+2011-04-12 Paul Eggert <eggert@cs.ucla.edu>
+
+ * sysdep.c (emacs_read, emacs_write): Check for negative sizes
+ since callers should never pass a negative size.
+ Change the signature to match that of plain 'read' and 'write'; see
+ <http://lists.gnu.org/archive/html/emacs-devel/2011-04/msg00397.html>.
+ * lisp.h: Update prototypes of emacs_write and emacs_read.
+
2011-04-11 Eli Zaretskii <eliz@gnu.org>
* xdisp.c (redisplay_window): Don't try to determine the character
extern void seed_random (long);
extern int emacs_open (const char *, int, int);
extern int emacs_close (int);
-extern ssize_t emacs_read (int, char *, ssize_t);
-extern ssize_t emacs_write (int, const char *, ssize_t);
+extern ssize_t emacs_read (int, char *, size_t);
+extern ssize_t emacs_write (int, const char *, size_t);
enum { READLINK_BUFSIZE = 1024 };
extern char *emacs_readlink (const char *, char [READLINK_BUFSIZE]);
#ifndef HAVE_MEMSET
}
ssize_t
-emacs_read (int fildes, char *buf, ssize_t nbyte)
+emacs_read (int fildes, char *buf, size_t nbyte)
{
register ssize_t rtnval;
+ /* Defend against the possibility that a buggy caller passes a negative NBYTE
+ argument, which would be converted to a large unsigned size_t NBYTE. This
+ defense prevents callers from doing large writes, unfortunately. This
+ size restriction can be removed once we have carefully checked that there
+ are no such callers. */
+ if ((ssize_t) nbyte < 0)
+ abort ();
+
while ((rtnval = read (fildes, buf, nbyte)) == -1
&& (errno == EINTR))
QUIT;
}
ssize_t
-emacs_write (int fildes, const char *buf, ssize_t nbyte)
+emacs_write (int fildes, const char *buf, size_t nbyte)
{
register ssize_t rtnval, bytes_written;
+ /* Defend against negative NBYTE, as in emacs_read. */
+ if ((ssize_t) nbyte < 0)
+ abort ();
+
bytes_written = 0;
- while (nbyte > 0)
+ while (nbyte != 0)
{
rtnval = write (fildes, buf, nbyte);
projects / emacs.git / commitdiff