From: Paul Eggert Date: Mon, 11 Jul 2011 18:39:28 +0000 (+0000) Subject: Merge from trunk. X-Git-Url: http://git.hcoop.net/bpt/emacs.git/commitdiff_plain/e9eb6f14fe334d0e37d2037c952e6541eeb242ad Merge from trunk. --- e9eb6f14fe334d0e37d2037c952e6541eeb242ad diff --cc src/ChangeLog index c519100b2f,e75a84a4a6..b0913ab983 --- a/src/ChangeLog +++ b/src/ChangeLog @@@ -1,161 -1,11 +1,169 @@@ +2011-07-11 Paul Eggert + + * dispnew.c (init_display): Use *_RANGE_OVERFLOW macros. + The plain *_OVERFLOW macros run afoul of GCC bug 49705 + + and therefore cause GCC to emit a bogus diagnostic in some cases. + + * image.c: Integer signedness and overflow and related fixes. + This is not an exhaustive set of fixes, but it's time to + record what I've got. + (lookup_pixel_color, check_image_size): Remove redundant decls. + (check_image_size): Don't assume that arbitrary EMACS_INT values + fit in 'int', or that arbitrary 'double' values fit in 'int'. + (x_alloc_image_color, x_create_x_image_and_pixmap, png_load) + (tiff_load, imagemagick_load_image): + Check for overflow in size calculations. + (x_create_x_image_and_pixmap): Remove unnecessary test for + xmalloc returning NULL; that can't happen. + (xbm_read_bitmap_data): Don't assume sizes fit into 'int'. + (xpm_color_bucket): Use better integer hashing function. + (xpm_cache_color): Don't possibly over-allocate memory. + (struct png_memory_storage, tiff_memory_source, tiff_seek_in_memory) + (gif_memory_source): + Use ptrdiff_t, not int or size_t, to record sizes. + (png_load): Don't assume values greater than 2**31 fit in 'int'. + (our_stdio_fill_input_buffer): Prefer ptrdiff_t to size_t when + either works, as we prefer signed integers. + (tiff_read_from_memory, tiff_write_from_memory): + Return tsize_t, not size_t, since that's what the TIFF API wants. + (tiff_read_from_memory): Don't fail simply because the read would + go past EOF; instead, return a short read. + (tiff_load): Omit no-longer-needed casts. + (Fimagemagick_types): Don't assume size fits into 'int'. + + Improve hashing quality when configured --with-wide-int. + * fns.c (hash_string): New function, taken from sxhash_string. + Do not discard information about ASCII character case; this + discarding is no longer needed. + (sxhash-string): Use it. Change sig to match it. Caller changed. + * lisp.h: Declare it. + * lread.c (hash_string): Remove, since we now use fns.c's version. + The fns.c version returns a wider integer if --with-wide-int is + specified, so this should help the quality of the hashing a bit. + + * emacs.c: Integer overflow minor fix. + (heap_bss_diff): Now uprintmax_t, not unsigned long. All used changed. + Define only if GNU_LINUX. + (main, Fdump_emacs): Set and use heap_bss_diff only if GNU_LINUX. + + * dispnew.c: Integer signedness and overflow fixes. + Remove unnecessary forward decls, that were a maintenance hassle. + (history_tick): Now uprintmax_t, so it's more likely to avoid overflow. + All uses changed. + (adjust_glyph_matrix, realloc_glyph_pool, adjust_frame_message_buffer) + (scrolling_window): Use ptrdiff_t, not int, for byte count. + (prepare_desired_row, line_draw_cost): + Use int, not unsigned, where either works. + (save_current_matrix, restore_current_matrix): + Use ptrdiff_t, not size_t, where either works. + (init_display): Check for overflow more accurately, and without + relying on undefined behavior. + + * editfns.c (pWIDE, pWIDElen, signed_wide, unsigned_wide): + Remove, replacing with the new symbols in lisp.h. All uses changed. + * fileio.c (make_temp_name): + * filelock.c (lock_file_1, lock_file): + * xdisp.c (message_dolog): + Don't assume PRIdMAX etc. works; this isn't portable to pre-C99 hosts. + Use pMd etc. instead. + * lisp.h (printmax_t, uprintmax_t, pMd, pMu): New types and macros, + replacing the pWIDE etc. symbols removed from editfns.c. + + * keyboard.h (num_input_events): Now uintmax_t. + This is (very slightly) less likely to mess up due to wraparound. + All uses changed. + + * buffer.c: Integer signedness fixes. + (alloc_buffer_text, enlarge_buffer_text): + Use ptrdiff_t rather than size_t when either will do, as we prefer + signed integers. + + * bidi.c: Integer signedness and overflow fixes. + (bidi_cache_idx, bidi_cache_last_idx, bidi_cache_fetch_state) + (bidi_cache_search, bidi_cache_find_level_change) + (bidi_cache_iterator_state, bidi_cache_find, bidi_find_other_level_edge) + (bidi_dump_cached_states): + Don't arbitrarily limit cache indexes to int; use ptrdiff_t instead. + (bidi_cache_size): Use ptrdiff_t rather than size_t, as we prefer + signed integers. + (elsz): Make it a (signed) constant. + (bidi_cache_iterator_state): Check for size-calculation overflow. + + * alloc.c: Integer signedness and overflow fixes. + Do not impose an arbitrary 32-bit limit on malloc sizes when debugging. + (__malloc_size_t): Default to size_t, not to int. + (pure_size, pure_bytes_used_before_overflow, stack_copy_size) + (Fgarbage_collect, mark_object_loop_halt, mark_object): + Prefer ptrdiff_t to size_t when either would do, as we prefer + signed integers. + (XMALLOC_OVERRUN_CHECK_OVERHEAD): New macro. + (xmalloc_overrun_check_header, xmalloc_overrun_check_trailer): + Now const. Initialize with values that are in range even if char + is signed. + (XMALLOC_PUT_SIZE, XMALLOC_GET_SIZE): Remove, replacing with ... + (xmalloc_put_size, xmalloc_get_size): New functions. All uses changed. + These functions do the right thing with sizes > 2**32. + (check_depth): Now ptrdiff_t, not int. + (overrun_check_malloc, overrun_check_realloc, overrun_check_free): + Adjust to new way of storing sizes. Check for size overflow bugs + in rest of code. + (STRING_BYTES_MAX): Adjust to new overheads. The old code was + slightly wrong anyway, as it missed one instance of + XMALLOC_OVERRUN_CHECK_OVERHEAD. + (refill_memory_reserve): Omit needless cast to size_t. + (mark_object_loop_halt): Mark as externally visible. + + * xselect.c: Integer signedness and overflow fixes. + (Fx_register_dnd_atom, x_handle_dnd_message): + Use ptrdiff_t, not size_t, since we prefer signed. + (Fx_register_dnd_atom): Check for ptrdiff_t (and size_t) overflow. + * xterm.h (struct x_display_info): Use ptrdiff_t, not size_t, for + x_dnd_atoms_size and x_dnd_atoms_length. + + * doprnt.c: Prefer signed to unsigned when either works. + * eval.c (verror): + * doprnt.c (doprnt): + * lisp.h (doprnt): + * xdisp.c (vmessage): + Use ptrdiff_t, not size_t, when using or implementing doprnt, + since the sizes cannot exceed ptrdiff_t bounds anyway, and we + prefer signed arithmetic to avoid comparison confusion. + * doprnt.c (doprnt): Avoid a "+ 1" that can't overflow, + but is a bit tricky. + + Assume freestanding C89 headers, string.h, stdlib.h. + * data.c, doprnt.c, floatfns.c, print.c: + Include float.h unconditionally. + * gmalloc.c: Assume C89-at-least behavior for preprocessor, + limits.h, stddef.h, string.h. Use memset instead of 'flood'. + * regex.c: Likewise for stddef.h, string.h. + (ISASCII): Remove; can assume it returns 1 now. All uses removed. + * s/aix4-2.h (HAVE_STRING_H): Remove obsolete undef. + * s/ms-w32.h (HAVE_LIMITS_H, HAVE_STRING_H, HAVE_STDLIB_H) + (STDC_HEADERS): Remove obsolete defines. + * sysdep.c: Include limits.h unconditionally. + + Assume support for memcmp, memcpy, memmove, memset. + * lisp.h, sysdep.c (memcmp, memcpy, memmove, memset): + * regex.c (memcmp, memcpy): + Remove; we assume C89 now. + + * gmalloc.c (memcpy, memset, memmove): Remove; we assume C89 now. + (__malloc_safe_bcopy): Remove; no longer needed. + + * lisp.h (struct vectorlike_header, struct Lisp_Subr): Signed sizes. + Use EMACS_INT, not EMACS_UINT, for sizes. The code works equally + well either way, and we prefer signed to unsigned. + + 2011-07-11 Lars Magne Ingebrigtsen + + * xdisp.c (syms_of_xdisp): Make it explicit that the mini-windows + are the mini-buffer and the echo area (bug#3320). + + * term.c (init_tty): Remove support for supdup, c10 and perq + terminals, which are no longer supported (bug#1482). + 2011-07-10 Johan Bockgård * xdisp.c (Ftool_bar_lines_needed): Fix WINDOWP check.