;
+ char *new = 0;
+ ptrdiff_t outlen = 0;
register int tem;
int *old_argp = argp; /* can move */
int *fixed_argp = argp; /* never moves */
int explicit_param_p = 0; /* set by %p */
- int doleft = 0;
- int doup = 0;
+ ptrdiff_t doleft = 0;
+ ptrdiff_t doup = 0;
+ ptrdiff_t append_len = 0;
outend = outstring + len;
while (1)
{
/* If the buffer might be too short, make it bigger. */
- if (op + 5 >= outend)
+ while (outend - op - append_len <= 5)
{
- register char *new;
- int offset = op - outstring;
+ ptrdiff_t offset = op - outstring;
if (outlen == 0)
{
@@ -106,8 +107,7 @@
}
else
{
- outlen *= 2;
- new = (char *) xrealloc (outstring, outlen);
+ new = xpalloc (outstring, &outlen, 1, -1, 1);
}
op = new + offset;
@@ -167,11 +167,15 @@
and this is one of them, increment it. */
while (tem == 0 || tem == '\n' || tem == '\t')
{
+ ptrdiff_t append_len_incr;
tem++;
if (argp == old_argp)
- doup++, outend -= strlen (up);
+ doup++, append_len_incr = strlen (up);
else
- doleft++, outend -= strlen (left);
+ doleft++, append_len_incr = strlen (left);
+ if (INT_ADD_OVERFLOW (append_len, append_len_incr))
+ memory_full (SIZE_MAX);
+ append_len += append_len_incr;
}
}
*op++ = tem ? tem : 0200;
@@ -273,7 +277,7 @@
args[0] = atoi (argv[2]);
args[1] = atoi (argv[3]);
args[2] = atoi (argv[4]);
- tparam1 (argv[1], buf, "LEFT", "UP", args);
+ tparam1 (argv[1], buf, 50, "LEFT", "UP", args);
printf ("%s\n", buf);
return 0;
}
=== modified file 'src/window.c'
--- a/src/window.c 2011-08-05 11:04:44 +0000
+++ b/src/window.c 2011-08-05 23:35:10 +0000
@@ -5069,7 +5069,7 @@
&& (!EQ (Vrecenter_redisplay, Qtty)
|| !NILP (Ftty_type (selected_frame))))
{
- int i;
+ ptrdiff_t i;
/* Invalidate pixel data calculated for all compositions. */
for (i = 0; i < n_compositions; i++)
=== modified file 'src/xdisp.c'
--- a/src/xdisp.c 2011-08-26 10:07:06 +0000
+++ b/src/xdisp.c 2011-08-26 16:13:07 +0000
@@ -2478,10 +2478,7 @@
else if (INTEGERP (w->redisplay_end_trigger))
it->redisplay_end_trigger_charpos = XINT (w->redisplay_end_trigger);
- /* Correct bogus values of tab_width. */
- it->tab_width = XINT (BVAR (current_buffer, tab_width));
- if (it->tab_width <= 0 || it->tab_width > 1000)
- it->tab_width = 8;
+ it->tab_width = SANE_TAB_WIDTH (current_buffer);
/* Are lines in the display truncated? */
if (base_face_id != DEFAULT_FACE_ID
@@ -10440,13 +10437,14 @@
store_mode_line_noprop_char (char c)
{
/* If output position has reached the end of the allocated buffer,
- double the buffer's size. */
+ increase the buffer's size. */
if (mode_line_noprop_ptr == mode_line_noprop_buf_end)
{
- int len = MODE_LINE_NOPROP_LEN (0);
- int new_size = 2 * len * sizeof *mode_line_noprop_buf;
- mode_line_noprop_buf = (char *) xrealloc (mode_line_noprop_buf,
new_size);
- mode_line_noprop_buf_end = mode_line_noprop_buf + new_size;
+ ptrdiff_t len = MODE_LINE_NOPROP_LEN (0);
+ ptrdiff_t size = len;
+ mode_line_noprop_buf =
+ xpalloc (mode_line_noprop_buf, &size, 1, STRING_BYTES_BOUND, 1);
+ mode_line_noprop_buf_end = mode_line_noprop_buf + size;
mode_line_noprop_ptr = mode_line_noprop_buf + len;
}
@@ -10508,9 +10506,9 @@
/* Do we have more than one visible frame on this X display? */
Lisp_Object tail;
Lisp_Object fmt;
- int title_start;
+ ptrdiff_t title_start;
char *title;
- int len;
+ ptrdiff_t len;
struct it it;
int count = SPECPDL_INDEX ();
@@ -21404,7 +21402,7 @@
if (FRAME_WINDOW_P (it->f)
&& valid_image_p (prop))
{
- int id = lookup_image (it->f, prop);
+ ptrdiff_t id = lookup_image (it->f, prop);
struct image *img = IMAGE_FROM_ID (it->f, id);
return OK_PIXELS (width_p ? img->width : img->height);
@@ -22276,7 +22274,7 @@
do { \
int face_id = (row)->glyphs[area][START].face_id; \
struct face *base_face = FACE_FROM_ID (f, face_id);
\
- int cmp_id = (row)->glyphs[area][START].u.cmp.id; \
+ ptrdiff_t cmp_id = (row)->glyphs[area][START].u.cmp.id; \
struct composition *cmp = composition_table[cmp_id]; \
XChar2b *char2b; \
struct glyph_string *first_s IF_LINT (= NULL); \
=== modified file 'src/xfaces.c'
--- a/src/xfaces.c 2011-08-19 11:30:29 +0000
+++ b/src/xfaces.c 2011-08-19 14:28:36 +0000
@@ -403,7 +403,7 @@
/* A vector mapping Lisp face Id's to face names. */
static Lisp_Object *lface_id_to_name;
-static int lface_id_to_name_size;
+static ptrdiff_t lface_id_to_name_size;
/* TTY color-related functions (defined in tty-colors.el). */
@@ -2682,12 +2682,10 @@
The mapping from Lisp face to Lisp face id is given by the
property `face' of the Lisp face name. */
if (next_lface_id == lface_id_to_name_size)
- {
- int new_size = max (50, 2 * lface_id_to_name_size);
- int sz = new_size * sizeof *lface_id_to_name;
- lface_id_to_name = (Lisp_Object *) xrealloc (lface_id_to_name, sz);
- lface_id_to_name_size = new_size;
- }
+ lface_id_to_name =
+ xpalloc (lface_id_to_name, &lface_id_to_name_size, 1,
+ min (INT_MAX, MOST_POSITIVE_FIXNUM),
+ sizeof *lface_id_to_name);
lface_id_to_name[next_lface_id] = face;
Fput (face, Qface, make_number (next_lface_id));
@@ -4428,15 +4426,8 @@
if (i == c->used)
{
if (c->used == c->size)
- {
- int new_size, sz;
- new_size = min (2 * c->size, MAX_FACE_ID);
- if (new_size == c->size)
- abort (); /* Alternatives? ++kfs */
- sz = new_size * sizeof *c->faces_by_id;
- c->faces_by_id = (struct face **) xrealloc (c->faces_by_id, sz);
- c->size = new_size;
- }
+ c->faces_by_id = xpalloc (c->faces_by_id, &c->size, 1, MAX_FACE_ID,
+ sizeof *c->faces_by_id);
c->used++;
}
=== modified file 'src/xfns.c'
--- a/src/xfns.c 2011-07-23 12:15:53 +0000
+++ b/src/xfns.c 2011-08-05 02:15:35 +0000
@@ -145,7 +145,8 @@
Lisp_Object Qfont_param;
#if GLYPH_DEBUG
-static int image_cache_refcount, dpyinfo_refcount;
+static ptrdiff_t image_cache_refcount;
+static int dpyinfo_refcount;
#endif
#if defined (USE_GTK) && defined (HAVE_FREETYPE)
@@ -1470,7 +1471,8 @@
the result should be `COMPOUND_TEXT'. */
static unsigned char *
-x_encode_text (Lisp_Object string, Lisp_Object coding_system, int selectionp,
int *text_bytes, int *stringp, int *freep)
+x_encode_text (Lisp_Object string, Lisp_Object coding_system, int selectionp,
+ ptrdiff_t *text_bytes, int *stringp, int *freep)
{
int result = string_xstring_p (string);
struct coding_system coding;
@@ -1488,8 +1490,8 @@
coding.mode |= (CODING_MODE_SAFE_ENCODING | CODING_MODE_LAST_BLOCK);
/* We suppress producing escape sequences for composition. */
coding.common_flags &= ~CODING_ANNOTATION_MASK;
+ coding.destination = xnmalloc (SCHARS (string), 2);
coding.dst_bytes = SCHARS (string) * 2;
- coding.destination = (unsigned char *) xmalloc (coding.dst_bytes);
encode_coding_object (&coding, string, 0, 0,
SCHARS (string), SBYTES (string), Qnil);
*text_bytes = coding.produced;
@@ -1511,7 +1513,8 @@
BLOCK_INPUT;
{
XTextProperty text, icon;
- int bytes, stringp;
+ ptrdiff_t bytes;
+ int stringp;
int do_free_icon_value = 0, do_free_text_value = 0;
Lisp_Object coding_system;
Lisp_Object encoded_name;
@@ -1550,6 +1553,8 @@
: FRAME_X_DISPLAY_INFO (f)->Xatom_COMPOUND_TEXT);
text.format = 8;
text.nitems = bytes;
+ if (text.nitems != bytes)
+ error ("Window name too large");
if (!STRINGP (f->icon_name))
{
@@ -1565,6 +1570,8 @@
: FRAME_X_DISPLAY_INFO (f)->Xatom_COMPOUND_TEXT);
icon.format = 8;
icon.nitems = bytes;
+ if (icon.nitems != bytes)
+ error ("Icon name too large");
encoded_icon_name = ENCODE_UTF_8 (f->icon_name);
}
@@ -4193,21 +4200,19 @@
if (CONSP (value))
{
+ ptrdiff_t elsize;
+
nelements = x_check_property_data (value);
if (nelements == -1)
error ("Bad data in VALUE, must be number, string or cons");
- if (element_format == 8)
- data = (unsigned char *) xmalloc (nelements);
- else if (element_format == 16)
- data = (unsigned char *) xmalloc (nelements*2);
- else /* format == 32 */
- /* The man page for XChangeProperty:
- "If the specified format is 32, the property data must be a
- long array."
- This applies even if long is more than 64 bits. The X library
- converts to 32 bits before sending to the X server. */
- data = (unsigned char *) xmalloc (nelements * sizeof(long));
+ /* The man page for XChangeProperty:
+ "If the specified format is 32, the property data must be a
+ long array."
+ This applies even if long is more than 32 bits. The X library
+ converts to 32 bits before sending to the X server. */
+ elsize = element_format == 32 ? sizeof (long) : element_format >> 3;
+ data = xnmalloc (nelements, elsize);
x_fill_property_data (FRAME_X_DISPLAY (f), value, data, element_format);
}
@@ -4215,7 +4220,9 @@
{
CHECK_STRING (value);
data = SDATA (value);
- nelements = SCHARS (value);
+ if (INT_MAX < SBYTES (value))
+ error ("VALUE too long");
+ nelements = SBYTES (value);
}
BLOCK_INPUT;
=== modified file 'src/xgselect.c'
--- a/src/xgselect.c 2011-07-01 09:18:46 +0000
+++ b/src/xgselect.c 2011-08-05 02:15:35 +0000
@@ -29,7 +29,7 @@
#include <setjmp.h>
static GPollFD *gfds;
-static int gfds_size;
+static ptrdiff_t gfds_size;
int
xg_select (int max_fds, SELECT_TYPE *rfds, SELECT_TYPE *wfds, SELECT_TYPE
*efds,
@@ -54,10 +54,9 @@
do {
if (n_gfds > gfds_size)
{
- while (n_gfds > gfds_size)
- gfds_size *= 2;
xfree (gfds);
- gfds = xmalloc (sizeof (*gfds) * gfds_size);
+ gfds = xpalloc (0, &gfds_size, n_gfds - gfds_size, INT_MAX,
+ sizeof *gfds);
}
n_gfds = g_main_context_query (context,
=== modified file 'src/xrdb.c'
--- a/src/xrdb.c 2011-07-10 08:20:10 +0000
+++ b/src/xrdb.c 2011-08-05 02:15:35 +0000
@@ -426,24 +426,22 @@
{
XrmDatabase db;
char *p;
- char *path = 0, *home = 0;
- const char *host;
+ char *path = 0;
if ((p = getenv ("XENVIRONMENT")) == NULL)
{
- home = gethomedir ();
- host = get_system_name ();
- path = (char *) xmalloc (strlen (home)
- + sizeof (".Xdefaults-")
- + strlen (host));
- sprintf (path, "%s%s%s", home, ".Xdefaults-", host);
+ static char const xdefaults[] = ".Xdefaults-";
+ char *home = gethomedir ();
+ char const *host = get_system_name ();
+ ptrdiff_t pathsize = strlen (home) + sizeof xdefaults + strlen (host);
+ path = (char *) xrealloc (home, pathsize);
+ strcat (strcat (path, xdefaults), host);
p = path;
}
db = XrmGetFileDatabase (p);
xfree (path);
- xfree (home);
return db;
}
=== modified file 'src/xselect.c'
--- a/src/xselect.c 2011-07-13 03:45:56 +0000
+++ b/src/xselect.c 2011-08-16 18:44:32 +0000
@@ -66,22 +66,15 @@
static void wait_for_property_change (struct prop_location *);
static Lisp_Object x_get_foreign_selection (Lisp_Object, Lisp_Object,
Lisp_Object, Lisp_Object);
-static void x_get_window_property (Display *, Window, Atom,
- unsigned char **, int *,
- Atom *, int *, unsigned long *, int);
-static void receive_incremental_selection (Display *, Window, Atom,
- Lisp_Object, unsigned,
- unsigned char **, int *,
- Atom *, int *, unsigned long *);
static Lisp_Object x_get_window_property_as_lisp_data (Display *,
Window, Atom,
Lisp_Object, Atom);
static Lisp_Object selection_data_to_lisp_data (Display *,
const unsigned char *,
- int, Atom, int);
+ ptrdiff_t, Atom, int);
static void lisp_data_to_selection_data (Display *, Lisp_Object,
unsigned char **, Atom *,
- unsigned *, int *, int *);
+ ptrdiff_t *, int *, int *);
static Lisp_Object clean_local_selection_data (Lisp_Object);
/* Printing traces to stderr. */
@@ -114,15 +107,39 @@
static Lisp_Object Qforeign_selection;
static Lisp_Object Qx_lost_selection_functions, Qx_sent_selection_functions;
+/* Bytes needed to represent 'long' data. This is as per libX11; it
+ is not necessarily sizeof (long). */
+#define X_LONG_SIZE 4
+
+/* Extreme 'short' and 'long' values suitable for libX11. */
+#define X_SHRT_MAX 0x7fff
+#define X_SHRT_MIN (-1 - X_SHRT_MAX)
+#define X_LONG_MAX 0x7fffffff
+#define X_LONG_MIN (-1 - X_LONG_MAX)
+
/* If this is a smaller number than the max-request-size of the display,
emacs will use INCR selection transfer when the selection is larger
than this. The max-request-size is usually around 64k, so if you want
emacs to use incremental selection transfers when the selection is
smaller than that, set this. I added this mostly for debugging the
- incremental transfer stuff, but it might improve server performance. */
-#define MAX_SELECTION_QUANTUM 0xFFFFFF
-
-#define SELECTION_QUANTUM(dpy) ((XMaxRequestSize(dpy) << 2) - 100)
+ incremental transfer stuff, but it might improve server performance.
+
+ This value cannot exceed INT_MAX / max (X_LONG_SIZE, sizeof (long))
+ because it is multiplied by X_LONG_SIZE and by sizeof (long) in
+ subscript calculations. Similarly for PTRDIFF_MAX - 1 or SIZE_MAX
+ - 1 in place of INT_MAX. */
+#define MAX_SELECTION_QUANTUM \
+ ((int) min (0xFFFFFF, (min (INT_MAX, min (PTRDIFF_MAX, SIZE_MAX) - 1)
\
+ / max (X_LONG_SIZE, sizeof (long)))))
+
+static int
+selection_quantum (Display *display)
+{
+ long mrs = XMaxRequestSize (display);
+ return (mrs < MAX_SELECTION_QUANTUM / X_LONG_SIZE + 25
+ ? (mrs - 25) * X_LONG_SIZE
+ : MAX_SELECTION_QUANTUM);
+}
#define LOCAL_SELECTION(selection_symbol,dpyinfo) \
assq_no_quit (selection_symbol, dpyinfo->terminal->Vselection_alist)
@@ -477,7 +494,7 @@
struct selection_data
{
unsigned char *data;
- unsigned int size;
+ ptrdiff_t size;
int format;
Atom type;
int nofree;
@@ -581,14 +598,11 @@
XSelectionEvent *reply = &(reply_base.xselection);
Display *display = SELECTION_EVENT_DISPLAY (event);
Window window = SELECTION_EVENT_REQUESTOR (event);
- int bytes_remaining;
- int max_bytes = SELECTION_QUANTUM (display);
+ ptrdiff_t bytes_remaining;
+ int max_bytes = selection_quantum (display);
int count = SPECPDL_INDEX ();
struct selection_data *cs;
- if (max_bytes > MAX_SELECTION_QUANTUM)
- max_bytes = MAX_SELECTION_QUANTUM;
-
reply->type = SelectionNotify;
reply->display = display;
reply->requestor = window;
@@ -616,11 +630,12 @@
if (cs->property == None)
continue;
- bytes_remaining = cs->size * (cs->format / 8);
+ bytes_remaining = cs->size;
+ bytes_remaining *= cs->format >> 3;
if (bytes_remaining <= max_bytes)
{
/* Send all the data at once, with minimal handshaking. */
- TRACE1 ("Sending all %d bytes", bytes_remaining);
+ TRACE1 ("Sending all %"pD"d bytes", bytes_remaining);
XChangeProperty (display, window, cs->property,
cs->type, cs->format, PropModeReplace,
cs->data, cs->size);
@@ -630,7 +645,7 @@
/* Send an INCR tag to initiate incremental transfer. */
long value[1];
- TRACE2 ("Start sending %d bytes incrementally (%s)",
+ TRACE2 ("Start sending %"pD"d bytes incrementally (%s)",
bytes_remaining, XGetAtomName (display, cs->property));
cs->wait_object
= expect_property_change (display, window, cs->property,
@@ -638,7 +653,7 @@
/* XChangeProperty expects an array of long even if long is
more than 32 bits. */
- value[0] = bytes_remaining;
+ value[0] = min (bytes_remaining, X_LONG_MAX);
XChangeProperty (display, window, cs->property,
dpyinfo->Xatom_INCR, 32, PropModeReplace,
(unsigned char *) value, 1);
@@ -672,7 +687,8 @@
int had_errors = x_had_errors_p (display);
UNBLOCK_INPUT;
- bytes_remaining = cs->size * format_bytes;
+ bytes_remaining = cs->size;
+ bytes_remaining *= format_bytes;
/* Wait for the requester to ack by deleting the property.
This can run Lisp code (process handlers) or signal. */
@@ -810,7 +826,7 @@
non-None property. */
Window requestor = SELECTION_EVENT_REQUESTOR (event);
Lisp_Object multprop;
- int j, nselections;
+ ptrdiff_t j, nselections;
if (property == None) goto DONE;
multprop
@@ -1269,19 +1285,28 @@
static void
x_get_window_property (Display *display, Window window, Atom property,
- unsigned char **data_ret, int *bytes_ret,
+ unsigned char **data_ret, ptrdiff_t *bytes_ret,
Atom *actual_type_ret, int *actual_format_ret,
unsigned long *actual_size_ret, int delete_p)
{
- int total_size;
+ ptrdiff_t total_size;
unsigned long bytes_remaining;
- int offset = 0;
+ ptrdiff_t offset = 0;
+ unsigned char *data = 0;
unsigned char *tmp_data = 0;
int result;
- int buffer_size = SELECTION_QUANTUM (display);
-
- if (buffer_size > MAX_SELECTION_QUANTUM)
- buffer_size = MAX_SELECTION_QUANTUM;
+ int buffer_size = selection_quantum (display);
+
+ /* Wide enough to avoid overflow in expressions using it. */
+ ptrdiff_t x_long_size = X_LONG_SIZE;
+
+ /* Maximum value for TOTAL_SIZE. It cannot exceed PTRDIFF_MAX - 1
+ and SIZE_MAX - 1, for an extra byte at the end. And it cannot
+ exceed LONG_MAX * X_LONG_SIZE, for XGetWindowProperty. */
+ ptrdiff_t total_size_max =
+ ((min (PTRDIFF_MAX, SIZE_MAX) - 1) / x_long_size < LONG_MAX
+ ? min (PTRDIFF_MAX, SIZE_MAX) - 1
+ : LONG_MAX * x_long_size);
BLOCK_INPUT;
@@ -1292,49 +1317,44 @@
actual_size_ret,
&bytes_remaining, &tmp_data);
if (result != Success)
- {
- UNBLOCK_INPUT;
- *data_ret = 0;
- *bytes_ret = 0;
- return;
- }
+ goto done;
/* This was allocated by Xlib, so use XFree. */
XFree ((char *) tmp_data);
if (*actual_type_ret == None || *actual_format_ret == 0)
- {
- UNBLOCK_INPUT;
- return;
- }
+ goto done;
- total_size = bytes_remaining + 1;
- *data_ret = (unsigned char *) xmalloc (total_size);
+ if (total_size_max < bytes_remaining)
+ goto size_overflow;
+ total_size = bytes_remaining;
+ data = malloc (total_size + 1);
+ if (! data)
+ goto memory_exhausted;
/* Now read, until we've gotten it all. */
while (bytes_remaining)
{
-#ifdef TRACE_SELECTION
- unsigned long last = bytes_remaining;
-#endif
+ ptrdiff_t bytes_gotten;
+ int bytes_per_item;
result
= XGetWindowProperty (display, window, property,
- (long)offset/4, (long)buffer_size/4,
+ offset / X_LONG_SIZE,
+ buffer_size / X_LONG_SIZE,
False,
AnyPropertyType,
actual_type_ret, actual_format_ret,
actual_size_ret, &bytes_remaining, &tmp_data);
- TRACE2 ("Read %lu bytes from property %s",
- last - bytes_remaining,
- XGetAtomName (display, property));
-
/* If this doesn't return Success at this point, it means that
some clod deleted the selection while we were in the midst of
reading it. Deal with that, I guess.... */
if (result != Success)
break;
+ bytes_per_item = *actual_format_ret >> 3;
+ xassert (*actual_size_ret <= buffer_size / bytes_per_item);
+
/* The man page for XGetWindowProperty says:
"If the returned format is 32, the returned data is represented
as a long array and should be cast to that type to obtain the
@@ -1348,32 +1368,61 @@
The bytes and offsets passed to XGetWindowProperty refers to the
property and those are indeed in 32 bit quantities if format is 32.
*/
+ bytes_gotten = *actual_size_ret;
+ bytes_gotten *= bytes_per_item;
+
+ TRACE2 ("Read %"pD"d bytes from property %s",
+ bytes_gotten, XGetAtomName (display, property));
+
+ if (total_size - offset < bytes_gotten)
+ {
+ unsigned char *data1;
+ ptrdiff_t remaining_lim = total_size_max - offset - bytes_gotten;
+ if (remaining_lim < 0 || remaining_lim < bytes_remaining)
+ goto size_overflow;
+ total_size = offset + bytes_gotten + bytes_remaining;
+ data1 = realloc (data, total_size + 1);
+ if (! data1)
+ goto memory_exhausted;
+ data = data1;
+ }
+
if (32 < BITS_PER_LONG && *actual_format_ret == 32)
{
unsigned long i;
- int *idata = (int *) ((*data_ret) + offset);
+ int *idata = (int *) (data + offset);
long *ldata = (long *) tmp_data;
for (i = 0; i < *actual_size_ret; ++i)
- {
- idata[i]= (int) ldata[i];
- offset += 4;
- }
+ idata[i] = ldata[i];
}
else
- {
- *actual_size_ret *= *actual_format_ret / 8;
- memcpy ((*data_ret) + offset, tmp_data, *actual_size_ret);
- offset += *actual_size_ret;
- }
+ memcpy (data + offset, tmp_data, bytes_gotten);
+
+ offset += bytes_gotten;
/* This was allocated by Xlib, so use XFree. */
XFree ((char *) tmp_data);
}
XFlush (display);
+ data[offset] = '\0';
+
+ done:
UNBLOCK_INPUT;
+ *data_ret = data;
*bytes_ret = offset;
+ return;
+
+ size_overflow:
+ free (data);
+ UNBLOCK_INPUT;
+ memory_full (SIZE_MAX);
+
+ memory_exhausted:
+ free (data);
+ UNBLOCK_INPUT;
+ memory_full (total_size + 1);
}
�
/* Use xfree, not XFree, to free the data obtained with this function. */
@@ -1382,16 +1431,19 @@
receive_incremental_selection (Display *display, Window window, Atom property,
Lisp_Object target_type,
unsigned int min_size_bytes,
- unsigned char **data_ret, int *size_bytes_ret,
+ unsigned char **data_ret,
+ ptrdiff_t *size_bytes_ret,
Atom *type_ret, int *format_ret,
unsigned long *size_ret)
{
- int offset = 0;
+ ptrdiff_t offset = 0;
struct prop_location *wait_object;
+ if (min (PTRDIFF_MAX, SIZE_MAX) < min_size_bytes)
+ memory_full (SIZE_MAX);
+ *data_ret = (unsigned char *) xmalloc (min_size_bytes);
*size_bytes_ret = min_size_bytes;
- *data_ret = (unsigned char *) xmalloc (*size_bytes_ret);
- TRACE1 ("Read %d bytes incrementally", min_size_bytes);
+ TRACE1 ("Read %u bytes incrementally", min_size_bytes);
/* At this point, we have read an INCR property.
Delete the property to ack it.
@@ -1416,7 +1468,7 @@
while (1)
{
unsigned char *tmp_data;
- int tmp_size_bytes;
+ ptrdiff_t tmp_size_bytes;
TRACE0 (" Wait for property change");
wait_for_property_change (wait_object);
@@ -1429,7 +1481,7 @@
&tmp_data, &tmp_size_bytes,
type_ret, format_ret, size_ret, 1);
- TRACE1 (" Read increment of %d bytes", tmp_size_bytes);
+ TRACE1 (" Read increment of %"pD"d bytes", tmp_size_bytes);
if (tmp_size_bytes == 0) /* we're done */
{
@@ -1452,11 +1504,10 @@
XFlush (display);
UNBLOCK_INPUT;
- if (*size_bytes_ret < offset + tmp_size_bytes)
- {
- *size_bytes_ret = offset + tmp_size_bytes;
- *data_ret = (unsigned char *) xrealloc (*data_ret, *size_bytes_ret);
- }
+ if (*size_bytes_ret - offset < tmp_size_bytes)
+ *data_ret = xpalloc (*data_ret, size_bytes_ret,
+ tmp_size_bytes - (*size_bytes_ret - offset),
+ -1, 1);
memcpy ((*data_ret) + offset, tmp_data, tmp_size_bytes);
offset += tmp_size_bytes;
@@ -1482,7 +1533,7 @@
int actual_format;
unsigned long actual_size;
unsigned char *data = 0;
- int bytes = 0;
+ ptrdiff_t bytes = 0;
Lisp_Object val;
struct x_display_info *dpyinfo = x_display_info_for_display (display);
@@ -1574,7 +1625,7 @@
static Lisp_Object
selection_data_to_lisp_data (Display *display, const unsigned char *data,
- int size, Atom type, int format)
+ ptrdiff_t size, Atom type, int format)
{
struct x_display_info *dpyinfo = x_display_info_for_display (display);
@@ -1607,7 +1658,7 @@
/* Treat ATOM_PAIR type similar to list of atoms. */
|| type == dpyinfo->Xatom_ATOM_PAIR)
{
- int i;
+ ptrdiff_t i;
/* On a 64 bit machine sizeof(Atom) == sizeof(long) == 8.
But the callers of these function has made sure the data for
format == 32 is an array of int. Thus, use int instead
@@ -1634,28 +1685,29 @@
else if (format == 32 && size == sizeof (int))
return INTEGER_TO_CONS (((unsigned int *) data) [0]);
else if (format == 16 && size == sizeof (short))
- return make_number ((int) (((unsigned short *) data) [0]));
+ return make_number (((unsigned short *) data) [0]);
/* Convert any other kind of data to a vector of numbers, represented
as above (as an integer, or a cons of two 16 bit integers.)
*/
else if (format == 16)
{
- int i;
+ ptrdiff_t i;
Lisp_Object v;
v = Fmake_vector (make_number (size / 2), make_number (0));
for (i = 0; i < size / 2; i++)
{
- int j = (int) ((unsigned short *) data) [i];
+ EMACS_INT j = ((unsigned short *) data) [i];
Faset (v, make_number (i), make_number (j));
}
return v;
}
else
{
- int i;
- Lisp_Object v = Fmake_vector (make_number (size / 4), make_number (0));
- for (i = 0; i < size / 4; i++)
+ ptrdiff_t i;
+ Lisp_Object v = Fmake_vector (make_number (size / X_LONG_SIZE),
+ make_number (0));
+ for (i = 0; i < size / X_LONG_SIZE; i++)
{
unsigned int j = ((unsigned int *) data) [i];
Faset (v, make_number (i), INTEGER_TO_CONS (j));
@@ -1670,7 +1722,7 @@
static void
lisp_data_to_selection_data (Display *display, Lisp_Object obj,
unsigned char **data_ret, Atom *type_ret,
- unsigned int *size_ret,
+ ptrdiff_t *size_ret,
int *format_ret, int *nofree_ret)
{
Lisp_Object type = Qnil;
@@ -1707,22 +1759,20 @@
}
else if (SYMBOLP (obj))
{
- *format_ret = 32;
- *size_ret = 1;
*data_ret = (unsigned char *) xmalloc (sizeof (Atom) + 1);
+ *format_ret = 32;
+ *size_ret = 1;
(*data_ret) [sizeof (Atom)] = 0;
(*(Atom **) data_ret) [0] = symbol_to_x_atom (dpyinfo, obj);
if (NILP (type)) type = QATOM;
}
- else if (INTEGERP (obj)
- && XINT (obj) < 0xFFFF
- && XINT (obj) > -0xFFFF)
+ else if (RANGED_INTEGERP (X_SHRT_MIN, obj, X_SHRT_MAX))
{
+ *data_ret = (unsigned char *) xmalloc (sizeof (short) + 1);
*format_ret = 16;
*size_ret = 1;
- *data_ret = (unsigned char *) xmalloc (sizeof (short) + 1);
(*data_ret) [sizeof (short)] = 0;
- (*(short **) data_ret) [0] = (short) XINT (obj);
+ (*(short **) data_ret) [0] = XINT (obj);
if (NILP (type)) type = QINTEGER;
}
else if (INTEGERP (obj)
@@ -1731,11 +1781,11 @@
|| (CONSP (XCDR (obj))
&& INTEGERP (XCAR (XCDR (obj)))))))
{
- *format_ret = 32;
- *size_ret = 1;
*data_ret = (unsigned char *) xmalloc (sizeof (long) + 1);
+ *format_ret = 32;
+ *size_ret = 1;
(*data_ret) [sizeof (long)] = 0;
- (*(unsigned long **) data_ret) [0] = cons_to_unsigned (obj, ULONG_MAX);
+ (*(long **) data_ret) [0] = cons_to_signed (obj, X_LONG_MIN, X_LONG_MAX);
if (NILP (type)) type = QINTEGER;
}
else if (VECTORP (obj))
@@ -1744,50 +1794,55 @@
a set of 16 or 32 bit INTEGERs;
or a set of ATOM_PAIRs (represented as [[A1 A2] [A3 A4] ...]
*/
- int i;
+ ptrdiff_t i;
+ ptrdiff_t size = ASIZE (obj);
if (SYMBOLP (XVECTOR (obj)->contents [0]))
/* This vector is an ATOM set */
{
if (NILP (type)) type = QATOM;
- *size_ret = ASIZE (obj);
- *format_ret = 32;
- for (i = 0; i < *size_ret; i++)
+ for (i = 0; i < size; i++)
if (!SYMBOLP (XVECTOR (obj)->contents [i]))
signal_error ("All elements of selection vector must have same
type", obj);
- *data_ret = (unsigned char *) xmalloc ((*size_ret) * sizeof (Atom));
- for (i = 0; i < *size_ret; i++)
+ *data_ret = xnmalloc (size, sizeof (Atom));
+ *format_ret = 32;
+ *size_ret = size;
+ for (i = 0; i < size; i++)
(*(Atom **) data_ret) [i]
= symbol_to_x_atom (dpyinfo, XVECTOR (obj)->contents [i]);
}
else
/* This vector is an INTEGER set, or something like it */
{
- int data_size = 2;
- *size_ret = ASIZE (obj);
+ int format = 16;
+ int data_size = sizeof (short);
if (NILP (type)) type = QINTEGER;
- *format_ret = 16;
- for (i = 0; i < *size_ret; i++)
- if (CONSP (XVECTOR (obj)->contents [i]))
- *format_ret = 32;
- else if (!INTEGERP (XVECTOR (obj)->contents [i]))
- signal_error (/* Qselection_error */
- "Elements of selection vector must be integers or conses of integers",
- obj);
-
- /* Use sizeof(long) even if it is more than 32 bits. See comment
- in x_get_window_property and x_fill_property_data. */
-
- if (*format_ret == 32) data_size = sizeof(long);
- *data_ret = (unsigned char *) xmalloc (*size_ret * data_size);
- for (i = 0; i < *size_ret; i++)
- if (*format_ret == 32)
- (*((unsigned long **) data_ret)) [i] =
- cons_to_unsigned (XVECTOR (obj)->contents [i], ULONG_MAX);
- else
- (*((unsigned short **) data_ret)) [i] =
- cons_to_unsigned (XVECTOR (obj)->contents [i], USHRT_MAX);
+ for (i = 0; i < size; i++)
+ {
+ intmax_t v = cons_to_signed (XVECTOR (obj)->contents[i],
+ X_LONG_MIN, X_LONG_MAX);
+ if (X_SHRT_MIN <= v && v <= X_SHRT_MAX)
+ {
+ /* Use sizeof (long) even if it is more than 32 bits.
+ See comment in x_get_window_property and
+ x_fill_property_data. */
+ data_size = sizeof (long);
+ format = 32;
+ }
+ }
+ *data_ret = xnmalloc (size, data_size);
+ *format_ret = format;
+ *size_ret = size;
+ for (i = 0; i < size; i++)
+ {
+ long v = cons_to_signed (XVECTOR (obj)->contents[i],
+ X_LONG_MIN, X_LONG_MAX);
+ if (format == 32)
+ (*((long **) data_ret)) [i] = v;
+ else
+ (*((short **) data_ret)) [i] = v;
+ }
}
}
else
@@ -1817,8 +1872,8 @@
}
if (VECTORP (obj))
{
- int i;
- int size = ASIZE (obj);
+ ptrdiff_t i;
+ ptrdiff_t size = ASIZE (obj);
Lisp_Object copy;
if (size == 1)
return clean_local_selection_data (XVECTOR (obj)->contents [0]);
@@ -2213,6 +2268,8 @@
else if (CONSP (o) &&
(! NUMBERP (XCAR (o)) || ! NUMBERP (XCDR (o))))
return -1;
+ if (size == INT_MAX)
+ return -1;
size++;
}
@@ -2294,8 +2351,11 @@
x_property_data_to_lisp (struct frame *f, const unsigned char *data,
Atom type, int format, long unsigned int size)
{
+ ptrdiff_t format_bytes = format >> 3;
+ if (PTRDIFF_MAX / format_bytes < size)
+ memory_full (SIZE_MAX);
return selection_data_to_lisp_data (FRAME_X_DISPLAY (f),
- data, size*format/8, type, format);
+ data, size * format_bytes, type, format);
}
/* Get the mouse position in frame relative coordinates. */
@@ -2401,15 +2461,9 @@
return Qnil;
if (dpyinfo->x_dnd_atoms_length == dpyinfo->x_dnd_atoms_size)
- {
- if (min (PTRDIFF_MAX, SIZE_MAX) / sizeof *dpyinfo->x_dnd_atoms / 2
- < dpyinfo->x_dnd_atoms_size)
- memory_full (SIZE_MAX);
- dpyinfo->x_dnd_atoms_size *= 2;
- dpyinfo->x_dnd_atoms = xrealloc (dpyinfo->x_dnd_atoms,
- sizeof (*dpyinfo->x_dnd_atoms)
- * dpyinfo->x_dnd_atoms_size);
- }
+ dpyinfo->x_dnd_atoms =
+ xpalloc (dpyinfo->x_dnd_atoms, &dpyinfo->x_dnd_atoms_size,
+ 1, -1, sizeof *dpyinfo->x_dnd_atoms);
dpyinfo->x_dnd_atoms[dpyinfo->x_dnd_atoms_length++] = x_atom;
return Qnil;
@@ -2444,7 +2498,7 @@
if (32 < BITS_PER_LONG && event->format == 32)
{
for (i = 0; i < 5; ++i) /* There are only 5 longs in a ClientMessage. */
- idata[i] = (int) event->data.l[i];
+ idata[i] = event->data.l[i];
data = (unsigned char *) idata;
}
=== modified file 'src/xsmfns.c'
--- a/src/xsmfns.c 2011-06-21 20:32:19 +0000
+++ b/src/xsmfns.c 2011-08-05 02:15:35 +0000
@@ -223,9 +223,11 @@
props[props_idx]->name = xstrdup (SmRestartCommand);
props[props_idx]->type = xstrdup (SmLISTofARRAY8);
/* /path/to/emacs, --smid=xxx --no-splash --chdir=dir ... */
+ if (INT_MAX - 3 < initial_argc)
+ memory_full (SIZE_MAX);
i = 3 + initial_argc;
props[props_idx]->num_vals = i;
- vp = (SmPropValue *) xmalloc (i * sizeof(*vp));
+ vp = xnmalloc (i, sizeof *vp);
props[props_idx]->vals = vp;
props[props_idx]->vals[vp_idx].length = strlen (emacs_program);
props[props_idx]->vals[vp_idx++].value = emacs_program;
=== modified file 'src/xterm.c'
--- a/src/xterm.c 2011-08-04 11:06:22 +0000
+++ b/src/xterm.c 2011-08-05 02:19:34 +0000
@@ -1659,19 +1659,18 @@
if (dpyinfo->color_cells == NULL)
{
Screen *screen = dpyinfo->screen;
+ int ncolor_cells = XDisplayCells (dpy, XScreenNumberOfScreen (screen));
int i;
- dpyinfo->ncolor_cells
- = XDisplayCells (dpy, XScreenNumberOfScreen (screen));
- dpyinfo->color_cells
- = (XColor *) xmalloc (dpyinfo->ncolor_cells
- * sizeof *dpyinfo->color_cells);
+ dpyinfo->color_cells = xnmalloc (ncolor_cells,
+ sizeof *dpyinfo->color_cells);
+ dpyinfo->ncolor_cells = ncolor_cells;
- for (i = 0; i < dpyinfo->ncolor_cells; ++i)
+ for (i = 0; i < ncolor_cells; ++i)
dpyinfo->color_cells[i].pixel = i;
XQueryColors (dpy, dpyinfo->cmap,
- dpyinfo->color_cells, dpyinfo->ncolor_cells);
+ dpyinfo->color_cells, ncolor_cells);
}
*ncells = dpyinfo->ncolor_cells;
@@ -4224,7 +4223,7 @@
x_send_scroll_bar_event and x_scroll_bar_to_input_event. */
static struct window **scroll_bar_windows;
-static size_t scroll_bar_windows_size;
+static ptrdiff_t scroll_bar_windows_size;
/* Send a client message with message type Xatom_Scrollbar for a
@@ -4239,7 +4238,7 @@
XClientMessageEvent *ev = (XClientMessageEvent *) &event;
struct window *w = XWINDOW (window);
struct frame *f = XFRAME (w->frame);
- size_t i;
+ ptrdiff_t i;
BLOCK_INPUT;
@@ -4260,16 +4259,15 @@
if (i == scroll_bar_windows_size)
{
- size_t new_size = max (10, 2 * scroll_bar_windows_size);
- size_t nbytes = new_size * sizeof *scroll_bar_windows;
- size_t old_nbytes = scroll_bar_windows_size * sizeof *scroll_bar_windows;
-
- if ((size_t) -1 / sizeof *scroll_bar_windows < new_size)
- memory_full (SIZE_MAX);
- scroll_bar_windows = (struct window **) xrealloc (scroll_bar_windows,
- nbytes);
+ ptrdiff_t old_nbytes =
+ scroll_bar_windows_size * sizeof *scroll_bar_windows;
+ ptrdiff_t nbytes;
+ enum { XClientMessageEvent_MAX = 0x7fffffff };
+ scroll_bar_windows =
+ xpalloc (scroll_bar_windows, &scroll_bar_windows_size, 1,
+ XClientMessageEvent_MAX, sizeof *scroll_bar_windows);
+ nbytes = scroll_bar_windows_size * sizeof *scroll_bar_windows;
memset (&scroll_bar_windows[i], 0, nbytes - old_nbytes);
- scroll_bar_windows_size = new_size;
}
scroll_bar_windows[i] = w;
@@ -5847,11 +5845,12 @@
} inev;
int count = 0;
int do_help = 0;
- int nbytes = 0;
+ ptrdiff_t nbytes = 0;
struct frame *f = NULL;
struct coding_system coding;
XEvent event = *eventptr;
Mouse_HLInfo *hlinfo = &dpyinfo->mouse_highlight;
+ USE_SAFE_ALLOCA;
*finish = X_EVENT_NORMAL;
@@ -6547,7 +6546,7 @@
}
{ /* Raw bytes, not keysym. */
- register int i;
+ ptrdiff_t i;
int nchars, len;
for (i = 0, nchars = 0; i < nbytes; i++)
@@ -6560,7 +6559,6 @@
if (nchars < nbytes)
{
/* Decode the input data. */
- int require;
/* The input should be decoded with `coding_system'
which depends on which X*LookupString function
@@ -6573,9 +6571,9 @@
gives us composition information. */
coding.common_flags &= ~CODING_ANNOTATION_MASK;
- require = MAX_MULTIBYTE_LENGTH * nbytes;
- coding.destination = alloca (require);
- coding.dst_bytes = require;
+ SAFE_NALLOCA (coding.destination, MAX_MULTIBYTE_LENGTH,
+ nbytes);
+ coding.dst_bytes = MAX_MULTIBYTE_LENGTH * nbytes;
coding.mode |= CODING_MODE_LAST_BLOCK;
decode_coding_c_string (&coding, copy_bufptr, nbytes, Qnil);
nbytes = coding.produced;
@@ -7034,6 +7032,7 @@
count++;
}
+ SAFE_FREE ();
*eventptr = event;
return count;
}
@@ -9858,6 +9857,7 @@
struct x_display_info *dpyinfo;
XrmDatabase xrdb;
Mouse_HLInfo *hlinfo;
+ ptrdiff_t lim;
BLOCK_INPUT;
@@ -10076,12 +10076,15 @@
XSetAfterFunction (x_current_display, x_trace_wire);
#endif /* ! 0 */
+ lim = min (PTRDIFF_MAX, SIZE_MAX) - sizeof "@";
+ if (lim - SBYTES (Vinvocation_name) < SBYTES (Vsystem_name))
+ memory_full (SIZE_MAX);
dpyinfo->x_id_name
= (char *) xmalloc (SBYTES (Vinvocation_name)
+ SBYTES (Vsystem_name)
+ 2);
- sprintf (dpyinfo->x_id_name, "address@hidden",
- SSDATA (Vinvocation_name), SSDATA (Vsystem_name));
+ strcat (strcat (strcpy (dpyinfo->x_id_name, SSDATA (Vinvocation_name)), "@"),
+ SSDATA (Vsystem_name));
/* Figure out which modifier bits mean what. */
x_find_modifier_meanings (dpyinfo);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] /srv/bzr/emacs/trunk r105581: Integer and memory overflow issues (Bug#9196).,
Paul Eggert <=