Commit 71f02bc5 authored by Paul Eggert's avatar Paul Eggert

* window.c: Integer overflow fixes.

(window_scroll_line_based, Frecenter):
Check that an Emacs fixnum is in range before assigning it to 'int'.
(Frecenter, Fmove_to_window_line): Use EMACS_INT, not int, for
values converted from Emacs fixnums.
(Frecenter): Don't wrap around a line count if it is out of 'int'
range; instead, treat it as an extreme value.
(Fset_window_configuration, compare_window_configurations):
Use ptrdiff_t, not int, for index that might exceed 2 GiB.
parent a0efffc8
2011-09-04 Paul Eggert <eggert@cs.ucla.edu> 2011-09-04 Paul Eggert <eggert@cs.ucla.edu>
* window.c: Integer overflow fixes.
(window_scroll_line_based, Frecenter):
Check that an Emacs fixnum is in range before assigning it to 'int'.
(Frecenter, Fmove_to_window_line): Use EMACS_INT, not int, for
values converted from Emacs fixnums.
(Frecenter): Don't wrap around a line count if it is out of 'int'
range; instead, treat it as an extreme value.
(Fset_window_configuration, compare_window_configurations):
Use ptrdiff_t, not int, for index that might exceed 2 GiB.
* search.c: Integer overflow fixes * search.c: Integer overflow fixes
(Freplace_match): Use ptrdiff_t, not int, for indexes that can (Freplace_match): Use ptrdiff_t, not int, for indexes that can
exceed INT_MAX. Check that EMACS_INT value is in range before exceed INT_MAX. Check that EMACS_INT value is in range before
......
...@@ -4662,14 +4662,9 @@ window_scroll_line_based (Lisp_Object window, int n, int whole, int noerror) ...@@ -4662,14 +4662,9 @@ window_scroll_line_based (Lisp_Object window, int n, int whole, int noerror)
if (pos < ZV) if (pos < ZV)
{ {
int this_scroll_margin = scroll_margin;
/* Don't use a scroll margin that is negative or too large. */ /* Don't use a scroll margin that is negative or too large. */
if (this_scroll_margin < 0) int this_scroll_margin =
this_scroll_margin = 0; max (0, min (scroll_margin, XINT (w->total_lines) / 4));
if (XINT (w->total_lines) < 4 * scroll_margin)
this_scroll_margin = XINT (w->total_lines) / 4;
set_marker_restricted_both (w->start, w->buffer, pos, pos_byte); set_marker_restricted_both (w->start, w->buffer, pos, pos_byte);
w->start_at_line_beg = bolp; w->start_at_line_beg = bolp;
...@@ -5057,7 +5052,7 @@ and redisplay normally--don't erase and redraw the frame. */) ...@@ -5057,7 +5052,7 @@ and redisplay normally--don't erase and redraw the frame. */)
struct buffer *obuf = current_buffer; struct buffer *obuf = current_buffer;
int center_p = 0; int center_p = 0;
EMACS_INT charpos, bytepos; EMACS_INT charpos, bytepos;
int iarg IF_LINT (= 0); EMACS_INT iarg IF_LINT (= 0);
int this_scroll_margin; int this_scroll_margin;
/* If redisplay is suppressed due to an error, try again. */ /* If redisplay is suppressed due to an error, try again. */
...@@ -5096,9 +5091,8 @@ and redisplay normally--don't erase and redraw the frame. */) ...@@ -5096,9 +5091,8 @@ and redisplay normally--don't erase and redraw the frame. */)
/* Do this after making BUF current /* Do this after making BUF current
in case scroll_margin is buffer-local. */ in case scroll_margin is buffer-local. */
this_scroll_margin = max (0, scroll_margin); this_scroll_margin =
this_scroll_margin = min (this_scroll_margin, max (0, min (scroll_margin, XFASTINT (w->total_lines) / 4));
XFASTINT (w->total_lines) / 4);
/* Handle centering on a graphical frame specially. Such frames can /* Handle centering on a graphical frame specially. Such frames can
have variable-height lines and centering point on the basis of have variable-height lines and centering point on the basis of
...@@ -5122,7 +5116,7 @@ and redisplay normally--don't erase and redraw the frame. */) ...@@ -5122,7 +5116,7 @@ and redisplay normally--don't erase and redraw the frame. */)
{ {
struct it it; struct it it;
struct text_pos pt; struct text_pos pt;
int nlines = -iarg; int nlines = min (INT_MAX, -iarg);
int extra_line_spacing; int extra_line_spacing;
int h = window_box_height (w); int h = window_box_height (w);
void *itdata = bidi_shelve_cache (); void *itdata = bidi_shelve_cache ();
...@@ -5288,15 +5282,14 @@ zero means top of window, negative means relative to bottom of window. */) ...@@ -5288,15 +5282,14 @@ zero means top of window, negative means relative to bottom of window. */)
lines = displayed_window_lines (w); lines = displayed_window_lines (w);
#if 0 #if 0
this_scroll_margin = max (0, scroll_margin); this_scroll_margin = max (0, min (scroll_margin, lines / 4));
this_scroll_margin = min (this_scroll_margin, lines / 4);
#endif #endif
if (NILP (arg)) if (NILP (arg))
XSETFASTINT (arg, lines / 2); XSETFASTINT (arg, lines / 2);
else else
{ {
int iarg = XINT (Fprefix_numeric_value (arg)); EMACS_INT iarg = XINT (Fprefix_numeric_value (arg));
if (iarg < 0) if (iarg < 0)
iarg = iarg + lines; iarg = iarg + lines;
...@@ -5468,7 +5461,8 @@ the return value is nil. Otherwise the value is t. */) ...@@ -5468,7 +5461,8 @@ the return value is nil. Otherwise the value is t. */)
struct window *root_window; struct window *root_window;
struct window **leaf_windows; struct window **leaf_windows;
int n_leaf_windows; int n_leaf_windows;
int k, i, n; ptrdiff_t k;
int i, n;
/* If the frame has been resized since this window configuration was /* If the frame has been resized since this window configuration was
made, we change the frame to the size specified in the made, we change the frame to the size specified in the
...@@ -6344,7 +6338,7 @@ compare_window_configurations (Lisp_Object configuration1, Lisp_Object configura ...@@ -6344,7 +6338,7 @@ compare_window_configurations (Lisp_Object configuration1, Lisp_Object configura
{ {
register struct save_window_data *d1, *d2; register struct save_window_data *d1, *d2;
struct Lisp_Vector *sws1, *sws2; struct Lisp_Vector *sws1, *sws2;
int i; ptrdiff_t i;
CHECK_WINDOW_CONFIGURATION (configuration1); CHECK_WINDOW_CONFIGURATION (configuration1);
CHECK_WINDOW_CONFIGURATION (configuration2); CHECK_WINDOW_CONFIGURATION (configuration2);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment