X-Git-Url: http://git.hcoop.net/bpt/emacs.git/blobdiff_plain/566684ead5a577f6b2506f242494f2fa57eb5a49..2674ddc8af7c6056f3113709c673773e4a3712b7:/src/ChangeLog diff --git a/src/ChangeLog b/src/ChangeLog index 35dab796be..1aafb12e07 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,4 +1,229 @@ -2011-06-14 Paul Eggert +2011-06-21 Paul Eggert + + * xsettings.c (apply_xft_settings): Fix potential buffer overrun. + This is unlikely, but can occur if DPI is outlandish. + + * xsettings.c (Ffont_get_system_normal_font, Ffont_get_system_font): + * xselect.c (Fx_get_atom_name): Avoid need for strlen. + + * xrdb.c: Don't assume strlen fits in int; avoid some strlens. + * xrdb.c (magic_file_p, search_magic_path): + Omit last arg SUFFIX; it was always 0. All callers changed. + (magic_file_p): Use ptrdiff_t, not int. Check for size overflow. + + * xfont.c (xfont_match): Avoid need for strlen. + + * xfns.c: Don't assume strlen fits in int. + (xic_create_fontsetname, x_window): Use ptrdiff_t, not int. + + * xdisp.c (message_log_check_duplicate): Return intmax_t, + not unsigned long, as we prefer signed integers. All callers changed. + Detect integer overflow in repeat count. + (message_dolog): Don't assume print length fits in 39 bytes. + (display_mode_element): Don't assume strlen fits in int. + + * termcap.c: Don't assume sizes fit in int and never overflow. + (struct termcap_buffer, tgetent): Use ptrdiff_t, not int, for sizes. + (gobble_line): Check for size-calculation overflow. + + * minibuf.c (Fread_buffer): + * lread.c (intern, intern_c_string): + * image.c (xpm_scan) [HAVE_NS && !HAVE_XPM]: + Don't assume string length fits in int. + + * keyboard.c (parse_tool_bar_item): + * gtkutil.c (style_changed_cb): Avoid need for strlen. + + * font.c: Don't assume string length fits in int. + (font_parse_xlfd, font_parse_fcname, font_unparse_fcname): + Use ptrdiff_t, not int. + (font_intern_prop): Don't assume string length fits in int. + Don't assume integer property fits in fixnum. + * font.h (font_intern_prop): 2nd arg is now ptrdiff_t, not int. + + * filelock.c: Fix some buffer overrun and integer overflow issues. + (get_boot_time): Don't assume gzip command string fits in 100 bytes. + Reformulate so as not to need the command string. + Invoke gzip -cd rather than gunzip, as it's more portable. + (lock_info_type, lock_file_1, lock_file): + Don't assume pid_t and time_t fit in unsigned long. + (LOCK_PID_MAX): Remove; we now use more-reliable bounds. + (current_lock_owner): Prefer signed type for sizes. + Use memcpy, not strncpy, where memcpy is what is really wanted. + Don't assume (via atoi) that time_t and pid_t fit in int. + Check for time_t and/or pid_t out of range, e.g., via a network share. + Don't alloca where an auto var works fine. + + * fileio.c: Fix some integer overflow issues. + (file_name_as_directory, Fexpand_file_name, Fsubstitute_in_file_name): + Don't assume string length fits in int. + (directory_file_name): Don't assume string length fits in long. + (make_temp_name): Don't assume pid fits in int, or that its print + length is less than 20. + + * data.c (Fsubr_name): Rewrite to avoid a strlen call. + + * coding.c (make_subsidiaries): Don't assume string length fits in int. + + * callproc.c (child_setup): Rewrite to avoid two strlen calls. + + * process.c (Fformat_network_address): Use EMACS_INT, not EMACS_UINT. + We prefer signed integers, even for size calculations. + + * emacs.c: Don't assume string length fits in 'int'. + (DEFINE_DUMMY_FUNCTION, sort_args): Use ptrdiff_t, not int. + (main): Don't invoke strlen when not needed. + + * dbusbind.c (XD_ERROR): Don't arbitrarily truncate string. + (XD_DEBUG_MESSAGE): Don't waste a byte. + + * callproc.c (getenv_internal_1, getenv_internal) + (Fgetenv_internal): + * buffer.c (init_buffer): Don't assume string length fits in 'int'. + + * lread.c (invalid_syntax): Omit length argument. + All uses changed. This doesn't fix a bug, but it simplifies the + code away from its former Hollerith-constant appearance, and it's + one less 'int' to worry about when looking at integer-overflow issues. + (string_to_number): Simplify 2011-04-26 change by invoking xsignal1. + + * lisp.h (DEFUN): Remove bogus use of sizeof (struct Lisp_Subr). + This didn't break anything, but it didn't help either. + It's confusing to put a bogus integer in a place where the actual + value does not matter. + (LIST_END_P): Remove unused macro and its bogus comment. + (make_fixnum_or_float): Remove unnecessary cast to EMACS_INT. + + * lisp.h (union Lisp_Object.i): EMACS_INT, not EMACS_UINT. + This is for consistency with the ordinary, non-USE_LISP_UNION_TYPE, + implementation. + (struct Lisp_Bool_Vector.size): EMACS_INT, not EMACS_UINT. + We prefer signed types, and the value cannot exceed the EMACS_INT + range anyway (because otherwise the length would not be representable). + (XSET) [USE_LISP_UNION_TYPE]: Use uintptr_t and intptr_t, + not EMACS_UINT and EMACS_INT, when converting pointer to integer. + This avoids a GCC warning when WIDE_EMACS_INT. + + * indent.c (sane_tab_width): New function. + (current_column, scan_for_column, Findent_to, position_indentation) + (compute_motion): Use it. This is just for clarity. + (Fcompute_motion): Don't assume hscroll and tab offset fit in int. + + * image.c (xbm_image_p): Don't assume stated width, height fit in int. + + * lisp.h (lint_assume): New macro. + * composite.c (composition_gstring_put_cache): + * ftfont.c (ftfont_shape_by_flt): Use it to pacify GCC 4.6.0. + + * editfns.c, insdel.c: + Omit unnecessary forward decls, to simplify future changes. + + * ftfont.c (ftfont_shape_by_flt): Use signed integers for lengths. + + * font.c (Ffont_shape_gstring): Don't assume glyph len fits in 'int'. + + * fns.c (Ffillarray): Don't assume bool vector size fits in 'int'. + Use much-faster test for byte-length change. + Don't assume string byte-length fits in 'int'. + Check that character arg fits in 'int'. + (mapcar1): Declare byte as byte, for clarity. + + * alloc.c (Fmake_bool_vector): Avoid unnecessary multiplication. + + * fns.c (concat): Catch string overflow earlier. + Do not rely on integer wraparound. + + * dispextern.h (struct it.overlay_strings_charpos) + (struct it.selective): Now EMACS_INT, not int. + * xdisp.c (forward_to_next_line_start) + (back_to_previous_visible_line_start) + (reseat_at_next_visible_line_start, next_element_from_buffer): + Don't arbitrarily truncate the value of 'selective' to int. + + * xdisp.c (init_iterator): Use XINT, not XFASTINT; it might be < 0. + + * composite.c: Don't truncate sizes to 'int'. + (composition_gstring_p, composition_reseat_it) + (composition_adjust_point): Use EMACS_INT, not int. + (get_composition_id, composition_gstring_put_cache): Use EMACS_INT, + not EMACS_UINT, for indexes. + + * category.h (CATEGORY_SET_P): Remove unnecessary cast to EMACS_INT. + + * buffer.c: Include . + (struct sortvec.priority, struct sortstr.priority): + Now EMACS_INT, not int. + (compare_overlays, cmp_for_strings): Avoid subtraction overflow. + (struct sortstr.size, record_overlay_string) + (struct sortstrlist.size, struct sortlist.used): + Don't truncate size to int. + (record_overlay_string): Check for size-calculation overflow. + (init_buffer_once): Check at compile-time, not run-time. + +2011-06-20 Deniz Dogan + + * process.c (Fset_process_buffer): Clarify return value in + docstring. + +2011-06-18 Chong Yidong + + * dispnew.c (add_window_display_history): Use BVAR. + + * xdisp.c (debug_method_add): Use BVAR. + (check_window_end, dump_glyph_matrix, dump_glyph) + (dump_glyph_row, dump_glyph_string): Convert arglist to ANSI C. + + * xfaces.c (check_lface_attrs, check_lface, dump_realized_face): + Likewise. + + * xfns.c (Fx_create_frame, x_create_tip_frame): Delay image cache + check till after the cache is created in init_frame_faces. + +2011-06-17 Stefan Monnier + + * fns.c (Fsafe_length): Yet another int/Lisp_Object mixup. + +2011-06-16 Paul Eggert + + * lisp.h: Include , for INT_MAX, LONG_MAX, LLONG_MAX. + Without this, prin1 mishandles Lisp_Misc_Save_Value printing on + hosts with pre-C99 libraries, because pD is wrongly defined to "t". + + Improve buffer-overflow checking (Bug#8873). + * fileio.c (Finsert_file_contents): + * insdel.c (insert_from_buffer_1, replace_range, replace_range_2): + Remove the old (too-loose) buffer overflow checks. + They weren't needed, since make_gap checks for buffer overflow. + * insdel.c (make_gap_larger): Catch buffer overflows that were missed. + The old code merely checked for Emacs fixnum overflow, and relied + on undefined (wraparound) behavior. The new code avoids undefined + behavior, and also checks for ptrdiff_t and/or size_t overflow. + + * editfns.c (Finsert_char): Don't dump core with very negative counts. + Tune. Don't use wider integers than needed. Don't use alloca. + Use a bigger 'string' buffer. Rewrite to avoid 'n > 0' test. + + * insdel.c (replace_range): Fix buf overflow when insbytes < outgoing. + + * insdel.c, lisp.h (buffer_overflow): New function. + (insert_from_buffer_1, replace_range, replace_range_2): + * insdel.c (make_gap_larger): + * editfns.c (Finsert_char): + * fileio.c (Finsert_file_contents): Use it, to normalize wording. + + * buffer.h (BUF_BYTES_MAX): Cast to ptrdiff_t so that it's signed. + +2011-06-15 Paul Eggert + + Integer overflow and signedness fixes (Bug#8873). + + * ccl.c (ASCENDING_ORDER): New macro, to work around GCC bug 43772. + (GET_CCL_RANGE, IN_INT_RANGE): Use it. + + * fileio.c: Don't assume EMACS_INT fits in off_t. + (emacs_lseek): New static function. + (Finsert_file_contents, Fwrite_region): Use it. + Use SEEK_SET, SEEK_CUR, SEEK_END as appropriate. * fns.c (Fload_average): Don't assume 100 * load average fits in int. @@ -59,8 +284,6 @@ * vm-limit.c (check_memory_limits): Fix incorrect extern function decls. * mem-limits.h (SIZE): Remove; no longer used. -2011-06-13 Paul Eggert - * xterm.c (x_alloc_nearest_color_1): Prefer int to long when int works. Remove unnecessary casts. @@ -240,6 +463,34 @@ * alloc.c (Fmake_string): Check for out-of-range init. +2011-06-15 Stefan Monnier + + * eval.c (Fdefvaralias): Also mark the target as variable-special-p. + +2011-06-14 Jan Djärv + + * xfns.c (x_set_scroll_bar_default_width): Remove argument to + xg_get_default_scrollbar_width. + + * gtkutil.c: Include emacsgtkfixed.h if HAVE_GTK3. + (int_gtk_range_get_value): Move to the scroll bar part of the file. + (style_changed_cb): Call update_theme_scrollbar_width and call + x_set_scroll_bar_default_width and xg_frame_set_char_size for + all frames (Bug#8505). + (xg_create_frame_widgets): Call emacs_fixed_new if HAVE_GTK3 (Bug#8505). + Call gtk_window_set_resizable if HAVE_GTK3. + (x_wm_set_size_hint): Call emacs_fixed_set_min_size with min width + and height if HAVE_GTK3 (Bug#8505). + (scroll_bar_width_for_theme): New variable. + (update_theme_scrollbar_width): New function. + (xg_get_default_scrollbar_width): Move code to + update_theme_scrollbar_width, just return scroll_bar_width_for_theme. + (xg_initialize): Call update_theme_scrollbar_width. + + * gtkutil.h (xg_get_default_scrollbar_width): Remove argument. + + * emacsgtkfixed.c, emacsgtkfixed.h: New files. + 2011-06-12 Martin Rudalics * frame.c (make_frame): Call other_buffer_safely instead of @@ -1279,7 +1530,7 @@ 2011-05-18 Christoph Scholtes * menu.c: Include limits.h (fixes the MS-Windows build broken by - revision 104625). + 2011-06-18T18:49:19Z!cyd@stupidchicken.com). 2011-05-18 Paul Eggert