Commit 41cf7d1a authored by Paul Eggert's avatar Paul Eggert
Browse files

Fix more problems found by GCC 4.6.0's static checks.

parents 1e3cdd82 b69769da
2011-04-06 Paul Eggert <eggert@cs.ucla.edu>
Fix more problems found by GCC 4.6.0's static checks.
* configure.in (ATTRIBUTE_FORMAT, ATTRIBUTE_FORMAT_PRINTF): New macros.
Replace 2 copies of readlink code with 1 gnulib version (Bug#8401).
* Makefile.in (GNULIB_MODULES): Add careadlinkat.
* lib/allocator.h, lib/careadlinkat.c, lib/careadlinkat.h:
* m4/ssize_t.m4: New files, automatically generated from gnulib.
2011-04-06 Glenn Morris <rgm@gnu.org>
* autogen/update_autogen: Handle loaddefs-like files as well.
......
......@@ -331,7 +331,7 @@ DOS_gnulib_comp.m4 = gl-comp.m4
# $(gnulib_srcdir) (relative to $(srcdir) and should have build tools
# as per $(gnulib_srcdir)/DEPENDENCIES.
GNULIB_MODULES = \
crypto/md5 dtoastr filemode getloadavg getopt-gnu \
careadlinkat crypto/md5 dtoastr filemode getloadavg getopt-gnu \
ignore-value intprops lstat mktime readlink \
socklen stdio strftime symlink sys_stat
GNULIB_TOOL_FLAGS = \
......
......@@ -3581,6 +3581,20 @@ typedef unsigned size_t;
#define EXTERNALLY_VISIBLE
#endif
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
# define ATTRIBUTE_FORMAT(spec) __attribute__ ((__format__ spec))
#else
# define ATTRIBUTE_FORMAT(spec) /* empty */
#endif
#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4)
# define ATTRIBUTE_FORMAT_PRINTF(formatstring_parameter, first_argument) \
ATTRIBUTE_FORMAT ((__gnu_printf__, formatstring_parameter, first_argument))
#else
# define ATTRIBUTE_FORMAT_PRINTF(formatstring_parameter, first_argument) \
ATTRIBUTE_FORMAT ((__printf__, formatstring_parameter, first_argument))
#endif
/* Some versions of GNU/Linux define noinline in their headers. */
#ifdef noinline
#undef noinline
......
2011-04-06 Paul Eggert <eggert@cs.ucla.edu>
Fix more problems found by GCC 4.6.0's static checks.
* emacsclient.c (message): Mark it as a printf-like function.
* make-docfile.c (IF_LINT): New macro, copied from emacsclient.c.
(write_c_args): Use it to suppress GCC warning.
2011-03-30 Paul Eggert <eggert@cs.ucla.edu>
Fix a problem found by GCC 4.6.0's static checks.
......
......@@ -487,6 +487,7 @@ ttyname (int fd)
/* Display a normal or error message.
On Windows, use a message box if compiled as a Windows app. */
static void message (int, const char *, ...) ATTRIBUTE_FORMAT_PRINTF (2, 3);
static void
message (int is_error, const char *format, ...)
{
......
......@@ -66,6 +66,13 @@ along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */
#define IS_DIRECTORY_SEP(_c_) ((_c_) == DIRECTORY_SEP)
#endif
/* Use this to suppress gcc's `...may be used before initialized' warnings. */
#ifdef lint
# define IF_LINT(Code) Code
#else
# define IF_LINT(Code) /* empty */
#endif
static int scan_file (char *filename);
static int scan_lisp_file (const char *filename, const char *mode);
static int scan_c_file (char *filename, const char *mode);
......@@ -481,7 +488,7 @@ write_c_args (FILE *out, char *func, char *buf, int minargs, int maxargs)
{
register char *p;
int in_ident = 0;
char *ident_start;
char *ident_start IF_LINT (= NULL);
size_t ident_length = 0;
fprintf (out, "(fn");
......
/* Memory allocators such as malloc+free.
Copyright (C) 2011 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* Written by Paul Eggert. */
#ifndef _GL_ALLOCATOR_H
#include <stddef.h>
/* An object describing a memory allocator family. */
struct allocator
{
/* Do not use GCC attributes such as __attribute__ ((malloc)) with
the function types pointed at by these members, because these
attributes do not work with pointers to functions. See
<http://lists.gnu.org/archive/html/bug-gnulib/2011-04/msg00007.html>. */
/* Call MALLOC to allocate memory, like 'malloc'. On failure MALLOC
should return NULL, though not necessarily set errno. When given
a zero size it may return NULL even if successful. */
void *(*malloc) (size_t);
/* If nonnull, call REALLOC to reallocate memory, like 'realloc'.
On failure REALLOC should return NULL, though not necessarily set
errno. When given a zero size it may return NULL even if
successful. */
void *(*realloc) (void *, size_t);
/* Call FREE to free memory, like 'free'. */
void (*free) (void *);
/* If nonnull, call DIE if MALLOC or REALLOC fails. DIE should not
return. DIE can be used by code that detects memory overflow
while calculating sizes to be passed to MALLOC or REALLOC. */
void (*die) (void);
};
#endif
/* Read symbolic links into a buffer without size limitation, relative to fd.
Copyright (C) 2001, 2003-2004, 2007, 2009-2011 Free Software Foundation,
Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* Written by Paul Eggert, Bruno Haible, and Jim Meyering. */
#include <config.h>
#include "careadlinkat.h"
#include "allocator.h"
#include <errno.h>
#include <limits.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
/* Use the system functions, not the gnulib overrides, because this
module does not depend on GNU or POSIX semantics. */
#undef malloc
#undef realloc
/* Define this independently so that stdint.h is not a prerequisite. */
#ifndef SIZE_MAX
# define SIZE_MAX ((size_t) -1)
#endif
#ifndef SSIZE_MAX
# define SSIZE_MAX ((ssize_t) (SIZE_MAX / 2))
#endif
#if ! HAVE_READLINKAT
/* Ignore FD. Get the symbolic link value of FILENAME and put it into
BUFFER, with size BUFFER_SIZE. This function acts like readlink
but has readlinkat's signature. */
ssize_t
careadlinkatcwd (int fd, char const *filename, char *buffer,
size_t buffer_size)
{
(void) fd;
return readlink (filename, buffer, buffer_size);
}
#endif
/* A standard allocator. For now, only careadlinkat needs this, but
perhaps it should be moved to the allocator module. */
static struct allocator const standard_allocator =
{ malloc, realloc, free, NULL };
/* Assuming the current directory is FD, get the symbolic link value
of FILENAME as a null-terminated string and put it into a buffer.
If FD is AT_FDCWD, FILENAME is interpreted relative to the current
working directory, as in openat.
If the link is small enough to fit into BUFFER put it there.
BUFFER's size is BUFFER_SIZE, and BUFFER can be null
if BUFFER_SIZE is zero.
If the link is not small, put it into a dynamically allocated
buffer managed by ALLOC. It is the caller's responsibility to free
the returned value if it is nonnull and is not BUFFER. A null
ALLOC stands for the standard allocator.
The PREADLINKAT function specifies how to read links.
If successful, return the buffer address; otherwise return NULL and
set errno. */
char *
careadlinkat (int fd, char const *filename,
char *buffer, size_t buffer_size,
struct allocator const *alloc,
ssize_t (*preadlinkat) (int, char const *, char *, size_t))
{
char *buf;
size_t buf_size;
size_t buf_size_max =
SSIZE_MAX < SIZE_MAX ? (size_t) SSIZE_MAX + 1 : SIZE_MAX;
char stack_buf[1024];
if (! alloc)
alloc = &standard_allocator;
if (! buffer_size)
{
/* Allocate the initial buffer on the stack. This way, in the
common case of a symlink of small size, we get away with a
single small malloc() instead of a big malloc() followed by a
shrinking realloc(). */
buffer = stack_buf;
buffer_size = sizeof stack_buf;
}
buf = buffer;
buf_size = buffer_size;
do
{
/* Attempt to read the link into the current buffer. */
ssize_t link_length = preadlinkat (fd, filename, buf, buf_size);
size_t link_size;
if (link_length < 0)
{
/* On AIX 5L v5.3 and HP-UX 11i v2 04/09, readlink returns -1
with errno == ERANGE if the buffer is too small. */
int readlinkat_errno = errno;
if (readlinkat_errno != ERANGE)
{
if (buf != buffer)
{
alloc->free (buf);
errno = readlinkat_errno;
}
return NULL;
}
}
link_size = link_length;
if (link_size < buf_size)
{
buf[link_size++] = '\0';
if (buf == stack_buf)
{
char *b = (char *) alloc->malloc (link_size);
if (! b)
break;
memcpy (b, buf, link_size);
buf = b;
}
else if (link_size < buf_size && buf != buffer && alloc->realloc)
{
/* Shrink BUF before returning it. */
char *b = (char *) alloc->realloc (buf, link_size);
if (b)
buf = b;
}
return buf;
}
if (buf != buffer)
alloc->free (buf);
if (buf_size <= buf_size_max / 2)
buf_size *= 2;
else if (buf_size < buf_size_max)
buf_size = buf_size_max;
else
break;
buf = (char *) alloc->malloc (buf_size);
}
while (buf);
if (alloc->die)
alloc->die ();
errno = ENOMEM;
return NULL;
}
/* Read symbolic links into a buffer without size limitation, relative to fd.
Copyright (C) 2011 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* Written by Paul Eggert, Bruno Haible, and Jim Meyering. */
#ifndef _GL_CAREADLINKAT_H
#include <fcntl.h>
#include <unistd.h>
struct allocator;
/* Assuming the current directory is FD, get the symbolic link value
of FILENAME as a null-terminated string and put it into a buffer.
If FD is AT_FDCWD, FILENAME is interpreted relative to the current
working directory, as in openat.
If the link is small enough to fit into BUFFER put it there.
BUFFER's size is BUFFER_SIZE, and BUFFER can be null
if BUFFER_SIZE is zero.
If the link is not small, put it into a dynamically allocated
buffer managed by ALLOC. It is the caller's responsibility to free
the returned value if it is nonnull and is not BUFFER.
The PREADLINKAT function specifies how to read links.
If successful, return the buffer address; otherwise return NULL and
set errno. */
char *careadlinkat (int fd, char const *filename,
char *buffer, size_t buffer_size,
struct allocator const *alloc,
ssize_t (*preadlinkat) (int, char const *,
char *, size_t));
/* Suitable values for careadlinkat's FD and PREADLINKAT arguments,
when doing a plain readlink. */
#if HAVE_READLINKAT
# define careadlinkatcwd readlinkat
#else
/* Define AT_FDCWD independently, so that the careadlinkat module does
not depend on the fcntl-h module. The value does not matter, since
careadlinkatcwd ignores it, but we might as well use the same value
as fcntl-h. */
# ifndef AT_FDCWD
# define AT_FDCWD (-3041965)
# endif
ssize_t careadlinkatcwd (int fd, char const *filename,
char *buffer, size_t buffer_size);
#endif
#endif /* _GL_CAREADLINKAT_H */
......@@ -9,7 +9,7 @@
# the same distribution terms as the rest of that program.
#
# Generated by gnulib-tool.
# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=lib --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=. --makefile-name=gnulib.mk --no-libtool --macro-prefix=gl --no-vc-files crypto/md5 dtoastr filemode getloadavg getopt-gnu ignore-value intprops lstat mktime readlink socklen stdio strftime symlink sys_stat
# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=lib --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=. --makefile-name=gnulib.mk --no-libtool --macro-prefix=gl --no-vc-files careadlinkat crypto/md5 dtoastr filemode getloadavg getopt-gnu ignore-value intprops lstat mktime readlink socklen stdio strftime symlink sys_stat
MOSTLYCLEANFILES += core *.stackdump
......@@ -69,6 +69,14 @@ EXTRA_DIST += $(top_srcdir)/./c++defs.h
## end gnulib module c++defs
## begin gnulib module careadlinkat
libgnu_a_SOURCES += careadlinkat.c
EXTRA_DIST += allocator.h careadlinkat.h
## end gnulib module careadlinkat
## begin gnulib module crypto/md5
......
......@@ -28,6 +28,7 @@ AC_DEFUN([gl_EARLY],
AC_REQUIRE([AC_PROG_RANLIB])
# Code from module arg-nonnull:
# Code from module c++defs:
# Code from module careadlinkat:
# Code from module crypto/md5:
# Code from module dosname:
# Code from module dtoastr:
......@@ -46,6 +47,7 @@ AC_DEFUN([gl_EARLY],
# Code from module multiarch:
# Code from module readlink:
# Code from module socklen:
# Code from module ssize_t:
# Code from module stat:
# Code from module stdbool:
# Code from module stddef:
......@@ -79,6 +81,8 @@ AC_DEFUN([gl_INIT],
gl_source_base='lib'
# Code from module arg-nonnull:
# Code from module c++defs:
# Code from module careadlinkat:
AC_CHECK_FUNCS_ONCE([readlinkat])
# Code from module crypto/md5:
gl_MD5
# Code from module dosname:
......@@ -115,6 +119,8 @@ AC_DEFUN([gl_INIT],
gl_UNISTD_MODULE_INDICATOR([readlink])
# Code from module socklen:
gl_TYPE_SOCKLEN_T
# Code from module ssize_t:
gt_TYPE_SSIZE_T
# Code from module stat:
gl_FUNC_STAT
gl_SYS_STAT_MODULE_INDICATOR([stat])
......@@ -287,6 +293,9 @@ AC_DEFUN([gl_FILE_LIST], [
build-aux/arg-nonnull.h
build-aux/c++defs.h
build-aux/warn-on-use.h
lib/allocator.h
lib/careadlinkat.c
lib/careadlinkat.h
lib/dosname.h
lib/dtoastr.c
lib/filemode.c
......@@ -335,6 +344,7 @@ AC_DEFUN([gl_FILE_LIST], [
m4/multiarch.m4
m4/readlink.m4
m4/socklen.m4
m4/ssize_t.m4
m4/st_dm_mode.m4
m4/stat.m4
m4/stdbool.m4
......
# ssize_t.m4 serial 5 (gettext-0.18.2)
dnl Copyright (C) 2001-2003, 2006, 2010-2011 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl From Bruno Haible.
dnl Test whether ssize_t is defined.
AC_DEFUN([gt_TYPE_SSIZE_T],
[
AC_CACHE_CHECK([for ssize_t], [gt_cv_ssize_t],
[AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <sys/types.h>]],
[[int x = sizeof (ssize_t *) + sizeof (ssize_t);
return !x;]])],
[gt_cv_ssize_t=yes], [gt_cv_ssize_t=no])])
if test $gt_cv_ssize_t = no; then
AC_DEFINE([ssize_t], [int],
[Define as a signed type of the same size as size_t.])
fi
])
2011-04-06 Paul Eggert <eggert@cs.ucla.edu>
Fix more problems found by GCC 4.6.0's static checks.
* xmenu.c (Fx_popup_dialog): Don't assume string is free of formats.
* menu.c (Fx_popup_menu): Don't assume error_name lacks printf formats.
* lisp.h (message, message_nolog, fatal): Mark as printf-like.
* xdisp.c (vmessage): Mark as a printf-like function.
* term.c (vfatal, maybe_fatal): Mark as printf-like functions.
* sound.c (sound_warning): Don't crash if arg contains a printf format.
* image.c (tiff_error_handler, tiff_warning_handler): Mark as
printf-like functions.
(tiff_load): Add casts to remove these marks before passing them
to system-supplied API.
* eval.c (Fsignal): Remove excess argument to 'fatal'.
* coding.c (EMIT_ONE_BYTE, EMIT_TWO_BYTES): Use unsigned, not int.
This avoids several warnings with gcc -Wstrict-overflow.
(DECODE_COMPOSITION_RULE): If the rule is invalid, goto invalid_code
directly, rather than having caller test rule sign. This avoids
some unnecessary tests.
* composite.h (COMPOSITION_ENCODE_RULE_VALID): New macro.
(COMPOSITION_ENCODE_RULE): Arguments now must be valid. This
affects only one use, in DECODE_COMPOSITION_RULE, which is changed.
* xfont.c (xfont_text_extents): Remove var that was set but not used.
(xfont_open): Avoid unnecessary tests.
* composite.c (composition_gstring_put_cache): Use unsigned integer.
* composite.h, composite.c (composition_gstring_put_cache):
Use EMACS_INT, not int, for length.
* composite.h (COMPOSITION_DECODE_REFS): New macro,
breaking out part of COMPOSITION_DECODE_RULE.
(COMPOSITION_DECODE_RULE): Use it.
* composite.c (get_composition_id): Remove unused local vars,
by using the new macro.
* textprop.c (set_text_properties_1): Change while to do-while,
since the condition is always true at first.
* intervals.c (graft_intervals_into_buffer): Mark var as used.
(interval_deletion_adjustment): Return unsigned value.
All uses changed.
* process.c (list_processes_1, create_pty, read_process_output):
(exec_sentinel): Remove vars that were set but not used.
(create_pty): Remove unnecessary "volatile"s.
(Fnetwork_interface_info): Avoid possibility of int overflow.
(read_process_output): Do adaptive read buffering even if carryover.
(read_process_output): Simplify nbytes computation if buffered.
* bytecode.c (exec_byte_code): Rename local to avoid shadowing.
* syntax.c (scan_words): Remove var that was set but not used.
(update_syntax_table): Use unsigned instead of int.
* lread.c (lisp_file_lexically_bound_p): Use ints rather than endptrs.
(lisp_file_lexically_bound_p, read1): Use unsigned instead of int.
(safe_to_load_p): Make the end-of-loop test the inverse of the in-loop.
* print.c (print_error_message): Avoid int overflow.
* font.c (font_list_entities): Redo for clarity,
so that reader need not know FONT_DPI_INDEX + 1 == FONT_SPACING_INDEX.
* font.c (font_find_for_lface, Ffont_get_glyphs): Remove unused vars.
(font_score): Avoid potential overflow in diff calculation.
* fns.c (substring_both): Remove var that is set but not used.
(sxhash): Redo loop for clarity and to avoid wraparound warning.
* eval.c (funcall_lambda): Rename local to avoid shadowing.
* alloc.c (mark_object_loop_halt, mark_object): Use size_t, not int.
Otherwise, GCC 4.6.0 optimizes the loop check away since the check
can always succeed if overflow has undefined behavior.
* search.c (boyer_moore, wordify): Remove vars set but not used.
(wordify): Omit three unnecessary tests.
* indent.c (MULTIBYTE_BYTES_WIDTH): Don't compute wide_column.
All callers changed. This avoids the need for an unused var.
* casefiddle.c (casify_region): Remove var that is set but not used.
* dired.c (file_name_completion): Remove var that is set but not used.
* fileio.c (Finsert_file_contents): Make EOF condition clearer.
* fileio.c (Finsert_file_contents): Avoid signed integer overflow.
(Finsert_file_contents): Remove unnecessary code checking fd.
* minibuf.c (read_minibuf_noninteractive): Use size_t for sizes.
Check for integer overflow on size calculations.
* buffer.c (Fprevious_overlay_change): Remove var that is set
but not used.
* keyboard.c (menu_bar_items, read_char_minibuf_menu_prompt):
Remove vars that are set but not used.
(timer_check_2): Don't assume timer-list and idle-timer-list are lists.
(timer_check_2): Mark vars as initialized.
* gtkutil.c (xg_get_file_with_chooser): Mark var as initialized.
* image.c (lookup_image): Remove var that is set but not used.
(xbm_load): Use parse_p, for gcc -Werror=unused-but-set-variable.
* fontset.c (Finternal_char_font, Ffontset_info): Remove vars
that are set but not used.
* xfns.c (make_invisible_cursor): Don't return garbage
if XCreateBitmapFromData fails (Bug#8410).
* xselect.c (x_get_local_selection, x_handle_property_notify):
Remove vars that are set but not used.
* xfns.c (x_create_tip_frame): Remove var that is set but not used.
(make_invisible_cursor): Initialize a possibly-uninitialized variable.
* xterm.c (x_scroll_bar_to_input_event) [!USE_GTK]:
Remove var that is set but not used.
(scroll_bar_windows_size): Now size_t, not int.
(x_send_scroll_bar_event): Use size_t, not int, for sizes.
Check for overflow.
* xfaces.c (realize_named_face): Remove vars that are set but not used.
(map_tty_color) [!defined MSDOS]: Likewise.
* term.c (tty_write_glyphs): Use size_t; this avoids overflow warning.
* coding.c: Remove vars that are set but not used.
(DECODE_COMPOSITION_RULE): Remove 2nd arg, which is unused.
All callers changed.
(decode_coding_utf_8, decode_coding_utf_16 decode_coding_emacs_mule):
(decode_coding_iso_2022, encode_coding_sjis, encode_coding_big5):
(decode_coding_charset): Remove vars that are set but not used.
* bytecode.c (Fbyte_code) [!defined BYTE_CODE_SAFE]: Remove var
that is set but not used.
* print.c (print_object): Remove var that is set but not used.
Replace 2 copies of readlink code with 1 gnulib version (Bug#8401).
The gnulib version avoids calling malloc in the usual case,
and on 64-bit hosts doesn't have some arbitrary 32-bit limits.
* fileio.c (Ffile_symlink_p): Use emacs_readlink.
* filelock.c (current_lock_owner): Likewise.
* lisp.h (READLINK_BUFSIZE, emacs_readlink): New function.
* sysdep.c: Include allocator.h, careadlinkat.h.