X-Git-Url: http://git.hcoop.net/bpt/emacs.git/blobdiff_plain/50849c52f8cf342b81c1db12b13f866ec6c049fc..18ab493650d648ab8dca651ea2698861f926e895:/src/ChangeLog diff --git a/src/ChangeLog b/src/ChangeLog index 940beee887..a88e2e8e3c 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,4 +1,295 @@ -2011-07-17 Paul Eggert +2011-07-29 Paul Eggert + + Integer and memory overflow issues. + + * bidi.c (bidi_shelve_header_size): New constant. + (bidi_cache_ensure_space, bidi_shelve_cache): Use it. + (bidi_cache_ensure_space): Avoid integer overflow when allocating. + + * buffer.c (overlays_at, overlays_in, record_overlay_string) + (overlay_strings): + Don't update size of array until after memory allocation succeeds, + because xmalloc/xrealloc may not return. + + * callproc.c (child_setup): Don't assume strlen fits in int. + + * ccl.c (Fccl_execute_on_string): Check for memory overflow. + Use ptrdiff_t rather than EMACS_INT where ptrdiff_t will do. + Redo buffer-overflow calculations to avoid integer overflow. + + * character.c (Fstring): Check for size-calculation overflow. + + * coding.c (produce_chars): Redo buffer-overflow calculations to avoid + unnecessary integer overflow. Check for size overflow. + (encode_coding_object): Don't update size until xmalloc succeeds. + + * composite.c (get_composition_id): Check for overflow in glyph + length calculations. + + Integer and memory overflow fixes for display code. + * dispextern.h (struct glyph_pool.nglyphs): Now ptrdiff_t, not int. + * dispnew.c (adjust_glyph_matrix, realloc_glyph_pool) + (scrolling_window): Check for overflow in size calculations. + (line_draw_cost, realloc_glyph_pool, add_row_entry): + Don't assume glyph table len fits in int. + (struct row_entry.bucket, row_entry_pool_size, row_entry_idx) + (row_table_size): Now ptrdiff_t, not int. + (scrolling_window): Avoid overflow in size calculations. + Don't update size until allocation succeeds. + * fns.c (concat): Check for overflow in size calculations. + (next_almost_prime): Verify NEXT_ALMOST_PRIME_LIMIT. + * lisp.h (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros. + (NEXT_ALMOST_PRIME_LIMIT): New constant. + + * doc.c (get_doc_string_buffer_size): Now ptrdiff_t, not int. + (get_doc_string): Check for size calculation overflow. + Don't update size until allocation succeeds. + (get_doc_string, Fsubstitute_command_keys): Use ptrdiff_t, not + EMACS_INT, where ptrdiff_t will do. + (Fsubstitute_command_keys): Check for string overflow. + + * editfns.c (set_time_zone_rule): Don't assume environment length + fits in int. + (message_length): Now ptrdiff_t, not int. + (Fmessage_box): Don't update size until allocation succeeds. + Don't assume message length fits in int. + (Fformat): Use ptrdiff_t, not EMACS_INT, where ptrdiff_t will do. + + * emacs.c (main, sort_args): Check for size-calculation overflow. + + * eval.c (init_eval_once, grow_specpdl): Don't update size until + alloc succeeds. + (call_debugger, grow_specpdl): Redo calculations to avoid overflow. + + * frame.c (set_menu_bar_lines, x_set_frame_parameters) + (x_set_scroll_bar_width, x_figure_window_size): + Check for integer overflow. + (x_set_alpha): Do not assume XINT fits in int. + + * frame.h (struct frame): Use int, not EMACS_INT, where int works. + This is for the members text_lines, text_cols, total_lines, total_cols, + where the system imposes an 'int' limit. + + * fringe.c (Fdefine_fringe_bitmap): + Don't update size until alloc works. + + * ftfont.c (ftfont_get_open_type_spec, setup_otf_gstring) + (ftfont_shape_by_flt): Check for integer overflow in size calculations. + + * gtkutil.c (get_utf8_string, xg_store_widget_in_map): + Check for size-calculation overflow. + (get_utf8_string): Use ptrdiff_t, not size_t, where either will + do, as we prefer signed integers. + (id_to_widget.max_size, id_to_widget.used) + (xg_store_widget_in_map, xg_remove_widget_from_map) + (xg_get_widget_from_map, xg_get_scroll_id_for_window) + (xg_remove_scroll_bar, xg_update_scrollbar_pos): + Use and return ptrdiff_t, not int. + (xg_gtk_scroll_destroy): Don't assume ptrdiff_t fits in int. + * gtkutil.h: Change prototypes to match the above. + + * image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): Remove; these + are duplicate now that they've been promoted to lisp.h. + (x_allocate_bitmap_record, x_alloc_image_color) + (make_image_cache, cache_image, xpm_load): + Don't update size until alloc is done. + (xpm_load, lookup_rgb_color, lookup_pixel_color, x_to_xcolors) + (x_detect_edges): + Check for size calculation overflow. + (ct_colors_allocated_max): New constant. + (x_to_xcolors, x_detect_edges): Reorder multiplicands to avoid + overflow. + + * keyboard.c (read_char, menu_bar_items, tool_bar_items) + (read_char_x_menu_prompt, read_char_minibuf_menu_width) + (read_char_minibuf_menu_prompt, follow_key, read_key_sequence): + Use ptrdiff_t, not int, to count maps. + (read_char_minibuf_menu_prompt): Check for overflow in size + calculations. Don't update size until allocation succeeds. Redo + calculations to avoid overflow. + * keyboard.h: Change prototypes to match the above. + + * keymap.c (cmm_size, current_minor_maps): Use ptrdiff_t, not int, + to count maps. + (current_minor_maps): Check for size calculation overflow. + * keymap.h: Change prototypes to match the above. + + * lread.c (read1, init_obarray): Don't update size until alloc done. + + * macros.c (Fstart_kbd_macro): Don't update size until alloc done. + (store_kbd_macro_char): Reorder multiplicands to avoid overflow. + + * minibuf.c (read_minibuf_noninteractive): Don't leak memory + on memory overflow. + + * nsterm.h (struct ns_color_table.size, struct ns_color_table.avail): + Now ptrdiff_t, not int. + * nsterm.m (ns_index_color): Use ptrdiff_t, not int, for table indexes. + (ns_draw_fringe_bitmap): Rewrite to avoid overflow. + + * process.c (Fnetwork_interface_list): Check for overflow + in size calculation. + + * region-cache.c (move_cache_gap): Check for size calculation overflow. + + * scroll.c (do_line_insertion_deletion_costs): Check for size calc + overflow. Don't bother calling xmalloc when xrealloc will do. + + * search.c (Freplace_match): Check for size calculation overflow. + (Fset_match_data): Don't assume list lengths fit in 'int'. + + * sysdep.c (system_process_attributes): Use ptrdiff_t, not int, + for command line length. Do not attempt to address one before the + beginning of an array, as that's not portable. + + * term.c (max_frame_lines): Remove; unused. + (encode_terminal_src_size, encode_terminal_dst_size): Now ptrdiff_t, + not int. + (encode_terminal_code, calculate_costs): Check for size + calculation overflow. + (encode_terminal_code): Use ptrdiff_t, not int, to record glyph + table lengths and related sizes. Don't update size until alloc + done. Redo calculations to avoid overflow. + (calculate_costs): Don't bother calling xmalloc when xrealloc will do. + + * termcap.c (tgetent): Use ptrdiff_t, not int, to record results of + subtracting pointers. + (gobble_line): Check for overflow more carefully. Don't update size + until alloc done. + + * tparam.c (tparam1): Use ptrdiff_t, not int, for sizes. + Don't update size until alloc done. + Redo size calculations to avoid overflow. + Check for size calculation overflow. + + * xdisp.c (store_mode_line_noprop_char, x_consider_frame_title): + Use ptrdiff_t, not int, for sizes. + (store_mode_line_noprop_char): Don't update size until alloc done. + + * xfaces.c (Finternal_make_lisp_face): Use ptrdiff_t, not int, for + sizes. Check for size calculation overflow. + (cache_face): Do not overflow in size calculation. + + * xfns.c (x_encode_text, x_set_name_internal) + (Fx_change_window_property): Use ptrdiff_t, not int, to count + sizes, since they can exceed INT_MAX in size. Check for size + calculation overflow. + + * xgselect.c (xg_select): Check for size calculation overflow. + Don't update size until alloc done. + + * xrdb.c (magic_file_p): Plug memory leak on size overflow. + (get_environ_db): Don't assume path length fits in int, + as sprintf is limited to int lengths. + + * xselect.c (X_LONG_SIZE, X_USHRT_MAX, X_ULONG_MAX): New macros. + Use them to make the following changes clearer. + (MAX_SELECTION_QUANTUM): Make the other bounds on this value clearer. + This change doesn't affect the value now, but it may help remind + future maintainers not to raise the value too much later. + (SELECTION_QUANTUM): Remove, replacing with ... + (selection_quantum): ... new function, which avoids overflow. + All uses changed. + (struct selection_data.size): Now ptrdiff_t, not int, to avoid + assumption that selection length fits in 'int'. + (x_reply_selection_request, x_handle_selection_request) + (x_get_window_property, receive_incremental_selection) + (x_get_window_property_as_lisp_data, selection_data_to_lisp_data) + (lisp_data_to_selection_data, clean_local_selection_data): + Use ptrdiff_t, not int, to record length of selection. + (x_reply_selection_request, x_get_window_property) + (receive_incremental_selection, x_property_data_to_lisp): + Redo calculations to avoid overflow. + (x_reply_selection_request): When sending hint, ceiling it at + X_ULONG_MAX rather than relying on wraparound overflow to send + something. + (x_get_window_property, receive_incremental_selection) + (lisp_data_to_selection_data, x_property_data_to_lisp): + Check for size-calculation overflow. + (x_get_window_property, receive_incremental_selection) + (lisp_data_to_selection_data, Fx_register_dnd_atom): + Don't store size until memory allocation succeeds. + (x_get_window_property): Plug memory leak on memory exhaustion. + Don't double-block input; malloc is safe here. Don't assume 2**34 + - 4 fits in unsigned long. Add an xassert to check + XGetWindowProperty overflow. Be more careful about overflow + calculations, and distinguish size from memory overflow better. + (receive_incremental_selection): When tracing, don't assume + unsigned int is less than INT_MAX. + (x_selection_data_to_lisp_data): Remove unnecessary (and in theory + harmful) conversions of unsigned short to int. + (lisp_data_to_selection_data): Don't assume that integers + in the range -65535 through -1 fit in an X unsigned short. + Don't assume that ULONG_MAX == X_ULONG_MAX. Don't store into + result parameters unless successful. Rely on cons_to_unsigned + to report problems with elements; the old code wasn't right anyway. + (x_check_property_data): Check for int overflow; we cannot use + a wider type due to X limits. + (x_handle_dnd_message): Use unsigned int, to avoid int overflow. + + * xsmfns.c (smc_save_yourself_CB): Check for size calc overflow. + + * xterm.c (x_color_cells, handle_one_xevent, x_term_init): + Check for size calculation overflow. + (x_color_cells): Don't store size until memory allocation succeeds. + (handle_one_xevent): Use ptrdiff_t, not int, for byte counts. + (x_term_init): Don't assume length fits in int (sprintf is limited + to int size). + + Use ptrdiff_t for composition IDs. + * character.c (lisp_string_width): + * composite.c (composition_table_size, n_compositions) + (get_composition_id, composition_gstring_from_id): + * dispextern.h (struct glyph_string.cmp_id, struct composition_it.id): + * xdisp.c (BUILD_COMPOSITE_GLYPH_STRING): + * window.c (Frecenter): + Use ptrdiff_t, not int, for composition IDs. + * composite.c (get_composition_id): Check for integer overflow. + * composite.h: Adjust prototypes to match the above changes. + + Use ptrdiff_t for hash table indexes. + * category.c (hash_get_category_set): + * ccl.c (ccl_driver): + * charset.h (struct charset.hash_index, CHECK_CHARSET_GET_ID): + * coding.c (coding_system_charset_list, detect_coding_system): + * coding.h (struct coding_system.id): + * composite.c (get_composition_id, gstring_lookup_cache): + * fns.c (hash_lookup, hash_put, Fgethash, Fputhash): + * image.c (xpm_get_color_table_h): + * lisp.h (hash_lookup, hash_put): + * minibuf.c (Ftest_completion): + Use ptrdiff_t for hash table indexes, not int (which is too + narrow, on 64-bit hosts) or EMACS_INT (which is too wide, on + 32-bit --with-wide-int hosts). + + * charset.c (Fdefine_charset_internal): Check for integer overflow. + Add a FIXME comment about memory leaks. + (syms_of_charset): Don't assume xmalloc returns. + + Don't assume that stated character widths fit in int. + * character.c (Fchar_width, c_string_width, lisp_string_width): + * character.h (CHAR_WIDTH): + * indent.c (MULTIBYTE_BYTES_WIDTH): + Use sanitize_char_width to avoid undefined and/or bad behavior + with outlandish widths. + * character.h (sanitize_tab_width): Renamed from sanitize_width, + now that we have two such functions. All uses changed. + (sanitize_char_width): New inline function. + + Don't assume that tab-width fits in int. + * character.h (sanitize_width): New inline function. + (SANE_TAB_WIDTH): New macro. + (ASCII_CHAR_WIDTH): Use it. + * indent.c (sane_tab_width): Remove. All uses replaced by + SANE_TAB_WIDTH (current_buffer). + * xdisp.c (init_iterator): Use SANE_TAB_WIDTH. + + * fileio.c: Integer overflow issues with file modes. + (Fset_file_modes, auto_save_1): Don't assume EMACS_INT fits in int. + + * charset.c (read_hex): New arg OVERFLOW. All uses changed. + Remove unreachable code. + (read_hex, load_charset_map_from_file): Check for integer overflow. * xterm.c: don't go over XClientMessageEvent limit (scroll_bar_windows_size): Now ptrdiff_t, as we prefer signed. @@ -62,7 +353,78 @@ (gs_load): Use printmax_t to print the widest integers possible. Check for integer overflow when computing image height and width. -2011-07-17 Paul Eggert +2011-07-28 Andreas Schwab + + * print.c (print_object): Print empty symbol as ##. + + * lread.c (read1): Read ## as empty symbol. + +2011-07-28 Alp Aker + + * nsfns.m (x_set_foreground_color): Set f->foreground_pixel when + setting frame foreground color (Bug#9175). + (x_set_background_color): Likewise. + + * nsmenu.m (-setText): Size tooltip dimensions precisely to + contents (Bug#9176). + (EmacsTooltip -init): Remove bezels and add shadows to + tooltip windows. + + * nsterm.m (ns_dumpglyphs_stretch): Avoid overwriting left fringe + or scroll bar (Bug#8470). + + * nsfont.m (nsfont_open): Remove assignment to voffset and + unnecessary vars hshink, expand, hd, full_height, min_height. + (nsfont_draw): Use s->ybase as baseline for glyph drawing (Bug#8913). + + * nsterm.h (nsfont_info): Remove voffset field. + +2011-07-28 Alp Aker + + Implement strike-through and overline on NextStep (Bug#8863). + + * nsfont.m (nsfont_open): Use underline position provided by font, + instead of hard-coded value of 2. + (nsfont_draw): Call ns_draw_text_decoration instead. + + * nsterm.h: Add declaration for ns_draw_text_decoration. + + * nsterm.m (ns_draw_text_decoration): New function for drawing + underline, overline, and strike-through. + (ns_dumpglyphs_image, ns_dumpglyphs_stretch): Add call to + ns_draw_text_decoration. Change treatment of cursor drawing to + accomodate underlining, etc. + +2011-07-28 Eli Zaretskii + + * buffer.c (init_buffer_once): Set bidi-display-reordering to t by + default. + +2011-07-28 Paul Eggert + + * alloc.c (memory_full) [!SYNC_INPUT]: Fix signal-related race. + Without this fix, if a signal arrives just after memory fills up, + 'malloc' might be invoked reentrantly. + + * image.c (x_check_image_size) [!HAVE_X_WINDOWS]: Return 1. + In other words, assume that every image size is allowed, on non-X + hosts. This assumption is probably wrong, but it lets Emacs compile. + +2011-07-28 Andreas Schwab + + * regex.c (re_iswctype): Convert return values to boolean. + +2011-07-28 Eli Zaretskii + + * xdisp.c (compute_display_string_pos): Don't use cached display + string position if the buffer had its restriction changed. + (Bug#9184) + +2011-07-28 Paul Eggert + + * callproc.c (Fcall_process): Use 'volatile' to avoid vfork clobbering. + +2011-07-28 Paul Eggert Integer signedness and overflow and related fixes. (Bug#9079) @@ -261,6 +623,149 @@ Use EMACS_INT, not EMACS_UINT, for sizes. The code works equally well either way, and we prefer signed to unsigned. +2011-07-27 Lars Magne Ingebrigtsen + + * gnutls.c (emacs_gnutls_read): Don't message anything if the peer + closes the connection while we're reading (bug#9182). + +2011-07-25 Jan Djärv + + * nsmenu.m (ns_popup_dialog): Add an "ok" button if no buttons + are specified (Bug#9168). + +2011-07-25 Paul Eggert + + * bidi.c (bidi_dump_cached_states): Fix printf format mismatch. + Found by GCC static checking and --with-wide-int on a 32-bit host. + +2011-07-25 Eli Zaretskii + + * xdisp.c (compute_display_string_pos): Fix logic of caching + previous display string position. Initialize cached_prev_pos to + -1. Fixes slow-down at the beginning of a buffer. + +2011-07-24 Eli Zaretskii + + * xfaces.c (check_lface_attrs) [HAVE_WINDOW_SYSTEM]: Allow `nil' + for attrs[LFACE_FONTSET_INDEX]. + +2011-07-23 Paul Eggert + + * xml.c (parse_region): Remove unused local + that was recently introduced. + +2011-07-23 Eli Zaretskii + + * xfns.c (unwind_create_frame) [GLYPH_DEBUG]: Adapt to changes in + 2008-02-22T17:42:09Z!monnier@iro.umontreal.ca. + + * xdisp.c (move_it_in_display_line_to): Record the best matching + position for TO_CHARPOS while scanning the line, and restore it on + exit if none of the characters scanned was an exact match. Fixes + vertical-motion and pos-visible-in-window-p under bidi redisplay + when exact match is impossible due to invisible text, and the + lines are truncated. + +2011-07-23 Jan Djärv + + * nsterm.m (initFrameFromEmacs): Set NSTitledWindowMask in styleMask + for OSX >= 10.7. + +2011-07-22 Eli Zaretskii + + Fix a significant slow-down of cursor motion with C-n, C-p, + C-f/C-b, and C-v/M-v that couldn't keep up with keyboard + auto-repeat under bidi redisplay in fontified buffers. + * xdisp.c (compute_stop_pos_backwards): New function. + (next_element_from_buffer): Call compute_stop_pos_backwards to + find a suitable prev_stop when we find ourselves before + base_level_stop. + (reseat): Don't look for prev_stop, as that could mean a very long + run. + + : Cache for last found display string + position. + (compute_display_string_pos): Return the cached position if asked + about the same buffer in the same area of character positions, and + the buffer wasn't changed since the time the display string + position was cached. + +2011-07-22 Eli Zaretskii + + * xdisp.c (rows_from_pos_range): Don't ignore glyphs whose object + is an integer, which is important for empty lines. (Bug#9149) + +2011-07-22 Chong Yidong + + * frame.c (Fmodify_frame_parameters): In tty case, update the + default face if necessary (Bug#4238). + +2011-07-21 Chong Yidong + + * editfns.c (Fstring_to_char): No need to explain what a character + is in the docstring (Bug#6576). + +2011-07-20 Lars Magne Ingebrigtsen + + * xml.c (parse_region): Make sure we always return a tree. + +2011-07-20 HAMANO Kiyoto + + * xml.c (parse_region): If a document contains only comments, + return that, too. + +2011-07-20 Lars Magne Ingebrigtsen + + * xml.c (make_dom): Return comments, too. + +2011-07-19 Paul Eggert + + Port to OpenBSD. + See http://lists.gnu.org/archive/html/emacs-devel/2011-07/msg00688.html + and the surrounding thread. + * minibuf.c (read_minibuf_noninteractive): Rewrite to use getchar + rather than fgets, and retry after EINTR. Otherwise, 'emacs + --batch -f byte-compile-file' fails on OpenBSD if an inactivity + timer goes off. + * s/openbsd.h (BROKEN_SIGIO): Define. + * unexelf.c (unexec) [__OpenBSD__]: + Don't update the .mdebug section of the Alpha COFF symbol table. + +2011-07-19 Lars Magne Ingebrigtsen + + * lread.c (syms_of_lread): Clarify when `lexical-binding' is used + (bug#8460). + +2011-07-18 Paul Eggert + + * fileio.c (Fcopy_file) [!MSDOS]: Tighten created file's mask. + This fixes some race conditions on the permissions of any newly + created file. + + * alloc.c (valid_pointer_p): Use pipe, not open. + This fixes some permissions issues when debugging. + + * fileio.c (Fcopy_file): Adjust mode if fchown fails. (Bug#9002) + If fchown fails to set both uid and gid, try to set just gid, + as that is sometimes allowed. Adjust the file's mode to eliminate + setuid or setgid bits that are inappropriate if fchown fails. + +2011-07-18 Stefan Monnier + + * xdisp.c (next_element_from_string, next_element_from_buffer): Use EQ + to compare Lisp_Objects. + * gnutls.c (syms_of_gnutls): Rename Vgnutls_log_level to + global_gnutls_log_level, don't mistake it for a Lisp_Object. + (init_gnutls_functions, emacs_gnutls_handle_error): Fix up uses. + +2011-07-17 Andreas Schwab + + * lread.c (read_integer): Unread even EOF character. + (read1): Likewise. Properly record start position of symbol. + + * lread.c (read1): Read `#:' as empty uninterned symbol if no + symbol character follows. + 2011-07-17 Paul Eggert * fileio.c (Fcopy_file): Pacify gcc re fchown. (Bug#9002)