-2011-08-16 Paul Eggert <eggert@cs.ucla.edu>
+2011-09-04 Paul Eggert <eggert@cs.ucla.edu>
+
+ sprintf-related integer and memory overflow issues (Bug#9412).
+
+ * doprnt.c (doprnt): Support printing ptrdiff_t and intmax_t values.
+ (esprintf, exprintf, evxprintf): New functions.
+ * keyboard.c (command_loop_level): Now EMACS_INT, not int.
+ (cmd_error): kbd macro iterations count is now EMACS_INT, not int.
+ (modify_event_symbol): Do not assume that the length of
+ name_alist_or_stem is safe to alloca and fits in int.
+ (Fexecute_extended_command): Likewise for function name and binding.
+ (Frecursion_depth): Wrap around reliably on integer overflow.
+ * keymap.c (push_key_description): First arg is now EMACS_INT, not int,
+ since some callers pass EMACS_INT values.
+ (Fsingle_key_description): Don't crash if symbol name contains more
+ than MAX_ALLOCA bytes.
+ * minibuf.c (minibuf_level): Now EMACS_INT, not int.
+ (get_minibuffer): Arg is now EMACS_INT, not int.
+ * lisp.h (get_minibuffer, push_key_description): Reflect API changes.
+ (esprintf, exprintf, evxprintf): New decls.
+ * window.h (command_loop_level, minibuf_level): Reflect API changes.
+
+ * dbusbind.c (signature_cat): New function.
+ (xd_signature, Fdbus_register_signal):
+ Do not overrun buffer; instead, report string overflow.
+
+ * dispnew.c (add_window_display_history): Don't overrun buffer.
+ Truncate instead; this is OK since it's just a log.
+
+ * editfns.c (Fcurrent_time_zone): Don't overrun buffer
+ even if the time zone offset is outlandishly large.
+ Don't mishandle offset == INT_MIN.
+
+ * emacs.c (main) [NS_IMPL_COCOA]: Don't overrun buffer
+ when creating daemon; the previous buffer-overflow check was incorrect.
+
+ * eval.c (verror): Simplify by rewriting in terms of evxprintf,
+ which has the guts of the old verror function.
+
+ * filelock.c (lock_file_1, lock_file): Don't blindly alloca long name;
+ use SAFE_ALLOCA instead. Use esprintf to avoid int-overflow issues.
+
+ * font.c: Include <float.h>, for DBL_MAX_10_EXP.
+ (font_unparse_xlfd): Don't blindly alloca long strings.
+ Don't assume XINT result fits in int, or that XFLOAT_DATA * 10
+ fits in int, when using sprintf. Use single snprintf to count
+ length of string rather than counting it via multiple sprintfs;
+ that's simpler and more reliable.
+ (font_unparse_fcname): Use it to avoid sprintf buffer overrun.
+ (generate_otf_features) [0 && HAVE_LIBOTF]: Use esprintf, not
+ sprintf, in case result does not fit in int.
+
+ * fontset.c (num_auto_fontsets): Now printmax_t, not int.
+ (fontset_from_font): Print it.
+
+ * frame.c (tty_frame_count): Now printmax_t, not int.
+ (make_terminal_frame, set_term_frame_name): Print it.
+ (x_report_frame_params): In X, window IDs are unsigned long,
+ not signed long, so print them as unsigned.
+ (validate_x_resource_name): Check for implausibly long names,
+ and don't assume name length fits in 'int'.
+ (x_get_resource_string): Don't blindly alloca invocation name;
+ use SAFE_ALLOCA. Use esprintf, not sprintf, in case result does
+ not fit in int.
+
+ * gtkutil.c: Include <float.h>, for DBL_MAX_10_EXP.
+ (xg_check_special_colors, xg_set_geometry):
+ Make sprintf buffers a bit bigger, to avoid potential buffer overrun.
+
+ * lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA.
+ Use esprintf, not sprintf, in case result does not fit in int.
+
+ * macros.c (executing_kbd_macro_iterations): Now EMACS_INT, not int.
+ (Fend_kbd_macro): Don't mishandle MOST_NEGATIVE_FIXNUM by treating
+ it as a large positive number.
+ (Fexecute_kbd_macro): Don't assume repeat count fits in int.
+ * macros.h (executing_kbd_macro_iterations): Now EMACS_INT, not int.
+
+ * nsterm.m ((NSSize)windowWillResize): Use esprintf, not sprintf,
+ in case result does not fit in int.
+
+ * print.c (float_to_string): Detect width overflow more reliably.
+ (print_object): Make sprintf buffer a bit bigger, to avoid potential
+ buffer overrun. Don't assume list length fits in 'int'. Treat
+ print length of 0 as 0, not as infinity; to be consistent with other
+ uses of print length in this function. Don't overflow print length
+ index. Don't assume hash table size fits in 'long', or that
+ vectorlike size fits in 'unsigned long'.
+
+ * process.c (make_process): Use printmax_t, not int, to format
+ process-name gensyms.
+
+ * sysdep.c (snprintf) [! HAVE_SNPRINTF]: New function.
+
+ * term.c (produce_glyphless_glyph): Make sprintf buffer a bit bigger
+ to avoid potential buffer overrun.
+
+ * xfaces.c (x_update_menu_appearance): Don't overrun buffer
+ if X resource line is longer than 512 bytes.
+
+ * xfns.c (x_window): Make sprintf buffer a bit bigger
+ to avoid potential buffer overrun.
+
+ * xterm.c (x_io_error_quitter): Don't overrun sprintf buffer.
+
+ * xterm.h (x_check_errors): Add ATTRIBUTE_FORMAT_PRINTF.
+
+2011-09-04 Paul Eggert <eggert@cs.ucla.edu>
+
+ Integer overflow fixes for scrolling, etc.
+ Without these, Emacs silently mishandles large integers sometimes.
+ For example, "C-u 4294967297 M-x recenter" was treated as if
+ it were "C-u 1 M-x recenter" on a typical 64-bit host.
+
+ * xdisp.c (try_window_id): Check Emacs fixnum range before
+ converting to 'int'.
+
+ * window.c (window_scroll_line_based, Frecenter):
+ Check that an Emacs fixnum is in range before assigning it to 'int'.
+ (Frecenter, Fmove_to_window_line): Use EMACS_INT, not int, for
+ values converted from Emacs fixnums.
+ (Frecenter): Don't wrap around a line count if it is out of 'int'
+ range; instead, treat it as an extreme value.
+ (Fset_window_configuration, compare_window_configurations):
+ Use ptrdiff_t, not int, for index that might exceed 2 GiB.
+
+ * search.c (Freplace_match): Use ptrdiff_t, not int, for indexes
+ that can exceed INT_MAX. Check that EMACS_INT value is in range
+ before assigning it to the (possibly-narrower) index.
+ (match_limit): Don't assume that a fixnum can fit in 'int'.
+
+ * print.c (print_object): Use ptrdiff_t, not int, for index that can
+ exceed INT_MAX.
+
+ * indent.c (position_indentation): Now takes ptrdiff_t, not int.
+ (Fvertical_motion): Don't wrap around LINES values that don't fit
+ in 'int'. Instead, treat them as extreme values. This is good
+ enough for windows, which can't have more than INT_MAX lines anyway.
+
+2011-09-03 Lars Magne Ingebrigtsen <larsi@gnus.org>
+
+ * Require libxml/parser.h to avoid compilation warning.
+
+ * emacs.c (shut_down_emacs): Call xmlCleanupParser on shutdown.
+
+ * xml.c (parse_region): Don't call xmlCleanupParser after parsing,
+ since this reportedly can destroy thread storage.
+
+2011-08-30 Chong Yidong <cyd@stupidchicken.com>
+
+ * syntax.c (find_defun_start): Update all cache variables if
+ exiting early (Bug#9401).
+
+2011-08-30 Eli Zaretskii <eliz@gnu.org>
+
+ * image.c (x_bitmap_pixmap): Cast to int to avoid compiler warnings.
+
+ * xdisp.c (produce_stretch_glyph): No longer static, compiled also
+ when HAVE_WINDOW_SYSTEM is not defined. Support both GUI and TTY
+ frames. Call tty_append_glyph in the TTY case. (Bug#9402)
+
+ * term.c (tty_append_glyph): New function.
+ (produce_stretch_glyph): Static function and its prototype deleted.
+
+ * dispextern.h (produce_stretch_glyph, tty_append_glyph): Add
+ prototypes.
+
+2011-08-29 Paul Eggert <eggert@cs.ucla.edu>
+
+ * image.c (parse_image_spec): Check for nonnegative, not for positive,
+ when checking :margin (Bug#9390).
+ (IMAGE_NON_NEGATIVE_INTEGER_VALUE_OR_PAIR):
+ Renamed from IMAGE_POSITIVE_INTEGER_VALUE_OR_PAIR,
+ so that the name doesn't mislead. All uses changed.
+
+2011-08-28 Johan Bockgård <bojohan@gnu.org>
+
+ * term.c (init_tty) [HAVE_GPM]: Move mouse settings after
+ set_tty_hooks.
+
+2011-08-27 Eli Zaretskii <eliz@gnu.org>
+
+ * xdisp.c (move_it_to): Don't bail out early when reaching
+ position beyond to_charpos, if we are scanning backwards.
+ (move_it_vertically_backward): When DY == 0, make sure we get to
+ the first character in the line after the newline.
+
+2011-08-27 Paul Eggert <eggert@cs.ucla.edu>
+
+ * ccl.c: Improve and simplify overflow checking (Bug#9196).
+ (ccl_driver): Do not generate an out-of-range pointer.
+ (Fccl_execute_on_string): Remove unnecessary check for
+ integer overflow, noted by Stefan Monnier in
+ <http://lists.gnu.org/archive/html/emacs-devel/2011-08/msg00979.html>.
+ Remove a FIXME that didn't need fixing.
+ Simplify the newly-introduced buffer reallocation code.
+
+2011-08-27 Juanma Barranquero <lekktu@gmail.com>
+
+ * makefile.w32-in ($(BLD)/alloc.$(O)): Depend on lib/verify.h.
+
+2011-08-26 Paul Eggert <eggert@cs.ucla.edu>
Integer and memory overflow issues (Bug#9196).
+ * doc.c (get_doc_string): Rework so that
+ get_doc_string_buffer_size is the actual buffer size, rather than
+ being 1 less than the actual buffer size; this makes xpalloc more
+ convenient.
+
* image.c (x_allocate_bitmap_record, cache_image):
* xselect.c (Fx_register_dnd_atom):
Simplify previous changes by using xpalloc.
(bidi_cache_ensure_space, bidi_shelve_cache): Use it.
(bidi_cache_ensure_space): Avoid integer overflow when allocating.
+ * bidi.c (bidi_cache_shrink):
* buffer.c (overlays_at, overlays_in, record_overlay_string)
(overlay_strings):
Don't update size of array until after memory allocation succeeds,
(gs_load): Use printmax_t to print the widest integers possible.
Check for integer overflow when computing image height and width.
+2011-08-26 Eli Zaretskii <eliz@gnu.org>
+
+ * xdisp.c (redisplay_window): Don't force window start if point
+ will be invisible in the resulting window. (Bug#9324)
+
+2011-08-25 Eli Zaretskii <eliz@gnu.org>
+
+ * xdisp.c (compute_display_string_pos): Return 2 in DISP_PROP when
+ the display spec is of the form `(space ...)'.
+ (handle_display_spec): Return the value returned by
+ handle_single_display_spec, not just 1 or zero.
+ (handle_single_display_spec): If the display spec is of the form
+ `(space ...)', and specifies display in the text area, return 2
+ rather than 1.
+ (try_cursor_movement): Check for the need to scroll more
+ accurately, and prefer exact match for point under bidi. Don't
+ advance `row' beyond the last row of the window.
+
+ * dispextern.h (struct bidi_it): Rename the disp_prop_p member
+ into disp_prop; all users changed.
+
+ * bidi.c (bidi_fetch_char): If compute_display_string_pos returns
+ DISP_PROP = 2, substitute the u+2029 PARAGRAPH SEPARATOR character
+ for the text covered by the display property.
+
+2011-08-25 Chong Yidong <cyd@stupidchicken.com>
+
+ * buffer.c (Fbury_buffer_internal): Rename from Funrecord_buffer.
+ Change return value to nil.
+ (Frecord_buffer): Delete unused function.
+
+2011-08-24 Eli Zaretskii <eliz@gnu.org>
+
+ * xdisp.c (Fcurrent_bidi_paragraph_direction): For unibyte
+ buffers, return left-to-right.
+ (set_cursor_from_row): Consider candidate row a win if its glyph
+ represents a newline and point is on that newline. Fixes cursor
+ positioning on the newline at EOL of R2L text within L2R
+ paragraph, and vice versa.
+ (try_cursor_movement): Check continued rows, in addition to
+ continuation rows. Fixes unwarranted scroll when point enters a
+ continued line of R2L text within an L2R paragraph, or vice versa.
+ (cursor_row_p): Consider the case of point being equal to
+ MATRIX_ROW_END_CHARPOS. Prevents cursor being stuck when moving
+ from the end of a short line to the beginning of a continued line
+ of R2L text within L2R paragraph.
+ (RECORD_MAX_MIN_POS): For max_pos, use IT_CHARPOS even for
+ composed characters.
+
+ * bidi.c (bidi_check_type): Use xassert.
+ (bidi_cache_iterator_state): Update the disp_pos and disp_prop_p
+ members.
+
+2011-08-23 Eli Zaretskii <eliz@gnu.org>
+
+ * bidi.c (bidi_get_type): Abort if we get zero as the bidi type of
+ a character.
+
+2011-08-23 Chong Yidong <cyd@stupidchicken.com>
+
+ * nsfont.m (ns_otf_to_script): Fix typo.
+
+2011-08-22 Kenichi Handa <handa@m17n.org>
+
+ * chartab.c (Fset_char_table_extra_slot): Do not inhibit setting a
+ extra slot even if the purpose is char-code-property-table.
+
+2011-08-23 Eli Zaretskii <eliz@gnu.org>
+
+ * xdisp.c (redisplay_window): When computing centering_position,
+ account for the height of the header line. (Bug#8874)
+
+ * dispnew.c (buffer_posn_from_coords): Use buf_charpos_to_bytepos
+ instead of CHAR_TO_BYTE. Fixes a crash when a completion
+ candidate is selected by the mouse, and that candidate has a
+ composed character under the mouse.
+
+ * xdisp.c (x_produce_glyphs): Set it->nglyphs to 1. Fixes pixel
+ coordinates reported by pos-visible-in-window-p for a composed
+ character in column zero.
+
+2011-08-23 Stefan Monnier <monnier@iro.umontreal.ca>
+
+ * cmds.c (Fself_insert_command): Mention post-self-insert-hook.
+
+2011-08-22 Eli Zaretskii <eliz@gnu.org>
+
+ * xdisp.c (BUFFER_POS_REACHED_P): If this is a composition,
+ consider it a hit if to_charpos is anywhere in the range of the
+ composed buffer positions.
+
+2011-08-22 Chong Yidong <cyd@stupidchicken.com>
+
+ * image.c (gif_load): Don't assume that each subimage has the same
+ dimensions as the base image. Handle disposal method that is
+ "undefined" by the gif spec (Bug#9335).
+
+2011-08-20 Chong Yidong <cyd@stupidchicken.com>
+
+ * eval.c (Fsignal): Handle `debug' symbol in error handler (Bug#9329).
+ (Fcondition_case): Document `debug' symbol in error handler.
+
+2011-08-19 Eli Zaretskii <eliz@gnu.org>
+
+ * xfaces.c (face_at_buffer_position): Avoid repeated evaluation of
+ face ID by FACE_FROM_ID, and avoid a crash when mouse is moved
+ from an Org mode buffer to a Speedbar frame.
+
+ * xdisp.c (RECORD_MAX_MIN_POS): If the display element comes from
+ a composition, take its buffer position from IT->cmp_it.charpos.
+ Fixes cursor positioning at the beginning of a line that begins
+ with a composed character.
+
+2011-08-18 Eli Zaretskii <eliz@gnu.org>
+
+ * bidi.c (bidi_get_type): If bidi_type_table reports zero as the
+ character bidirectional type, use STRONG_L instead. Fixes crashes
+ in a buffer produced by `describe-categories'.
+
+ * dispextern.h (struct bidi_it): Move disp_pos and disp_prop_p
+ members before the level stack, so they would be saved and
+ restored when copying iterator state. Fixes incorrect reordering
+ around TABs covered by display properties.
+
+2011-08-18 Andreas Schwab <schwab@linux-m68k.org>
+
+ * process.c (Fnetwork_interface_list): Correctly determine buffer
+ size.
+
+2011-08-17 Chong Yidong <cyd@stupidchicken.com>
+
+ * eval.c (internal_condition_case, internal_condition_case_1)
+ (internal_condition_case_2, internal_condition_case_n):
+ Remove unnecessary aborts (Bug#9081).
+
+2011-08-17 Eli Zaretskii <eliz@gnu.org>
+
+ * lread.c (Fload) [DOS_NT]: If `openp' returns -2, but the file
+ has no `load' handler, try opening the file locally. (Bug#9311)
+
+2011-08-16 Ken Brown <kbrown@cornell.edu>
+
+ * gmalloc.c: Expand comment.
+
2011-08-16 Eli Zaretskii <eliz@gnu.org>
* xdisp.c (set_cursor_from_row): Don't accept a previous candidate
* unexcw.c ( __malloc_initialized): Declare external variable.
(fixup_executable): Force the dumped emacs to reinitialize malloc.
- * gmalloc.c [CYGWIN] (bss_sbrk_heapbase, bss_sbrk_heapinfo): New
- variables.
+ * gmalloc.c [CYGWIN] (bss_sbrk_heapbase, bss_sbrk_heapinfo):
+ New variables.
(malloc_initialize_1) [CYGWIN]: Prepare for reinitializing the
dumped emacs.
(_free_internal_nolock) [CYGWIN]: Ignore requests to free storage
2011-08-14 Kenichi Handa <handa@m17n.org>
* process.c (create_process): Call setup_process_coding_systems
- after the pid of the process is set to -1.
+ after the pid of the process is set to -1 (Bug#8162).
2011-08-14 Eli Zaretskii <eliz@gnu.org>
* xdisp.c (iterate_out_of_display_property): xassert that
IT->position is set to within IT->object's boundaries. Break from
the loop as soon as EOB is reached; avoids infloops in redisplay
- when IT->position is set up wrongly due to some bug. Set
- IT->current to match the bidi iterator unconditionally.
+ when IT->position is set up wrongly due to some bug.
+ Set IT->current to match the bidi iterator unconditionally.
(push_display_prop): Allow GET_FROM_STRING as IT->method on
entry. Force push_it to save on the stack the current
buffer/string position, to be restored by pop_it. Fix flags in
2011-08-08 Eli Zaretskii <eliz@gnu.org>
* xdisp.c (forward_to_next_line_start): Allow to use the
- no-display-properties-and-no-overlays under bidi display. Set
- disp_pos in the bidi iterator to avoid searches for display
+ no-display-properties-and-no-overlays under bidi display.
+ Set disp_pos in the bidi iterator to avoid searches for display
properties and overlays.
2011-08-08 Chong Yidong <cyd@stupidchicken.com>
* bidi.c <bidi_cache_total_alloc>: Now static.
(bidi_initialize): Initialize bidi_cache_total_alloc.
- *xdisp.c (display_line): Release buffer allocated for shelved bidi
+ * xdisp.c (display_line): Release buffer allocated for shelved bidi
cache. (Bug#9221)
* bidi.c (bidi_shelve_cache, bidi_unshelve_cache): Track total
HCoop / bpt / emacs.git / blobdiff