-2011-07-14 Paul Eggert <eggert@cs.ucla.edu>
+2011-07-28 Paul Eggert <eggert@cs.ucla.edu>
+
+ * doc.c: Integer and memory overflow fixes.
+ (get_doc_string_buffer_size): Now ptrdiff_t, not int.
+ (get_doc_string): Check for size calculation overflow.
+ Don't update size until allocation succeeds.
+ (get_doc_string, Fsubstitute_command_keys): Use ptrdiff_t, not
+ EMACS_INT, where ptrdiff_t will do.
+ (Fsubstitute_command_keys): Check for string overflow.
+
+ Integer and memory overflow fixes for display code.
+ * dispextern.h (struct glyph_pool.nglyphs): Now ptrdiff_t, not int.
+ * dispnew.c (adjust_glyph_matrix, realloc_glyph_pool, scrolling_window):
+ Check for overflow in size calculations.
+ (line_draw_cost, realloc_glyph_pool, add_row_entry):
+ Don't assume glyph table len fits in int.
+ (struct row_entry.bucket, row_entry_pool_size, row_entry_idx)
+ (row_table_size): Now ptrdiff_t, not int.
+ (scrolling_window): Avoid overflow in size calculations.
+ Don't update size until allocation succeeds.
+ * fns.c (concat): Check for overflow in size calculations.
+ (next_almost_prime): Verify NEXT_ALMOST_PRIME_LIMIT.
+ * lisp.h (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros.
+ (NEXT_ALMOST_PRIME_LIMIT): New constant.
+
+ * composite.c: Integer overflow fixes.
+ (get_composition_id): Check for overflow in glyph length calculations.
+
+ * coding.c: Integer and memory overflow fixes.
+ (produce_chars): Redo buffer-overflow calculations to avoid
+ unnecessary integer overflow. Check for size overflow.
+ (encode_coding_object): Don't update size until xmalloc succeeds.
+
+ * character.c (Fstring): Check for size-calculation overflow.
+
+ * ccl.c: Integer and memory overflow fixes.
+ (Fccl_execute_on_string): Check for memory overflow.
+ Use ptrdiff_t rather than EMACS_INT where ptrdiff_t will do.
+ Redo buffer-overflow calculations to avoid integer overflow.
+
+ * callproc.c (child_setup): Don't assume strlen fits in int.
+
+ * buffer.c: Memory overflow fixes.
+ (overlays_at, overlays_in, record_overlay_string, overlay_strings):
+ Don't update size of array until after memory allocation succeeds,
+ because xmalloc/xrealloc may not return.
+
+ * bidi.c: Integer overflow fix.
+ (bidi_shelve_header_size): New constant.
+ (bidi_cache_ensure_space, bidi_shelve_cache): Use it.
+ (bidi_cache_ensure_space): Avoid integer overflow when allocating.
+
+2011-07-19 Paul Eggert <eggert@cs.ucla.edu>
+
+ Use ptrdiff_t for composition IDs.
+ * character.c (lisp_string_width):
+ * composite.c (composition_table_size, n_compositions)
+ (get_composition_id, composition_gstring_from_id):
+ * dispextern.h (struct glyph_string.cmp_id, struct composition_it.id):
+ * xdisp.c (BUILD_COMPOSITE_GLYPH_STRING):
+ * window.c (Frecenter):
+ Use ptrdiff_t, not int, for composition IDs.
+ * composite.c (get_composition_id): Check for integer overflow.
+ * composite.h: Adjust prototypes to match the above changes.
+
+ Use ptrdiff_t for hash table indexes.
+ * category.c (hash_get_category_set):
+ * ccl.c (ccl_driver):
+ * charset.h (struct charset.hash_index, CHECK_CHARSET_GET_ID):
+ * coding.c (coding_system_charset_list, detect_coding_system):
+ * coding.h (struct coding_system.id):
+ * composite.c (get_composition_id, gstring_lookup_cache):
+ * fns.c (hash_lookup, hash_put, Fgethash, Fputhash):
+ * image.c (xpm_get_color_table_h):
+ * lisp.h (hash_lookup, hash_put):
+ * minibuf.c (Ftest_completion):
+ Use ptrdiff_t for hash table indexes, not int (which is too
+ narrow, on 64-bit hosts) or EMACS_INT (which is too wide, on
+ 32-bit --with-wide-int hosts).
+
+ * charset.c (Fdefine_charset_internal): Check for integer overflow.
+ Add a FIXME comment about memory leaks.
+ (syms_of_charset): Don't assume xmalloc returns.
+
+ Don't assume that stated character widths fit in int.
+ * character.c (Fchar_width, c_string_width, lisp_string_width):
+ * character.h (CHAR_WIDTH):
+ * indent.c (MULTIBYTE_BYTES_WIDTH):
+ Use sanitize_char_width to avoid undefined and/or bad behavior
+ with outlandish widths.
+ * character.h (sanitize_tab_width): Renamed from sanitize_width,
+ now that we have two such functions. All uses changed.
+ (sanitize_char_width): New inline function.
+
+ Don't assume that tab-width fits in int.
+ * character.h (sanitize_width): New inline function.
+ (SANE_TAB_WIDTH): New macro.
+ (ASCII_CHAR_WIDTH): Use it.
+ * indent.c (sane_tab_width): Remove. All uses replaced by
+ SANE_TAB_WIDTH (current_buffer).
+ * xdisp.c (init_iterator): Use SANE_TAB_WIDTH.
+
+ * fileio.c: Integer overflow issues with file modes.
+ (Fset_file_modes, auto_save_1): Don't assume EMACS_INT fits in int.
+
+ * charset.c (read_hex): New arg OVERFLOW. All uses changed.
+ Remove unreachable code.
+ (read_hex, load_charset_map_from_file): Check for integer overflow.
+
+ * xterm.c: don't go over XClientMessageEvent limit
+ (scroll_bar_windows_size): Now ptrdiff_t, as we prefer signed.
+ (x_send_scroll_bar_event): Likewise. Check that the size does not
+ exceed limits imposed by XClientMessageEvent, as well as the usual
+ ptrdiff_t and size_t limits.
+
+ * keyboard.c: Overflow, signedness and related fixes.
+ (make_lispy_movement): Use same integer type in forward decl
+ that is used in the definition.
+ (read_key_sequence, keyremap_step):
+ Change bufsize argument back to int, undoing my 2011-03-30 change.
+ We prefer signed types, and int is wide enough here.
+ (parse_tool_bar_item): Don't assume tool_bar_max_label_size is less
+ than TYPE_MAXIMUM (EMACS_INT) / 2. Don't let the label size grow
+ larger than STRING_BYTES_BOUND. Use ptrdiff_t for Emacs string
+ length, not size_t. Use ptrdiff_t for index, not int.
+ (keyremap_step, read_key_sequence): Redo bufsize check to avoid
+ possibility of integer overflow.
+
+ Overflow, signedness and related fixes for images.
+
+ * dispextern.h (struct it.stack[0].u.image.image_id)
+ (struct_it.image_id, struct image.id, struct image_cache.size)
+ (struct image_cache.used, struct image_cache.ref_count):
+ * gtkutil.c (update_frame_tool_bar):
+ * image.c (x_reference_bitmap, Fimage_size, Fimage_mask_p)
+ (Fimage_metadata, free_image_cache, clear_image_cache, lookup_image)
+ (cache_image, mark_image_cache, x_kill_gs_process, Flookup_image):
+ * nsmenu.m (update_frame_tool_bar):
+ * xdisp.c (calc_pixel_width_or_height):
+ * xfns.c (image_cache_refcount):
+ Image IDs are now ptrdiff_t, not int, to avoid arbitrary limits
+ on typical 64-bit hosts.
+
+ * image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros.
+ (x_bitmap_pixmap, x_create_x_image_and_pixmap):
+ Omit unnecessary casts to int.
+ (parse_image_spec): Check that integers fall into 'int' range
+ when the callers expect that.
+ (image_ascent): Redo ascent calculation to avoid int overflow.
+ (clear_image_cache): Avoid overflow when sqrt (INT_MAX) < nimages.
+ (lookup_image): Remove unnecessary tests.
+ (xbm_image_p): Locals are now of int, not EMACS_INT,
+ since parse_image_check makes sure they fit into int.
+ (png_load, gif_load, svg_load_image):
+ Prefer int to unsigned where either will do.
+ (tiff_handler): New function, combining the cores of the
+ old tiff_error_handler and tiff_warning_handler. This
+ function is rewritten to use vsnprintf and thereby avoid
+ stack buffer overflows. It uses only the features of vsnprintf
+ that are common to both POSIX and native Microsoft.
+ (tiff_error_handler, tiff_warning_handler): Use it.
+ (tiff_load, gif_load, imagemagick_load_image):
+ Don't assume :index value fits in 'int'.
+ (gif_load): Omit unnecessary cast to double, and avoid double-rounding.
+ (imagemagick_load_image): Check that crop parameters fit into
+ the integer types that MagickCropImage accepts. Don't assume
+ Vimagemagick_render_type has a nonnegative value. Don't assume
+ size_t fits in 'long'.
+ (gs_load): Use printmax_t to print the widest integers possible.
+ Check for integer overflow when computing image height and width.
+
+2011-07-19 Paul Eggert <eggert@cs.ucla.edu>
Integer signedness and overflow and related fixes. (Bug#9079)
Use EMACS_INT, not EMACS_UINT, for sizes. The code works equally
well either way, and we prefer signed to unsigned.
+2011-07-19 Paul Eggert <eggert@cs.ucla.edu>
+
+ Port to OpenBSD.
+ See http://lists.gnu.org/archive/html/emacs-devel/2011-07/msg00688.html
+ and the surrounding thread.
+ * minibuf.c (read_minibuf_noninteractive): Rewrite to use getchar
+ rather than fgets, and retry after EINTR. Otherwise, 'emacs
+ --batch -f byte-compile-file' fails on OpenBSD if an inactivity
+ timer goes off.
+ * s/openbsd.h (BROKEN_SIGIO): Define.
+ * unexelf.c (unexec) [__OpenBSD__]:
+ Don't update the .mdebug section of the Alpha COFF symbol table.
+
+2011-07-19 Lars Magne Ingebrigtsen <larsi@gnus.org>
+
+ * lread.c (syms_of_lread): Clarify when `lexical-binding' is used
+ (bug#8460).
+
+2011-07-18 Paul Eggert <eggert@cs.ucla.edu>
+
+ * fileio.c (Fcopy_file) [!MSDOS]: Tighten created file's mask.
+ This fixes some race conditions on the permissions of any newly
+ created file.
+
+ * alloc.c (valid_pointer_p): Use pipe, not open.
+ This fixes some permissions issues when debugging.
+
+ * fileio.c (Fcopy_file): Adjust mode if fchown fails. (Bug#9002)
+ If fchown fails to set both uid and gid, try to set just gid,
+ as that is sometimes allowed. Adjust the file's mode to eliminate
+ setuid or setgid bits that are inappropriate if fchown fails.
+
+2011-07-18 Stefan Monnier <monnier@iro.umontreal.ca>
+
+ * xdisp.c (next_element_from_string, next_element_from_buffer): Use EQ
+ to compare Lisp_Objects.
+ * gnutls.c (syms_of_gnutls): Rename Vgnutls_log_level to
+ global_gnutls_log_level, don't mistake it for a Lisp_Object.
+ (init_gnutls_functions, emacs_gnutls_handle_error): Fix up uses.
+
+2011-07-17 Andreas Schwab <schwab@linux-m68k.org>
+
+ * lread.c (read_integer): Unread even EOF character.
+ (read1): Likewise. Properly record start position of symbol.
+
+ * lread.c (read1): Read `#:' as empty uninterned symbol if no
+ symbol character follows.
+
+2011-07-17 Paul Eggert <eggert@cs.ucla.edu>
+
+ * fileio.c (Fcopy_file): Pacify gcc re fchown. (Bug#9002)
+ This works around a problem with the previous change to Fcopy_file.
+ Recent glibc declares fchown with __attribute__((warn_unused_result)),
+ and without this change, GCC might complain about discarding
+ fchown's return value.
+
+2011-07-16 Juanma Barranquero <lekktu@gmail.com>
+
+ * makefile.w32-in (GLOBAL_SOURCES): Add gnutls.c (followup to bug#9059).
+
+2011-07-16 Paul Eggert <eggert@cs.ucla.edu>
+
+ * fileio.c (Fcopy_file): Don't diagnose fchown failures. (Bug#9002)
+
+2011-07-16 Lars Magne Ingebrigtsen <larsi@gnus.org>
+
+ * gnutls.c (syms_of_gnutls): Define `gnutls-log-level' here, since
+ it's used from the C level.
+
+ * process.c: Use the same condition for POLL_FOR_INPUT in both
+ keyboard.c and process.c (bug#1858).
+
+2011-07-09 Lawrence Mitchell <wence@gmx.li>
+
+ * gnutls.c (Qgnutls_bootprop_min_prime_bits): New variable.
+ (Fgnutls_boot): Use it.
+
+2011-07-15 Andreas Schwab <schwab@linux-m68k.org>
+
+ * doc.c (Fsubstitute_command_keys): Revert last change.
+
+2011-07-15 Lars Magne Ingebrigtsen <larsi@gnus.org>
+
+ * doc.c (Fsubstitute_command_keys): Clarify that \= really only
+ quotes the next character, and doesn't affect other longer
+ sequences (bug#8935).
+
+ * lread.c (syms_of_lread): Clarify that is isn't only
+ `eval-buffer' and `eval-defun' that's affected by
+ `lexical-binding' (bug#8460).
+
+2011-07-15 Eli Zaretskii <eliz@gnu.org>
+
+ * xdisp.c (move_it_in_display_line_to): Fix vertical motion with
+ bidi redisplay when a line includes both an image and is
+ truncated.
+
2011-07-14 Paul Eggert <eggert@cs.ucla.edu>
Fix minor problems found by static checking.
2011-07-14 Lars Magne Ingebrigtsen <larsi@gnus.org>
- * data.c (Fcdr, Fcar): Revert the last change, since it didn't
- really clarify much.
-
* search.c (Fre_search_backward): Mention `case-fold-search' in
all the re_search_* functions (bug#8138).
HCoop / bpt / emacs.git / blobdiff