1. 16 Jun, 2011 2 commits
    • Paul Eggert's avatar
      Improve buffer-overflow checking. · 1c8e352f
      Paul Eggert authored
      * fileio.c (Finsert_file_contents):
      * insdel.c (insert_from_buffer_1, replace_range, replace_range_2):
      Remove the old (too-loose) buffer overflow checks.
      They weren't needed, since make_gap checks for buffer overflow.
      * insdel.c (make_gap_larger): Catch buffer overflows that were missed.
      The old code merely checked for Emacs fixnum overflow, and relied
      on undefined (wraparound) behavior.  The new code avoids undefined
      behavior, and also checks for ptrdiff_t and/or size_t overflow.
      1c8e352f
    • Paul Eggert's avatar
      * insdel.c, lisp.h (buffer_overflow): New function. · 99561444
      Paul Eggert authored
      (insert_from_buffer_1, replace_range, replace_range_2):
      * insdel.c (make_gap_larger):
      * editfns.c (Finsert_char):
      * fileio.c (Finsert_file_contents): Use it, to normalize wording.
      99561444
  2. 15 Jun, 2011 2 commits
  3. 13 Jun, 2011 1 commit
  4. 06 Jun, 2011 3 commits
    • Paul Eggert's avatar
      Check for overflow when converting integer to cons and back. · be44ca6c
      Paul Eggert authored
      * charset.c (Fdefine_charset_internal, Fdecode_char):
      Use cons_to_unsigned to catch overflow.
      (Fencode_char): Use INTEGER_TO_CONS.
      * composite.h (LGLYPH_CODE): Use cons_to_unsigned.
      (LGLYPH_SET_CODE): Use INTEGER_TO_CONS.
      * data.c (long_to_cons, cons_to_long): Remove.
      (cons_to_unsigned, cons_to_signed): New functions.
      These signal an error for invalid or out-of-range values.
      * dired.c (Ffile_attributes): Use INTEGER_TO_CONS.
      * fileio.c (Fset_visited_file_modtime): Use CONS_TO_INTEGER.
      * font.c (Ffont_variation_glyphs):
      * fontset.c (Finternal_char_font): Use INTEGER_TO_CONS.
      * lisp.h: Include <intprops.h>.
      (INTEGER_TO_CONS, CONS_TO_INTEGER): New macros.
      (cons_to_signed, cons_to_unsigned): New decls.
      (long_to_cons, cons_to_long): Remove decls.
      * undo.c (record_first_change): Use INTEGER_TO_CONS.
      (Fprimitive_undo): Use CONS_TO_INTEGER.
      * xfns.c (Fx_window_property): Likewise.
      * xselect.c: Include <limits.h>.
      (x_own_selection, selection_data_to_lisp_data):
      Use INTEGER_TO_CONS.
      (x_handle_selection_request, x_handle_selection_clear)
      (x_get_foreign_selection, Fx_disown_selection_internal)
      (Fx_get_atom_name, x_send_client_event): Use CONS_TO_INTEGER.
      (lisp_data_to_selection_data): Use cons_to_unsigned.
      (x_fill_property_data): Use cons_to_signed.
      Report values out of range.
      be44ca6c
    • Paul Eggert's avatar
      Check for buffer and string overflow more precisely. · d1f3d2af
      Paul Eggert authored
      * buffer.h (BUF_BYTES_MAX): New macro.
      * lisp.h (STRING_BYTES_MAX): New macro.
      * alloc.c (Fmake_string):
      * character.c (string_escape_byte8):
      * coding.c (coding_alloc_by_realloc):
      * doprnt.c (doprnt):
      * editfns.c (Fformat):
      * eval.c (verror):
      Use STRING_BYTES_MAX, not MOST_POSITIVE_FIXNUM,
      since they may not be the same number.
      * editfns.c (Finsert_char):
      * fileio.c (Finsert_file_contents):
      Likewise for BUF_BYTES_MAX.
      d1f3d2af
    • Paul Eggert's avatar
      * fileio.c (Fverify_visited_file_modtime): Avoid time overflow · 7f9bbdbb
      Paul Eggert authored
      if b->modtime has its maximal value.
      7f9bbdbb
  5. 04 Jun, 2011 1 commit
    • Paul Eggert's avatar
      Check for buffer and string overflow more precisely. · edaa1822
      Paul Eggert authored
      * buffer.h (BUF_BYTES_MAX): New macro.
      * lisp.h (STRING_BYTES_MAX): New macro.
      * alloc.c (Fmake_string):
      * character.c (string_escape_byte8):
      * coding.c (coding_alloc_by_realloc):
      * doprnt.c (doprnt):
      * editfns.c (Fformat):
      * eval.c (verror):
      Use STRING_BYTES_MAX, not MOST_POSITIVE_FIXNUM,
      since they may not be the same number.
      * editfns.c (Finsert_char):
      * fileio.c (Finsert_file_contents):
      Likewise for BUF_BYTES_MAX.
      edaa1822
  6. 03 Jun, 2011 1 commit
    • Paul Eggert's avatar
      Check for overflow when converting integer to cons and back. · 201f31ae
      Paul Eggert authored
      * charset.c (Fdefine_charset_internal, Fdecode_char):
      Use cons_to_unsigned to catch overflow.
      (Fencode_char): Use INTEGER_TO_CONS.
      * composite.h (LGLYPH_CODE): Use cons_to_unsigned.
      (LGLYPH_SET_CODE): Use INTEGER_TO_CONS.
      * data.c (long_to_cons, cons_to_long): Remove.
      (cons_to_unsigned, cons_to_signed): New functions.
      These signal an error for invalid or out-of-range values.
      * dired.c (Ffile_attributes): Use INTEGER_TO_CONS.
      * fileio.c (Fset_visited_file_modtime): Use CONS_TO_INTEGER.
      * font.c (Ffont_variation_glyphs):
      * fontset.c (Finternal_char_font): Use INTEGER_TO_CONS.
      * lisp.h (INTEGER_TO_CONS, CONS_TO_INTEGER): New macros.
      (cons_to_signed, cons_to_unsigned): New decls.
      (long_to_cons, cons_to_long): Remove decls.
      * undo.c (record_first_change): Use INTEGER_TO_CONS.
      (Fprimitive_undo): Use CONS_TO_INTEGER.
      * xfns.c (Fx_window_property): Likewise.
      * xselect.c (x_own_selection, selection_data_to_lisp_data):
      Use INTEGER_TO_CONS.
      (x_handle_selection_request, x_handle_selection_clear)
      (x_get_foreign_selection, Fx_disown_selection_internal)
      (Fx_get_atom_name, x_send_client_event): Use CONS_TO_INTEGER.
      (lisp_data_to_selection_data): Use cons_to_unsigned.
      (x_fill_property_data): Use cons_to_signed.  Report values out of range.
      201f31ae
  7. 02 Jun, 2011 2 commits
  8. 29 Apr, 2011 1 commit
    • Eli Zaretskii's avatar
      Lift the MOST_POSITIVE_FIXNUM/4 limitation on visited files (bug#8528). · 15cbd324
      Eli Zaretskii authored
       src/fileio.c (Finsert_file_contents): Don't limit file size to 1/4
       of MOST_POSITIVE_FIXNUM.
       src/coding.c (coding_alloc_by_realloc): Error out if destination
       will grow beyond MOST_POSITIVE_FIXNUM.
       (decode_coding_emacs_mule): Abort if there isn't enough place in
       charbuf for the composition carryover bytes.  Reserve an extra
       space for up to 2 characters produced in a loop.
       (decode_coding_iso_2022): Abort if there isn't enough place in
       charbuf for the composition carryover bytes.
      15cbd324
  9. 14 Apr, 2011 5 commits
  10. 13 Apr, 2011 1 commit
  11. 11 Apr, 2011 2 commits
    • Paul Eggert's avatar
      Declare Lisp_Object Q* variables to be 'static' if not exproted. · 955cbe7b
      Paul Eggert authored
      This makes it easier for human readers (and static analyzers)
      to see whether these variables are used from other modules.
      * alloc.c, buffer.c, bytecode.c, callint.c, casetab.c, category.c:
      * ccl.c, character.c, charset.c, cmds.c, coding.c, composite.c:
      * data.c, dbusbind.c, dired.c, editfns.c, eval.c, fileio.c, fns.c:
      * font.c, frame.c, fringe.c, ftfont.c, image.c, keyboard.c, keymap.c:
      * lread.c, macros.c, minibuf.c, print.c, process.c, search.c:
      * sound.c, syntax.c, textprop.c, window.c, xdisp.c, xfaces.c, xfns.c:
      * xmenu.c, xselect.c:
      Declare Q* vars static if they are not used in other modules.
      * ccl.h, character.h, charset.h, coding.h, composite.h, font.h:
      * frame.h, intervals.h, keyboard.h, lisp.h, process.h, syntax.h:
      Remove decls of unexported vars.
      * keyboard.h (EVENT_HEAD_UNMODIFIED): Remove now-unused macro.
      955cbe7b
    • Paul Eggert's avatar
      Make Emacs functions such as Fatom 'static' by default. · 16a97296
      Paul Eggert authored
      This makes it easier for human readers (and static analyzers)
      to see whether these functions can be called from other modules.
      DEFUN now defines a static function.  To make the function external
      so that it can be used in other C modules, use the new macro DEFUE.
      * lisp.h (DEFINE_FUNC): New macro, with the old contents of DEFUN.
      (DEFUN): Rewrite in terms of DEFINE_FUNC.  It now generates a
      static function definition.  Use DEFUE if you want an extern one.
      (DEFUE, INFUN): New macros.
      (Funibyte_char_to_multibyte, Fsyntax_table_p, Finit_image_library):
      (Feval_region, Fbacktrace, Ffetch_bytecode, Fswitch_to_buffer):
      (Ffile_executable_p, Fmake_symbolic_link, Fcommand_execute):
      (Fget_process, Fdocumentation_property, Fbyte_code, Ffile_attributes):
      Remove decls, since these functions are now static.
      (Funintern, Fget_internal_run_time): New decls, since these functions
      were already external.
      * alloc.c, buffer.c, callint.c, callproc.c, casefiddle.c, casetab.c:
      * ccl.c, character.c, chartab.c, cmds.c, coding.c, data.c, dispnew.c:
      * doc.c, editfns.c, emacs.c, eval.c, fileio.c, filelock.c, floatfns.c:
      * fns.c, font.c, fontset.c, frame.c, image.c, indent.c:
      * keyboard.c, keymap.c, lread.c:
      * macros.c, marker.c, menu.c, minibuf.c, print.c, process.c, search.c:
      * syntax.c, term.c, terminal.c, textprop.c, undo.c:
      * window.c, xdisp.c, xfaces.c, xfns.c, xmenu.c, xsettings.c:
      Mark functions with DEFUE instead of DEFUN,
      if they are used in other modules.
      * buffer.c (Fset_buffer_major_mode, Fdelete_overlay): New forward
      decls for now-static functions.
      * buffer.h (Fdelete_overlay): Remove decl.
      * callproc.c (Fgetenv_internal): Mark as internal.
      * composite.c (Fremove_list_of_text_properties): Remove decl.
      (Fcomposition_get_gstring): New forward static decl.
      * composite.h (Fcomposite_get_gstring): Remove decl.
      * dired.c (Ffile_attributes): New forward static decl.
      * doc.c (Fdocumntation_property): New forward static decl.
      * eval.c (Ffetch_bytecode): New forward static decl.
      (Funintern): Remove extern decl; now in .h file where it belongs.
      * fileio.c (Fmake_symbolic_link): New forward static decl.
      * image.c (Finit_image_library): New forward static decl.
      * insdel.c (Fcombine_after_change_execute): Make forward decl static.
      * intervals.h (Fprevious_property_change):
      (Fremove_list_of_text_properties): Remove decls.
      * keyboard.c (Fthis_command_keys): Remove decl.
      (Fcommand_execute): New forward static decl.
      * keymap.c (Flookup_key): New forward static decl.
      (Fcopy_keymap): Now static.
      * keymap.h (Flookup_key): Remove decl.
      * process.c (Fget_process): New forward static decl.
      (Fprocess_datagram_address): Mark as internal.
      * syntax.c (Fsyntax_table_p): New forward static decl.
      (skip_chars): Remove duplicate decl.
      * textprop.c (Fprevious_property_change): New forward static decl.
      * window.c (Fset_window_fringes, Fset_window_scroll_bars):
      Now internal.
      (Fset_window_margins, Fset_window_vscroll): New forward static decls.
      * window.h (Fset_window_vscroll, Fset_window_margins): Remove decls.
      16a97296
  12. 10 Apr, 2011 1 commit
    • Eli Zaretskii's avatar
      Fix write-region and its subroutines for buffers > 2GB. · 8a2cbd72
      Eli Zaretskii authored
       src/fileio.c (a_write, e_write): Modify declaration of arguments and
       local variables to support buffers larger than 2GB.
       (Fcopy_file): Use EMACS_INT for return value of emacs_read.
       src/sysdep.c (emacs_write, emacs_read): Use ssize_t for last
       argument, local variables, and return value.
       src/lisp.h: Update prototypes of emacs_write and emacs_read.
       src/sound.c (vox_write): Use ssize_t for return value of emacs_write.
      8a2cbd72
  13. 09 Apr, 2011 1 commit
    • Eli Zaretskii's avatar
      Replace some uses of `int' with EMACS_INT. · a53e2e89
      Eli Zaretskii authored
       src/search.c (string_match_1, fast_string_match)
       (fast_c_string_match_ignore_case, fast_string_match_ignore_case)
       (scan_buffer, find_next_newline_no_quit)
       (find_before_next_newline, search_command, Freplace_match)
       (Fmatch_data): Make some `int' variables be EMACS_INT.
       src/xdisp.c (display_count_lines): 3rd argument and return value now
       EMACS_INT.  All callers changed.
       (pint2hrstr): Last argument is now EMACS_INT.
       src/coding.c (detect_coding_utf_8, detect_coding_emacs_mule)
       (detect_coding_iso_2022, detect_coding_sjis, detect_coding_big5)
       (detect_coding_ccl, detect_coding_charset, decode_coding_utf_8)
       (decode_coding_utf_16, decode_coding_emacs_mule)
       (decode_coding_iso_2022, decode_coding_sjis, decode_coding_big5)
       (decode_coding_ccl, decode_coding_charset)
       <consumed_chars, consumed_chars_base>: Declare EMACS_INT.
       (decode_coding_iso_2022, decode_coding_emacs_mule)
       (decode_coding_sjis, decode_coding_big5, decode_coding_charset)
       <char_offset, last_offset>: Declare EMACS_INT.
       (encode_coding_utf_8, encode_coding_utf_16)
       (encode_coding_emacs_mule, encode_invocation_designation)
       (encode_designation_at_bol, encode_coding_iso_2022)
       (encode_coding_sjis, encode_coding_big5, encode_coding_ccl)
       (encode_coding_raw_text, encode_coding_charset) <produced_chars>:
       Declare EMACS_INT.
       (ASSURE_DESTINATION): Declare more_bytes EMACS_INT.
       (encode_invocation_designation): Last argument P_NCHARS is now
       EMACS_INT.
       (decode_eol): Declare pos_byte, pos, and pos_end EMACS_INT.
       (produce_chars): from_nchars and to_nchars are now EMACS_INT.
       src/coding.h (struct coding_system) <head_ascii>: Declare EMACS_INT.
       All users changed.
       src/ccl.c (Fccl_execute_on_string): Declare some variables
       EMACS_INT.
      a53e2e89
  14. 03 Apr, 2011 1 commit
  15. 02 Apr, 2011 2 commits
  16. 01 Apr, 2011 1 commit
  17. 25 Mar, 2011 2 commits
    • Juanma Barranquero's avatar
    • Juanma Barranquero's avatar
      nt/*.c, src/*.c: Remove unused variables. · 0f4a96b5
      Juanma Barranquero authored
      * nt/addpm.c (main): Remove unused variable `retval'.
      * nt/preprep.c (main): Remove unused variable `ptr'.
      * src/dispextern.h (glyph_matric): Use #if GLYPH_DEBUG, not #ifdef.
      * src/fileio.c (check_executable) [DOS_NT]: Remove unused variables `len'
        and `suffix'.
        (Fset_file_selinux_context) [HAVE_LIBSELINUX]: Move here declaration
        of variables specific to SELinux and computation of `encoded_absname'.
      * src/image.c (XPutPixel): Remove unused variable `height'.
      * src/keyboard.c (make_lispy_event): Remove unused variable `hpos'.
      * src/unexw32.c (get_section_info): Remove unused variable `section'.
      * src/w32.c (stat): Remove unused variables `drive_root' and `devtype'.
        (system_process_attributes): Remove unused variable `sess'.
        (sys_read): Remove unused variable `err'.
      * src/w32fns.c (top): Wrap variables with #if GLYPH_DEBUG, not #ifdef.
        (w32_wnd_proc): Remove unused variable `isdead'.
        (unwind_create_frame): Use #if GLYPH_DEBUG, not #ifdef.
        (Fx_server_max_request_size): Remove unused variable `dpyinfo'.
        (x_create_tip_frame): Remove unused variable `tem'.
      * src/w32inevt.c (w32_console_read_socket): Remove unused variable `no_events'.
      * src/w32term.c (x_draw_composite_glyph_string_foreground):
        Remove unused variable `width'.
      0f4a96b5
  18. 23 Mar, 2011 1 commit
  19. 21 Mar, 2011 1 commit
  20. 15 Mar, 2011 6 commits
  21. 25 Feb, 2011 1 commit
  22. 22 Feb, 2011 2 commits
    • Paul Eggert's avatar
      [ChangeLog] · ae0d7250
      Paul Eggert authored
      Work around some portability problems with symlinks.
      * Makefile.in (GNULIB_MODULES): Add lstat, readlink, symlink.
      * configure.in (lstat, HAVE_LSTAT): Remove special hack.
      * lib/lstat.c, lib/readlink.c, lib/stat.c, lib/symlink.c:
      * m4/dos.m4, m4/lstat.m4, m4/readlink.m4, m4/stat.m4, m4/symlink.m4:
      New files, automatically generated from gnulib.
      * aclocal.m4, configure, lib/Makefile.in, lib/gnulib.mk:
      * lib/stdlib.in.h, m4/gl-comp.m4, m4/stdlib_h.m4: Regenerate.
      
      2011-02-22  Paul Eggert  <eggert@cs.ucla.edu>
      [src/ChangeLog]
      Work around some portability problems with symlinks.
      * fileio.c (Frename_file, Fmake_symbolic_link, Ffile_symlink_p):
      Simplify the code by assuming that the readlink and symlink calls
      exist, even if they always fail on this host.
      (Ffile_readable_p): Likewise, for fifos.
      * config.in: Regenerate.
      ae0d7250
    • Paul Eggert's avatar
      [ChangeLog] · f68c809d
      Paul Eggert authored
      Assume S_ISLNK etc. work, since gnulib supports this.
      * Makefile.in (GNULIB_MODULES): Add sys_stat.
      * configure.in: Check for lstat and set HAVE_LSTAT=0 if not.
      Pretend to be using the gnulib lstat module for benefit of sys/stat.h.
      * configure, lib/Makefile.in, lib/gnulib.mk: Regenerate.
      [lib-src/ChangeLog]
      Assume S_ISLNK etc. work, since gnulib supports this.
      * etags.c (S_ISREG): Remove.
      [src/ChangeLog]
      Assume S_ISLNK etc. work, since gnulib supports this.
      * config.in: Regenerate.
      * dired.c (lstat): Remove.
      (file_name_completion): Assume S_ISDIR works.
      (file_name_completion_stat): Assume S_ISLNK works.
      Do not bother calling stat unless lstat says it's a symlink.
      * fileio.c (S_ISLNK, S_ISFIFO, S_ISREG, lstat): Remove.
      (Fcopy_file): Assume S_ISREG and S_ISLNK work.
      (check_writable, Ffile_writable_p, Fset_file_times):
      Assume S_ISDIR works.
      (Ffile_readable_p): Use S_IFIFO, not S_ISFIFO, to guess whether
      fifos exist.
      (Ffile_regular_p, Finsert_file_contents): Assumes S_ISREG works.
      * filelock.c (S_ISLNK): Remove.
      * lread.c (openp): Assume S_ISDIR works.
      * xrdb.c (S_ISDIR): Remove.
      f68c809d