- 05 Aug, 2011 1 commit
-
-
Paul Eggert authored
See, for example <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=9196#26>.
-
- 29 Jul, 2011 25 commits
-
-
Paul Eggert authored
-
Paul Eggert authored
-
Paul Eggert authored
(x_color_cells, handle_one_xevent, x_term_init): Check for size calculation overflow. (x_color_cells): Don't store size until memory allocation succeeds. (handle_one_xevent): Use ptrdiff_t, not int, for byte counts. (x_term_init): Don't assume length fits in int (sprintf is limited to int size).
-
Paul Eggert authored
-
Paul Eggert authored
(X_LONG_SIZE, X_USHRT_MAX, X_ULONG_MAX): New macros. Use them to make the following changes clearer. (MAX_SELECTION_QUANTUM): Make the other bounds on this value clearer. This change doesn't affect the value now, but it may help remind future maintainers not to raise the value too much later. (SELECTION_QUANTUM): Remove, replacing with ... (selection_quantum): ... new function, which avoids overflow. All uses changed. (struct selection_data.size): Now ptrdiff_t, not int, to avoid assumption that selection length fits in 'int'. (x_reply_selection_request, x_handle_selection_request) (x_get_window_property, receive_incremental_selection) (x_get_window_property_as_lisp_data, selection_data_to_lisp_data) (lisp_data_to_selection_data, clean_local_selection_data): Use ptrdiff_t, not int, to record length of selection. (x_reply_selection_request, x_get_window_property) (receive_incremental_selection, x_property_data_to_lisp): Redo calculations to avoid overflow. (x_reply_selection_request): When sending hint, ceiling it at X_ULONG_MAX rather than relying on wraparound overflow to send something. (x_get_window_property, receive_incremental_selection) (lisp_data_to_selection_data, x_property_data_to_lisp): Check for size-calculation overflow. (x_get_window_property, receive_incremental_selection) (lisp_data_to_selection_data, Fx_register_dnd_atom): Don't store size until memory allocation succeeds. (x_get_window_property): Plug memory leak on memory exhaustion. Don't double-block input; malloc is safe here. Don't assume 2**34 - 4 fits in unsigned long. Add an xassert to check XGetWindowProperty overflow. Be more careful about overflow calculations, and distinguish size from memory overflow better. (receive_incremental_selection): When tracing, don't assume unsigned int is less than INT_MAX. (x_selection_data_to_lisp_data): Remove unnecessary (and in theory harmful) conversions of unsigned short to int. (lisp_data_to_selection_data): Don't assume that integers in the range -65535 through -1 fit in an X unsigned short. Don't assume that ULONG_MAX == X_ULONG_MAX. Don't store into result parameters unless successful. Rely on cons_to_unsigned to report problems with elements; the old code wasn't right anyway. (x_check_property_data): Check for int overflow; we cannot use a wider type due to X limits. (x_handle_dnd_message): Use unsigned int, to avoid int overflow.
-
Paul Eggert authored
(magic_file_p): Plug memory leak on size overflow. (get_environ_db): Don't assume path length fits in int, as sprintf is limited to int lengths.
-
Paul Eggert authored
Don't update size until alloc done.
-
Paul Eggert authored
(x_encode_text, x_set_name_internal, Fx_change_window_property): Use ptrdiff_t, not int, to count sizes, since they can exceed INT_MAX in size. Check for size calculation overflow.
-
Paul Eggert authored
(Finternal_make_lisp_face): Use ptrdiff_t, not int, for sizes. Check for size calculation overflow. (cache_face): Do not overflow in size calculation.
-
Paul Eggert authored
(store_mode_line_noprop_char, x_consider_frame_title): Use ptrdiff_t, not int, for sizes. (store_mode_line_noprop_char): Don't update size until alloc done.
-
Paul Eggert authored
(tparam1): Use ptrdiff_t, not int, for sizes. Don't update size until alloc done. Redo size calculations to avoid overflow. Check for size calculation overflow.
-
Paul Eggert authored
(tgetent): Use ptrdiff_t, not int, to record results of subtracting pointers. (gobble_line): Check for overflow more carefully. Don't update size until alloc done.
-
Paul Eggert authored
(max_frame_lines): Remove; unused. (encode_terminal_src_size, encode_terminal_dst_size): Now ptrdiff_t, not int. (encode_terminal_code, calculate_costs): Check for size calculation overflow. (encode_terminal_code): Use ptrdiff_t, not int, to record glyph table lengths and related sizes. Don't update size until alloc done. Redo calculations to avoid overflow. (calculate_costs): Don't bother calling xmalloc when xrealloc will do.
-
Paul Eggert authored
(system_process_attributes): Use ptrdiff_t, not int, for command line length. Do not attempt to address one before the beginning of an array, as that's not portable.
-
Paul Eggert authored
(Freplace_match): Check for size calculation overflow. (Fset_match_data): Don't assume list lengths fit in 'int'.
-
Paul Eggert authored
(do_line_insertion_deletion_costs): Check for size calculation overflow. Don't bother calling xmalloc when xrealloc will do.
-
Paul Eggert authored
-
Paul Eggert authored
in size calculation.
-
Paul Eggert authored
Now ptrdiff_t, not int. * nsterm.m (ns_index_color): Use ptrdiff_t, not int, for table indexes. (ns_draw_fringe_bitmap): Rewrite to avoid overflow.
-
Paul Eggert authored
on memory overflow.
-
Paul Eggert authored
(Fstart_kbd_macro): Don't update size until alloc done. (store_kbd_macro_char): Reorder multiplicands to avoid overflow.
-
Paul Eggert authored
-
Paul Eggert authored
(cmm_size, current_minor_maps): Use ptrdiff_t, not int, to count maps. (current_minor_maps): Check for size calculation overflow. * keymap.h: Change prototypes to match the above.
-
Paul Eggert authored
(read_char, menu_bar_items, tool_bar_items, read_char_x_menu_prompt) (read_char_minibuf_menu_width, read_char_minibuf_menu_prompt) (follow_key, read_key_sequence): Use ptrdiff_t, not int, to count maps. (read_char_minibuf_menu_prompt): Check for overflow in size calculations. Don't update size until allocation succeeds. Redo calculations to avoid overflow. * keyboard.h: Change prototypes to match the above.
-
Paul Eggert authored
(RANGED_INTEGERP, TYPE_RANGED_INTEGERP): Remove; these are duplicate now that they've been promoted to lisp.h. (x_allocate_bitmap_record, x_alloc_image_color) (make_image_cache, cache_image, xpm_load): Don't update size until alloc is done. (xpm_load, lookup_rgb_color, lookup_pixel_color, x_to_xcolors) (x_detect_edges): Check for size calculation overflow. (ct_colors_allocated_max): New constant. (x_to_xcolors, x_detect_edges): Reorder multiplicands to avoid overflow.
-
- 28 Jul, 2011 14 commits
-
-
Paul Eggert authored
(get_utf8_string, xg_store_widget_in_map): Check for size-calculation overflow. (get_utf8_string): Use ptrdiff_t, not size_t, where either will do, as we prefer signed integers. (id_to_widget.max_size, id_to_widget.used) (xg_store_widget_in_map, xg_remove_widget_from_map) (xg_get_widget_from_map, xg_get_scroll_id_for_window) (xg_remove_scroll_bar, xg_update_scrollbar_pos): Use and return ptrdiff_t, not int. (xg_gtk_scroll_destroy): Don't assume ptrdiff_t fits in int. * gtkutil.h: Change prototypes to match the above.
-
Paul Eggert authored
(ftfont_get_open_type_spec, setup_otf_gstring, ftfont_shape_by_flt): Check for integer overflow in size calculations.
-
Paul Eggert authored
-
Paul Eggert authored
This is for the members text_lines, text_cols, total_lines, total_cols, where the system imposes an 'int' limit.
-
Paul Eggert authored
(set_menu_bar_lines, x_set_frame_parameters, x_set_scroll_bar_width) (x_figure_window_size): Check for integer overflow. (x_set_alpha): Do not assume XINT fits in int.
-
Paul Eggert authored
(init_eval_once, grow_specpdl): Don't update size until alloc succeeds. (call_debugger, grow_specpdl): Redo calculations to avoid overflow.
-
Paul Eggert authored
-
Paul Eggert authored
(set_time_zone_rule): Don't assume environment length fits in int. (message_length): Now ptrdiff_t, not int. (Fmessage_box): Don't update size until allocation succeeds. Don't assume message length fits in int. (Fformat): Use ptrdiff_t, not EMACS_INT, where ptrdiff_t will do.
-
Paul Eggert authored
(get_doc_string_buffer_size): Now ptrdiff_t, not int. (get_doc_string): Check for size calculation overflow. Don't update size until allocation succeeds. (get_doc_string, Fsubstitute_command_keys): Use ptrdiff_t, not EMACS_INT, where ptrdiff_t will do. (Fsubstitute_command_keys): Check for string overflow.
-
Paul Eggert authored
* dispextern.h (struct glyph_pool.nglyphs): Now ptrdiff_t, not int. * dispnew.c (adjust_glyph_matrix, realloc_glyph_pool, scrolling_window): Check for overflow in size calculations. (line_draw_cost, realloc_glyph_pool, add_row_entry): Don't assume glyph table len fits in int. (struct row_entry.bucket, row_entry_pool_size, row_entry_idx) (row_table_size): Now ptrdiff_t, not int. (scrolling_window): Avoid overflow in size calculations. Don't update size until allocation succeeds. * fns.c (concat): Check for overflow in size calculations. (next_almost_prime): Verify NEXT_ALMOST_PRIME_LIMIT. * lisp.h (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros. (NEXT_ALMOST_PRIME_LIMIT): New constant.
-
Paul Eggert authored
-
Paul Eggert authored
(get_composition_id): Check for overflow in glyph length calculations.
-
Paul Eggert authored
(produce_chars): Redo buffer-overflow calculations to avoid unnecessary integer overflow. Check for size overflow. (encode_coding_object): Don't update size until xmalloc succeeds.
-
Paul Eggert authored
-