-2011-08-29 Paul Eggert <eggert@cs.ucla.edu>
+2011-08-31 Paul Eggert <eggert@cs.ucla.edu>
- sprintf-related integer and memory overflow issues.
+ sprintf-related integer and memory overflow issues (Bug#9412).
* doprnt.c (doprnt): Support printing ptrdiff_t and intmax_t values.
(esprintf, esnprintf, exprintf, evxprintf): New functions.
(esprintf, esnprintf, exprintf, evxprintf): New decls.
* window.h (command_loop_level, minibuf_level): Reflect API changes.
- * dbusbind.c (xd_signature, Fdbus_register_signal):
+ * dbusbind.c (signature_cat): New function.
+ (xd_signature, Fdbus_register_signal):
Do not overrun buffer; instead, report string overflow.
* dispnew.c (add_window_display_history): Don't overrun buffer.
* filelock.c (lock_file_1, lock_file): Don't blindly alloca long name;
use SAFE_ALLOCA instead. Use esprintf to avoid int-overflow issues.
- * font.c (font_unparse_xlfd): Don't blindly alloca long strings.
+ * font.c: Include <float.h>, for DBL_MAX_10_EXP.
+ (font_unparse_xlfd): Don't blindly alloca long strings.
Don't assume XINT result fits in int, or that XFLOAT_DATA * 10
- fits in int, when using sprintf. Use single snprintf to count
+ fits in int, when using sprintf. Use single esnprintf to count
length of string rather than counting it via multiple sprintfs;
that's simpler and more reliable.
- (APPEND_SPRINTF): New macro.
(font_unparse_fcname): Use it to avoid sprintf buffer overrun.
(generate_otf_features) [0 && HAVE_LIBOTF]: Use esprintf, not
sprintf, in case result does not fit in int.
* fontset.c (num_auto_fontsets): Now printmax_t, not int.
(fontset_from_font): Print it.
+ * frame.c (tty_frame_count): Now printmax_t, not int.
+ (make_terminal_frame, set_term_frame_name): Print it.
+ (x_report_frame_params): In X, window IDs are unsigned long,
+ not signed long, so print them as unsigned.
+ (validate_x_resource_name): Check for implausibly long names,
+ and don't assume name length fits in 'int'.
+ (x_get_resource_string): Don't blindly alloca invocation name;
+ use SAFE_ALLOCA. Use esprintf, not sprintf, in case result does
+ not fit in int.
+
+ * gtkutil.c: Include <float.h>, for DBL_MAX_10_EXP.
+ (xg_check_special_colors, xg_set_geometry):
+ Make sprintf buffers a bit bigger, to avoid potential buffer overrun.
+
+ * lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA.
+ Use esprintf, not sprintf, in case result does not fit in int.
+
+ * macros.c (executing_kbd_macro_iterations): Now EMACS_INT, not int.
+ (Fend_kbd_macro): Don't mishandle MOST_NEGATIVE_FIXNUM by treating
+ it as a large positive number.
+ (Fexecute_kbd_macro): Don't assume repeat count fits in int.
+ * macros.h (executing_kbd_macro_iterations): Now EMACS_INT, not int.
+
+ * nsterm.m ((NSSize)windowWillResize): Use esprintf, not sprintf,
+ in case result does not fit in int.
+
+ * print.c (float_to_string): Detect width overflow more reliably.
+ (print_object): Make sprintf buffer a bit bigger, to avoid potential
+ buffer overrun. Don't assume list length fits in 'int'. Treat
+ print length of 0 as 0, not as infinity; to be consistent with other
+ uses of print length in this function. Don't overflow print length
+ index. Don't assume hash table size fits in 'long', or that
+ vectorlike size fits in 'unsigned long'.
+
+ * process.c (make_process): Use printmax_t, not int, to format
+ process-name gensyms.
+
+ * term.c (produce_glyphless_glyph): Make sprintf buffer a bit bigger
+ to avoid potential buffer overrun.
+
+ * xfaces.c (x_update_menu_appearance): Don't overrun buffer
+ if X resource line is longer than 512 bytes.
+
+ * xfns.c (x_window): Make sprintf buffer a bit bigger
+ to avoid potential buffer overrun.
+
+ * xterm.c (x_io_error_quitter): Don't overrun sprintf buffer.
+ (x_term_init): Use sprintf, not snprintf, so that we need not
+ worry about ancient hosts that lack snprintf. The buffer cannot
+ possibly be overrun, so this is safe.
+
+ * xterm.h (x_check_errors): Add ATTRIBUTE_FORMAT_PRINTF.
+
+2011-08-30 Chong Yidong <cyd@stupidchicken.com>
+
+ * syntax.c (find_defun_start): Update all cache variables if
+ exiting early (Bug#9401).
+
+2011-08-30 Eli Zaretskii <eliz@gnu.org>
+
+ * image.c (x_bitmap_pixmap): Cast to int to avoid compiler warnings.
+
+ * xdisp.c (produce_stretch_glyph): No longer static, compiled also
+ when HAVE_WINDOW_SYSTEM is not defined. Support both GUI and TTY
+ frames. Call tty_append_glyph in the TTY case. (Bug#9402)
+
+ * term.c (tty_append_glyph): New function.
+ (produce_stretch_glyph): Static function and its prototype deleted.
+
+ * dispextern.h (produce_stretch_glyph, tty_append_glyph): Add
+ prototypes.
+
+2011-08-29 Paul Eggert <eggert@cs.ucla.edu>
+
+ * image.c (parse_image_spec): Check for nonnegative, not for positive,
+ when checking :margin (Bug#9390).
+ (IMAGE_NON_NEGATIVE_INTEGER_VALUE_OR_PAIR):
+ Renamed from IMAGE_POSITIVE_INTEGER_VALUE_OR_PAIR,
+ so that the name doesn't mislead. All uses changed.
+
+2011-08-28 Johan Bockgård <bojohan@gnu.org>
+
+ * term.c (init_tty) [HAVE_GPM]: Move mouse settings after
+ set_tty_hooks.
+
+2011-08-27 Eli Zaretskii <eliz@gnu.org>
+
+ * xdisp.c (move_it_to): Don't bail out early when reaching
+ position beyond to_charpos, if we are scanning backwards.
+ (move_it_vertically_backward): When DY == 0, make sure we get to
+ the first character in the line after the newline.
+
+2011-08-27 Paul Eggert <eggert@cs.ucla.edu>
+
+ * ccl.c: Improve and simplify overflow checking (Bug#9196).
+ (ccl_driver): Do not generate an out-of-range pointer.
+ (Fccl_execute_on_string): Remove unnecessary check for
+ integer overflow, noted by Stefan Monnier in
+ <http://lists.gnu.org/archive/html/emacs-devel/2011-08/msg00979.html>.
+ Remove a FIXME that didn't need fixing.
+ Simplify the newly-introduced buffer reallocation code.
+
+2011-08-27 Juanma Barranquero <lekktu@gmail.com>
+
+ * makefile.w32-in ($(BLD)/alloc.$(O)): Depend on lib/verify.h.
+
2011-08-26 Paul Eggert <eggert@cs.ucla.edu>
Integer and memory overflow issues (Bug#9196).
HCoop / bpt / emacs.git / blobdiff