- 2011-07-16 Paul Eggert <eggert@cs.ucla.edu>
++2011-07-17 Paul Eggert <eggert@cs.ucla.edu>
+
+ Overflow, signedness and related fixes for images.
+
+ * dispextern.h (struct it.stack[0].u.image.image_id)
+ (struct_it.image_id, struct image.id, struct image_cache.size)
+ (struct image_cache.used, struct image_cache.ref_count):
+ * gtkutil.c (update_frame_tool_bar):
+ * image.c (x_reference_bitmap, Fimage_size, Fimage_mask_p)
+ (Fimage_metadata, free_image_cache, clear_image_cache, lookup_image)
+ (cache_image, mark_image_cache, x_kill_gs_process, Flookup_image):
+ * nsmenu.m (update_frame_tool_bar):
+ * xdisp.c (calc_pixel_width_or_height):
+ * xfns.c (image_cache_refcount):
+ Image IDs are now ptrdiff_t, not int, to avoid arbitrary limits
+ on typical 64-bit hosts.
+
+ * image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros.
+ (x_bitmap_pixmap, x_create_x_image_and_pixmap):
+ Omit unnecessary casts to int.
+ (parse_image_spec): Check that integers fall into 'int' range
+ when the callers expect that.
+ (image_ascent): Redo ascent calculation to avoid int overflow.
+ (clear_image_cache): Avoid overflow when sqrt (INT_MAX) < nimages.
+ (lookup_image): Remove unnecessary tests.
+ (xbm_image_p): Locals are now of int, not EMACS_INT,
+ since parse_image_check makes sure they fit into int.
+ (png_load, gif_load, svg_load_image):
+ Prefer int to unsigned where either will do.
+ (tiff_handler): New function, combining the cores of the
+ old tiff_error_handler and tiff_warning_handler. This
+ function is rewritten to use vsnprintf and thereby avoid
+ stack buffer overflows. It uses only the features of vsnprintf
+ that are common to both POSIX and native Microsoft.
+ (tiff_error_handler, tiff_warning_handler): Use it.
+ (tiff_load, gif_load, imagemagick_load_image):
+ Don't assume :index value fits in 'int'.
+ (gif_load): Omit unnecessary cast to double, and avoid double-rounding.
+ (imagemagick_load_image): Check that crop parameters fit into
+ the integer types that MagickCropImage accepts. Don't assume
+ Vimagemagick_render_type has a nonnegative value. Don't assume
+ size_t fits in 'long'.
+ (gs_load): Use printmax_t to print the widest integers possible.
+ Check for integer overflow when computing image height and width.
+
- 2011-07-14 Paul Eggert <eggert@cs.ucla.edu>
+ 2011-07-17 Paul Eggert <eggert@cs.ucla.edu>
Integer signedness and overflow and related fixes. (Bug#9079)
Don't set bidi_cache_size until after xrealloc returns, because it
might not return.
(bidi_dump_cached_states): Use ptrdiff_t, not int, to avoid overflow.
+ (bidi_cache_ensure_space): Also check that the bidi cache size
+ does not exceed that of the largest Lisp string or buffer. See Eli
+ Zaretskii in <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=9079#29>.
* alloc.c (__malloc_size_t): Remove.
All uses replaced by size_t. See Andreas Schwab's note
Use EMACS_INT, not EMACS_UINT, for sizes. The code works equally
well either way, and we prefer signed to unsigned.
+ 2011-07-16 Juanma Barranquero <lekktu@gmail.com>
+
+ * makefile.w32-in (GLOBAL_SOURCES): Add gnutls.c (followup to bug#9059).
+
+ 2011-07-16 Paul Eggert <eggert@cs.ucla.edu>
+
+ * fileio.c (Fcopy_file): Don't diagnose fchown failures. (Bug#9002)
+
+ 2011-07-16 Lars Magne Ingebrigtsen <larsi@gnus.org>
+
+ * gnutls.c (syms_of_gnutls): Define `gnutls-log-level' here, since
+ it's used from the C level.
+
+ * process.c: Use the same condition for POLL_FOR_INPUT in both
+ keyboard.c and process.c (bug#1858).
+
+ 2011-07-09 Lawrence Mitchell <wence@gmx.li>
+
+ * gnutls.c (Qgnutls_bootprop_min_prime_bits): New variable.
+ (Fgnutls_boot): Use it.
+
+ 2011-07-15 Andreas Schwab <schwab@linux-m68k.org>
+
+ * doc.c (Fsubstitute_command_keys): Revert last change.
+
+ 2011-07-15 Lars Magne Ingebrigtsen <larsi@gnus.org>
+
+ * doc.c (Fsubstitute_command_keys): Clarify that \= really only
+ quotes the next character, and doesn't affect other longer
+ sequences (bug#8935).
+
+ * lread.c (syms_of_lread): Clarify that is isn't only
+ `eval-buffer' and `eval-defun' that's affected by
+ `lexical-binding' (bug#8460).
+
+ 2011-07-15 Eli Zaretskii <eliz@gnu.org>
+
+ * xdisp.c (move_it_in_display_line_to): Fix vertical motion with
+ bidi redisplay when a line includes both an image and is
+ truncated.
+
2011-07-14 Paul Eggert <eggert@cs.ucla.edu>
Fix minor problems found by static checking.
2011-07-14 Lars Magne Ingebrigtsen <larsi@gnus.org>
- * data.c (Fcdr, Fcar): Revert the last change, since it didn't
- really clarify much.
-
* search.c (Fre_search_backward): Mention `case-fold-search' in
all the re_search_* functions (bug#8138).
|| IT_OVERFLOW_NEWLINE_INTO_FRINGE (it))
{
if (!get_next_display_element (it)
- || BUFFER_POS_REACHED_P ())
+ || BUFFER_POS_REACHED_P ()
+ /* If we are past TO_CHARPOS, but never saw any
+ character positions smaller than TO_CHARPOS,
+ return MOVE_POS_MATCH_OR_ZV, like the
+ unidirectional display did. */
+ || ((op & MOVE_TO_POS) != 0
+ && !saw_smaller_pos
+ && IT_CHARPOS (*it) > to_charpos))
{
result = MOVE_POS_MATCH_OR_ZV;
break;
break;
}
}
+ else if ((op & MOVE_TO_POS) != 0
+ && !saw_smaller_pos
+ && IT_CHARPOS (*it) > to_charpos)
+ {
+ result = MOVE_POS_MATCH_OR_ZV;
+ break;
+ }
result = MOVE_LINE_TRUNCATED;
break;
}
if (FRAME_WINDOW_P (it->f)
&& valid_image_p (prop))
{
- int id = lookup_image (it->f, prop);
+ ptrdiff_t id = lookup_image (it->f, prop);
struct image *img = IMAGE_FROM_ID (it->f, id);
return OK_PIXELS (width_p ? img->width : img->height);