* src/buffer.c (Fmove_overflay): Clip instead of trying to fix bug 9642.

diff --git a/src/ChangeLog b/src/ChangeLog
index 611e095..cd05820 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,8 +1,6 @@
 2012-05-25  Paul Eggert  <eggert@cs.ucla.edu>
 
        Fix integer width and related bugs (Bug#9874).
-       * process.h (struct Lisp_Process): Members tick and update_tick
-       are now of type EMACS_INT, not int.
        * alloc.c (pure_bytes_used_lisp, pure_bytes_used_non_lisp):
        (allocate_vectorlike, buffer_memory_full, struct sdata, SDATA_SIZE)
        (string_bytes, check_sblock, allocate_string_data):
@@ -46,6 +44,7 @@
        (Foverlays_at, Fnext_overlay_change, Fprevious_overlay_change):
        Omit pointer cast, which isn't needed anyway, and doesn't work
        after the EMACS_INT -> ptrdiff_t change.
+       (Fmove_overlay): Clip BEG and END to ptrdiff_t to avoid overflow.
        * buffer.h: Adjust decls to match defn changes elsewhere.
        (struct buffer_text, struct buffer):
        Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough.
@@ -587,6 +586,8 @@
        overflow checking on durations.
        (emacs_get_tty_pgrp, Fprocess_running_child_p, process_send_signal):
        Don't assume pid_t fits in int.
+       * process.h (struct Lisp_Process): Members tick and update_tick
+       are now of type EMACS_INT, not int.
        * puresize.h (PURESIZE_RATIO): Shrink this to 8/6 on 32-bit hosts
        configured --with-wide-int.
        * scroll.c (calculate_scrolling, calculate_direct_scrolling)

diff --git a/src/buffer.c b/src/buffer.c
index dbaa9f0..5d431f2 100644 (file)
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -3697,21 +3697,18 @@ buffer.  */)
 
   CHECK_NUMBER_COERCE_MARKER (beg);
   CHECK_NUMBER_COERCE_MARKER (end);
-
-  if (XINT (beg) > XINT (end))
-    {
-      Lisp_Object temp;
-      temp = beg; beg = end; end = temp;
-    }
-
-  Fset_marker (OVERLAY_START (overlay), beg, buffer);
-  Fset_marker (OVERLAY_END (overlay), end, buffer);
-  n_beg = marker_position (OVERLAY_START (overlay));
-  n_end = marker_position (OVERLAY_END (overlay));
+  n_beg = clip_to_bounds (PTRDIFF_MIN, XINT (beg), PTRDIFF_MAX);
+  n_end = clip_to_bounds (PTRDIFF_MIN, XINT (end), PTRDIFF_MAX);
 
   if (n_beg == n_end && ! NILP (Foverlay_get (overlay, Qevaporate)))
     return Fdelete_overlay (overlay);
 
+  if (n_beg > n_end)
+    {
+      ptrdiff_t temp;
+      temp = n_beg; n_beg = n_end; n_end = temp;
+    }
+
   specbind (Qinhibit_quit, Qt);
 
   obuffer = Fmarker_buffer (OVERLAY_START (overlay));
@@ -3761,8 +3758,12 @@ buffer.  */)
       eassert (XOVERLAY (overlay)->next == NULL);
     }
 
+  Fset_marker (OVERLAY_START (overlay), beg, buffer);
+  Fset_marker (OVERLAY_END   (overlay), end, buffer);
+
   /* Put the overlay on the wrong list.  */
-  if (n_end < b->overlay_center)
+  end = OVERLAY_END (overlay);
+  if (OVERLAY_POSITION (end) < b->overlay_center)
     {
       XOVERLAY (overlay)->next = b->overlays_after;
       b->overlays_after = XOVERLAY (overlay);