2011-07-17 Paul Eggert <eggert@cs.ucla.edu>
+ * xterm.c: don't go over XClientMessageEvent limit
+ (scroll_bar_windows_size): Now ptrdiff_t, as we prefer signed.
+ (x_send_scroll_bar_event): Likewise. Check that the size does not
+ exceed limits imposed by XClientMessageEvent, as well as the usual
+ ptrdiff_t and size_t limits.
+
* keyboard.c: Overflow, signedness and related fixes.
(make_lispy_movement): Use same integer type in forward decl
that is used in the definition.
x_send_scroll_bar_event and x_scroll_bar_to_input_event. */
static struct window **scroll_bar_windows;
-static size_t scroll_bar_windows_size;
+static ptrdiff_t scroll_bar_windows_size;
/* Send a client message with message type Xatom_Scrollbar for a
XClientMessageEvent *ev = (XClientMessageEvent *) &event;
struct window *w = XWINDOW (window);
struct frame *f = XFRAME (w->frame);
- size_t i;
+ ptrdiff_t i;
BLOCK_INPUT;
if (i == scroll_bar_windows_size)
{
- size_t new_size = max (10, 2 * scroll_bar_windows_size);
- size_t nbytes = new_size * sizeof *scroll_bar_windows;
- size_t old_nbytes = scroll_bar_windows_size * sizeof *scroll_bar_windows;
-
- if ((size_t) -1 / sizeof *scroll_bar_windows < new_size)
+ ptrdiff_t new_size, old_nbytes, nbytes;
+ /* Check the 32-bit XClientMessageEvent limit, as well as the
+ usual ptrdiff_t/size_t limit. */
+ if (min (0x7fffffff,
+ min (PTRDIFF_MAX, SIZE_MAX) / sizeof *scroll_bar_windows / 2)
+ < scroll_bar_windows_size)
memory_full (SIZE_MAX);
+ new_size = max (10, 2 * scroll_bar_windows_size);
+ nbytes = new_size * sizeof *scroll_bar_windows;
+ old_nbytes = scroll_bar_windows_size * sizeof *scroll_bar_windows;
scroll_bar_windows = (struct window **) xrealloc (scroll_bar_windows,
nbytes);
memset (&scroll_bar_windows[i], 0, nbytes - old_nbytes);
projects / emacs.git / commitdiff