1. 29 Jul, 2011 21 commits
    • Paul Eggert's avatar
      * xselect.c: Integer and memory overflow issues. · 864d7ce7
      Paul Eggert authored
      (X_LONG_SIZE, X_USHRT_MAX, X_ULONG_MAX): New macros.
      Use them to make the following changes clearer.
      (MAX_SELECTION_QUANTUM): Make the other bounds on this value clearer.
      This change doesn't affect the value now, but it may help remind
      future maintainers not to raise the value too much later.
      (SELECTION_QUANTUM): Remove, replacing with ...
      (selection_quantum): ... new function, which avoids overflow.
      All uses changed.
      (struct selection_data.size): Now ptrdiff_t, not int, to avoid
      assumption that selection length fits in 'int'.
      (x_reply_selection_request, x_handle_selection_request)
      (x_get_window_property, receive_incremental_selection)
      (x_get_window_property_as_lisp_data, selection_data_to_lisp_data)
      (lisp_data_to_selection_data, clean_local_selection_data):
      Use ptrdiff_t, not int, to record length of selection.
      (x_reply_selection_request, x_get_window_property)
      (receive_incremental_selection, x_property_data_to_lisp):
      Redo calculations to avoid overflow.
      (x_reply_selection_request): When sending hint, ceiling it at
      X_ULONG_MAX rather than relying on wraparound overflow to send
      something.
      (x_get_window_property, receive_incremental_selection)
      (lisp_data_to_selection_data, x_property_data_to_lisp):
      Check for size-calculation overflow.
      (x_get_window_property, receive_incremental_selection)
      (lisp_data_to_selection_data, Fx_register_dnd_atom):
      Don't store size until memory allocation succeeds.
      (x_get_window_property): Plug memory leak on memory exhaustion.
      Don't double-block input; malloc is safe here.  Don't assume 2**34
      - 4 fits in unsigned long.  Add an xassert to check
      XGetWindowProperty overflow.  Be more careful about overflow
      calculations, and distinguish size from memory overflow better.
      (receive_incremental_selection): When tracing, don't assume
      unsigned int is less than INT_MAX.
      (x_selection_data_to_lisp_data): Remove unnecessary (and in theory
      harmful) conversions of unsigned short to int.
      (lisp_data_to_selection_data): Don't assume that integers
      in the range -65535 through -1 fit in an X unsigned short.
      Don't assume that ULONG_MAX == X_ULONG_MAX.  Don't store into
      result parameters unless successful.  Rely on cons_to_unsigned
      to report problems with elements; the old code wasn't right anyway.
      (x_check_property_data): Check for int overflow; we cannot use
      a wider type due to X limits.
      (x_handle_dnd_message): Use unsigned int, to avoid int overflow.
      864d7ce7
    • Paul Eggert's avatar
      * xrdb.c: Integer and memory overflow issues. · a3d9c2a4
      Paul Eggert authored
      (magic_file_p): Plug memory leak on size overflow.
      (get_environ_db): Don't assume path length fits in int,
      as sprintf is limited to int lengths.
      a3d9c2a4
    • Paul Eggert's avatar
      * xgselect.c (xg_select): Check for size calculation overflow. · c26f2521
      Paul Eggert authored
      Don't update size until alloc done.
      c26f2521
    • Paul Eggert's avatar
      * xfns.c: Integer and memory overflow fixes. · c678c835
      Paul Eggert authored
      (x_encode_text, x_set_name_internal, Fx_change_window_property):
      Use ptrdiff_t, not int, to count sizes, since they can exceed
      INT_MAX in size.  Check for size calculation overflow.
      c678c835
    • Paul Eggert's avatar
      * xfaces.c: Integer and memory overflow fixes. · b7b603a0
      Paul Eggert authored
      (Finternal_make_lisp_face): Use ptrdiff_t, not int, for sizes.
      Check for size calculation overflow.
      (cache_face): Do not overflow in size calculation.
      b7b603a0
    • Paul Eggert's avatar
      * xdisp.c: Integer and memory overflow fixes. · a5a5cbd4
      Paul Eggert authored
      (store_mode_line_noprop_char, x_consider_frame_title):
      Use ptrdiff_t, not int, for sizes.
      (store_mode_line_noprop_char): Don't update size until alloc done.
      a5a5cbd4
    • Paul Eggert's avatar
      * tparam.c: Integer and memory overflow fixes. · 8fbadbe3
      Paul Eggert authored
      (tparam1): Use ptrdiff_t, not int, for sizes.
      Don't update size until alloc done.
      Redo size calculations to avoid overflow.
      Check for size calculation overflow.
      8fbadbe3
    • Paul Eggert's avatar
      * termcap.c: Integer and memory overflow issues. · 0d8f2df7
      Paul Eggert authored
      (tgetent): Use ptrdiff_t, not int, to record results of
      subtracting pointers.
      (gobble_line): Check for overflow more carefully.  Don't update size
      until alloc done.
      0d8f2df7
    • Paul Eggert's avatar
      * term.c: Integer and memory overflow issues. · fee31f82
      Paul Eggert authored
      (max_frame_lines): Remove; unused.
      (encode_terminal_src_size, encode_terminal_dst_size): Now ptrdiff_t,
      not int.
      (encode_terminal_code, calculate_costs): Check for size
      calculation overflow.
      (encode_terminal_code): Use ptrdiff_t, not int, to record glyph
      table lengths and related sizes.  Don't update size until alloc
      done.  Redo calculations to avoid overflow.
      (calculate_costs): Don't bother calling xmalloc when xrealloc will do.
      fee31f82
    • Paul Eggert's avatar
      * sysdep.c: Integer and memory overflow issues. · fe6442b1
      Paul Eggert authored
      (system_process_attributes): Use ptrdiff_t, not int, for command
      line length.  Do not attempt to address one before the beginning
      of an array, as that's not portable.
      fe6442b1
    • Paul Eggert's avatar
      * search.c: Integer and memory overflow fixes. · 5f2ab479
      Paul Eggert authored
      (Freplace_match): Check for size calculation overflow.
      (Fset_match_data): Don't assume list lengths fit in 'int'.
      5f2ab479
    • Paul Eggert's avatar
      * scroll.c: Integer and memory overflow fixes. · 1d568902
      Paul Eggert authored
      (do_line_insertion_deletion_costs): Check for size calculation overflow.
      Don't bother calling xmalloc when xrealloc will do.
      1d568902
    • Paul Eggert's avatar
    • Paul Eggert's avatar
      * process.c (Fnetwork_interface_list): Check for overflow · bf2da747
      Paul Eggert authored
      in size calculation.
      bf2da747
    • Paul Eggert's avatar
      * nsterm.h (struct ns_color_table.size, struct ns_color_table.avail): · 1ef7689b
      Paul Eggert authored
      Now ptrdiff_t, not int.
      * nsterm.m (ns_index_color): Use ptrdiff_t, not int, for table indexes.
      (ns_draw_fringe_bitmap): Rewrite to avoid overflow.
      1ef7689b
    • Paul Eggert's avatar
      * minibuf.c (read_minibuf_noninteractive): Don't leak memory · ea8a7d00
      Paul Eggert authored
      on memory overflow.
      ea8a7d00
    • Paul Eggert's avatar
      * macros.c: Integer and memory overflow fixes. · c86960f0
      Paul Eggert authored
      (Fstart_kbd_macro): Don't update size until alloc done.
      (store_kbd_macro_char): Reorder multiplicands to avoid overflow.
      c86960f0
    • Paul Eggert's avatar
    • Paul Eggert's avatar
      * keymap.c: Integer overflow fixes. · dbe2216b
      Paul Eggert authored
      (cmm_size, current_minor_maps): Use ptrdiff_t, not int, to count maps.
      (current_minor_maps): Check for size calculation overflow.
      * keymap.h: Change prototypes to match the above.
      dbe2216b
    • Paul Eggert's avatar
      * keyboard.c: Integer and memory overflow fixes. · 34db673b
      Paul Eggert authored
      (read_char, menu_bar_items, tool_bar_items, read_char_x_menu_prompt)
      (read_char_minibuf_menu_width, read_char_minibuf_menu_prompt)
      (follow_key, read_key_sequence): Use ptrdiff_t, not int, to count maps.
      (read_char_minibuf_menu_prompt): Check for overflow in size
      calculations.  Don't update size until allocation succeeds.  Redo
      calculations to avoid overflow.
      * keyboard.h: Change prototypes to match the above.
      34db673b
    • Paul Eggert's avatar
      * image.c: Integer and memory overflow fixes. · ddff3151
      Paul Eggert authored
      (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): Remove; these are duplicate
      now that they've been promoted to lisp.h.
      (x_allocate_bitmap_record, x_alloc_image_color)
      (make_image_cache, cache_image, xpm_load):
      Don't update size until alloc is done.
      (xpm_load, lookup_rgb_color, lookup_pixel_color, x_to_xcolors)
      (x_detect_edges):
      Check for size calculation overflow.
      (ct_colors_allocated_max): New constant.
      (x_to_xcolors, x_detect_edges): Reorder multiplicands to avoid
      overflow.
      ddff3151
  2. 28 Jul, 2011 17 commits
  3. 19 Jul, 2011 2 commits
    • Paul Eggert's avatar
      Use ptrdiff_t for composition IDs. · ebfa62c0
      Paul Eggert authored
      * character.c (lisp_string_width):
      * composite.c (composition_table_size, n_compositions)
      (get_composition_id, composition_gstring_from_id):
      * dispextern.h (struct glyph_string.cmp_id, struct composition_it.id):
      * xdisp.c (BUILD_COMPOSITE_GLYPH_STRING):
      * window.c (Frecenter):
      Use ptrdiff_t, not int, for composition IDs.
      * composite.c (get_composition_id): Check for integer overflow.
      * composite.h: Adjust prototypes to match the above changes.
      ebfa62c0
    • Paul Eggert's avatar
      Port to OpenBSD. · 590bd467
      Paul Eggert authored
      See http://lists.gnu.org/archive/html/emacs-devel/2011-07/msg00688.html
      and the surrounding thread.
      * minibuf.c (read_minibuf_noninteractive): Rewrite to use getchar
      rather than fgets, and retry after EINTR.  Otherwise, 'emacs
      --batch -f byte-compile-file' fails on OpenBSD if an inactivity
      timer goes off.
      * s/openbsd.h (BROKEN_SIGIO): Define.
      * unexelf.c (unexec) [__OpenBSD__]:
      Don't update the .mdebug section of the Alpha COFF symbol table.
      590bd467