1. 19 Jul, 2011 6 commits
    • Paul Eggert's avatar
      Use ptrdiff_t for composition IDs. · ebfa62c0
      Paul Eggert authored
      * character.c (lisp_string_width):
      * composite.c (composition_table_size, n_compositions)
      (get_composition_id, composition_gstring_from_id):
      * dispextern.h (struct glyph_string.cmp_id, struct composition_it.id):
      * xdisp.c (BUILD_COMPOSITE_GLYPH_STRING):
      * window.c (Frecenter):
      Use ptrdiff_t, not int, for composition IDs.
      * composite.c (get_composition_id): Check for integer overflow.
      * composite.h: Adjust prototypes to match the above changes.
      ebfa62c0
    • Paul Eggert's avatar
      Port to OpenBSD. · 590bd467
      Paul Eggert authored
      See http://lists.gnu.org/archive/html/emacs-devel/2011-07/msg00688.html
      and the surrounding thread.
      * minibuf.c (read_minibuf_noninteractive): Rewrite to use getchar
      rather than fgets, and retry after EINTR.  Otherwise, 'emacs
      --batch -f byte-compile-file' fails on OpenBSD if an inactivity
      timer goes off.
      * s/openbsd.h (BROKEN_SIGIO): Define.
      * unexelf.c (unexec) [__OpenBSD__]:
      Don't update the .mdebug section of the Alpha COFF symbol table.
      590bd467
    • Lars Magne Ingebrigtsen's avatar
    • Paul Eggert's avatar
      Use ptrdiff_t for hash table indexes. · d3411f89
      Paul Eggert authored
      * category.c (hash_get_category_set):
      * ccl.c (ccl_driver):
      * charset.h (struct charset.hash_index, CHECK_CHARSET_GET_ID):
      * coding.c (coding_system_charset_list, detect_coding_system):
      * coding.h (struct coding_system.id):
      * composite.c (get_composition_id, gstring_lookup_cache):
      * fns.c (hash_lookup, hash_put, Fgethash, Fputhash):
      * image.c (xpm_get_color_table_h):
      * lisp.h (hash_lookup, hash_put):
      * minibuf.c (Ftest_completion):
      Use ptrdiff_t for hash table indexes, not int (which is too
      narrow, on 64-bit hosts) or EMACS_INT (which is too wide, on
      32-bit --with-wide-int hosts).
      d3411f89
    • Paul Eggert's avatar
      * charset.c (Fdefine_charset_internal): Check for integer overflow. · e097a6fa
      Paul Eggert authored
      Add a FIXME comment about memory leaks.
      (syms_of_charset): Don't assume xmalloc returns.
      e097a6fa
    • Paul Eggert's avatar
      Don't assume that stated character widths fit in int. · 5637687f
      Paul Eggert authored
      * character.c (Fchar_width, c_string_width, lisp_string_width):
      * character.h (CHAR_WIDTH):
      * indent.c (MULTIBYTE_BYTES_WIDTH):
      Use sanitize_char_width to avoid undefined and/or bad behavior
      with outlandish widths.
      * character.h (sanitize_tab_width): Renamed from sanitize_width,
      now that we have two such functions.  All uses changed.
      (sanitize_char_width): New inline function.
      5637687f
  2. 18 Jul, 2011 7 commits
  3. 17 Jul, 2011 6 commits
    • Paul Eggert's avatar
      * xterm.c: don't go over XClientMessageEvent limit · 50849c52
      Paul Eggert authored
      (scroll_bar_windows_size): Now ptrdiff_t, as we prefer signed.
      (x_send_scroll_bar_event): Likewise.  Check that the size does not
      exceed limits imposed by XClientMessageEvent, as well as the usual
      ptrdiff_t and size_t limits.
      50849c52
    • Andreas Schwab's avatar
      Make read-symbol-positions-list more accurate · 0a6a104b
      Andreas Schwab authored
      * src/lread.c (read_integer): Unread even EOF character.
      (read1): Likewise.  Properly record start position of symbol.
      0a6a104b
    • Andreas Schwab's avatar
      * src/lread.c (read1): Read `#:' as empty uninterned symbol if no · 52968808
      Andreas Schwab authored
      symbol character follows.
      52968808
    • Paul Eggert's avatar
      * keyboard.c: Overflow, signedness and related fixes. · b13995db
      Paul Eggert authored
      (make_lispy_movement): Use same integer type in forward decl
      that is used in the definition.
      (read_key_sequence, keyremap_step):
      Change bufsize argument back to int, undoing my 2011-03-30 change.
      We prefer signed types, and int is wide enough here.
      (parse_tool_bar_item): Don't assume tool_bar_max_label_size is less
      than TYPE_MAXIMUM (EMACS_INT) / 2.  Don't let the label size grow
      larger than STRING_BYTES_BOUND.  Use ptrdiff_t for Emacs string
      length, not size_t.  Use ptrdiff_t for index, not int.
      (keyremap_step, read_key_sequence): Redo bufsize check to avoid
      possibility of integer overflow.
      b13995db
    • Paul Eggert's avatar
      * fileio.c (Fcopy_file): Pacify gcc re fchown. (Bug#9002) · 9e381cdd
      Paul Eggert authored
      This works around a problem with the previous change to Fcopy_file.
      Recent glibc declares fchown with __attribute__((warn_unused_result)),
      and without this change, GCC might complain about discarding
      fchown's return value.
      9e381cdd
    • Paul Eggert's avatar
      Overflow, signedness and related fixes for images. · 13464394
      Paul Eggert authored
      * dispextern.h (struct it.stack[0].u.image.image_id)
      (struct_it.image_id, struct image.id, struct image_cache.size)
      (struct image_cache.used, struct image_cache.ref_count):
      * gtkutil.c (update_frame_tool_bar):
      * image.c (x_reference_bitmap, Fimage_size, Fimage_mask_p)
      (Fimage_metadata, free_image_cache, clear_image_cache, lookup_image)
      (cache_image, mark_image_cache, x_kill_gs_process, Flookup_image):
      * nsmenu.m (update_frame_tool_bar):
      * xdisp.c (calc_pixel_width_or_height):
      * xfns.c (image_cache_refcount):
      Image IDs are now ptrdiff_t, not int, to avoid arbitrary limits
      on typical 64-bit hosts.
      
      * image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros.
      (x_bitmap_pixmap, x_create_x_image_and_pixmap):
      Omit unnecessary casts to int.
      (parse_image_spec): Check that integers fall into 'int' range
      when the callers expect that.
      (image_ascent): Redo ascent calculation to avoid int overflow.
      (clear_image_cache): Avoid overflow when sqrt (INT_MAX) < nimages.
      (lookup_image): Remove unnecessary tests.
      (xbm_image_p): Locals are now of int, not EMACS_INT,
      since parse_image_check makes sure they fit into int.
      (png_load, gif_load, svg_load_image):
      Prefer int to unsigned where either will do.
      (tiff_handler): New function, combining the cores of the
      old tiff_error_handler and tiff_warning_handler.  This
      function is rewritten to use vsnprintf and thereby avoid
      stack buffer overflows.  It uses only the features of vsnprintf
      that are common to both POSIX and native Microsoft.
      (tiff_error_handler, tiff_warning_handler): Use it.
      (tiff_load, gif_load, imagemagick_load_image):
      Don't assume :index value fits in 'int'.
      (gif_load): Omit unnecessary cast to double, and avoid double-rounding.
      (imagemagick_load_image): Check that crop parameters fit into
      the integer types that MagickCropImage accepts.  Don't assume
      Vimagemagick_render_type has a nonnegative value.  Don't assume
      size_t fits in 'long'.
      (gs_load): Use printmax_t to print the widest integers possible.
      Check for integer overflow when computing image height and width.
      13464394
  4. 16 Jul, 2011 4 commits
  5. 15 Jul, 2011 7 commits
  6. 14 Jul, 2011 10 commits