Fix a few integer-overflow glitches

* src/composite.c (composition_compute_stop_pos, composition_reseat_it):
* src/dispextern.h (struct composition_it.rule_idx):
* src/keyboard.c (Fset__this_command_keys):
* src/xwidget.c (webkit_js_to_lisp):
Don’t assume object sizes fit in ‘int’.
* src/xwidget.c (Fxwidget_resize):
Don’t assume Emacs integers fit in ‘int’.

diff --git a/src/composite.c b/src/composite.c
index f23bb17c57a8524d83b8eb5897cb95df0fa4aa78..b673c53ac8328cc2de541c43249856f6b2de8b57 100644 (file)
--- a/src/composite.c
+++ b/src/composite.c
@@ -1012,7 +1012,7 @@ composition_compute_stop_pos (struct composition_it *cmp_it, ptrdiff_t charpos,
          val = CHAR_TABLE_REF (Vcomposition_function_table, c);
          if (! NILP (val))
            {
-             for (int ridx = 0; CONSP (val); val = XCDR (val), ridx++)
+             for (EMACS_INT ridx = 0; CONSP (val); val = XCDR (val), ridx++)
                {
                  Lisp_Object elt = XCAR (val);
                  if (VECTORP (elt) && ASIZE (elt) == 3
@@ -1063,54 +1063,48 @@ composition_compute_stop_pos (struct composition_it *cmp_it, ptrdiff_t charpos,
       while (char_composable_p (c))
        {
          val = CHAR_TABLE_REF (Vcomposition_function_table, c);
-         if (! NILP (val))
+         for (EMACS_INT ridx = 0; CONSP (val); val = XCDR (val), ridx++)
            {
-             Lisp_Object elt;
-             int ridx, blen;
-
-             for (ridx = 0; CONSP (val); val = XCDR (val), ridx++)
+             Lisp_Object elt = XCAR (val);
+             if (VECTORP (elt) && ASIZE (elt) == 3
+                 && NATNUMP (AREF (elt, 1))
+                 && charpos - XFASTINT (AREF (elt, 1)) > endpos)
                {
-                 elt = XCAR (val);
-                 if (VECTORP (elt) && ASIZE (elt) == 3
-                     && NATNUMP (AREF (elt, 1))
-                     && charpos - XFASTINT (AREF (elt, 1)) > endpos)
-                   {
-                     ptrdiff_t back = XFASTINT (AREF (elt, 1));
-                     ptrdiff_t cpos = charpos - back, bpos;
+                 ptrdiff_t back = XFASTINT (AREF (elt, 1));
+                 ptrdiff_t cpos = charpos - back, bpos;
 
-                     if (back == 0)
-                       bpos = bytepos;
-                     else
-                       bpos = (NILP (string) ? CHAR_TO_BYTE (cpos)
-                               : string_char_to_byte (string, cpos));
-                     if (STRINGP (AREF (elt, 0)))
-                       blen = fast_looking_at (AREF (elt, 0), cpos, bpos,
-                                               start + 1, limit, string);
-                     else
-                       blen = 1;
-                     if (blen > 0)
+                 if (back == 0)
+                   bpos = bytepos;
+                 else
+                   bpos = (NILP (string) ? CHAR_TO_BYTE (cpos)
+                           : string_char_to_byte (string, cpos));
+                 ptrdiff_t blen
+                   = (STRINGP (AREF (elt, 0))
+                      ? fast_looking_at (AREF (elt, 0), cpos, bpos,
+                                         start + 1, limit, string)
+                      : 1);
+                 if (blen > 0)
+                   {
+                     /* Make CPOS point to the last character of
+                        match.  Note that BLEN is byte-length.  */
+                     if (blen > 1)
+                       {
+                         bpos += blen;
+                         if (NILP (string))
+                           cpos = BYTE_TO_CHAR (bpos) - 1;
+                         else
+                           cpos = string_byte_to_char (string, bpos) - 1;
+                       }
+                     back = cpos - (charpos - back);
+                     if (cmp_it->stop_pos < cpos
+                         || (cmp_it->stop_pos == cpos
+                             && cmp_it->lookback < back))
                        {
-                         /* Make CPOS point to the last character of
-                            match.  Note that BLEN is byte-length.  */
-                         if (blen > 1)
-                           {
-                             bpos += blen;
-                             if (NILP (string))
-                               cpos = BYTE_TO_CHAR (bpos) - 1;
-                             else
-                               cpos = string_byte_to_char (string, bpos) - 1;
-                           }
-                         back = cpos - (charpos - back);
-                         if (cmp_it->stop_pos < cpos
-                             || (cmp_it->stop_pos == cpos
-                                 && cmp_it->lookback < back))
-                           {
-                             cmp_it->rule_idx = ridx;
-                             cmp_it->stop_pos = cpos;
-                             cmp_it->ch = c;
-                             cmp_it->lookback = back;
-                             cmp_it->nchars = back + 1;
-                           }
+                         cmp_it->rule_idx = ridx;
+                         cmp_it->stop_pos = cpos;
+                         cmp_it->ch = c;
+                         cmp_it->lookback = back;
+                         cmp_it->nchars = back + 1;
                        }
                    }
                }
@@ -1203,10 +1197,10 @@ composition_reseat_it (struct composition_it *cmp_it, ptrdiff_t charpos,
     {
       Lisp_Object lgstring = Qnil;
       Lisp_Object val, elt;
-      ptrdiff_t i;
 
       val = CHAR_TABLE_REF (Vcomposition_function_table, cmp_it->ch);
-      for (i = 0; i < cmp_it->rule_idx; i++, val = XCDR (val));
+      for (EMACS_INT i = 0; i < cmp_it->rule_idx; i++, val = XCDR (val))
+       continue;
       if (charpos < endpos)
        {
          for (; CONSP (val); val = XCDR (val))
@@ -1255,6 +1249,7 @@ composition_reseat_it (struct composition_it *cmp_it, ptrdiff_t charpos,
       if (NILP (LGSTRING_ID (lgstring)))
        lgstring = composition_gstring_put_cache (lgstring, -1);
       cmp_it->id = XINT (LGSTRING_ID (lgstring));
+      int i;
       for (i = 0; i < LGSTRING_GLYPH_LEN (lgstring); i++)
        if (NILP (LGSTRING_GLYPH (lgstring, i)))
          break;

diff --git a/src/dispextern.h b/src/dispextern.h
index eb71a82311c818e4885dfc474a2ac2b0f60d30d5..e030618a9b76501a1de9bae5bfb2d72224f3c56d 100644 (file)
--- a/src/dispextern.h
+++ b/src/dispextern.h
@@ -2215,7 +2215,7 @@ struct composition_it
      the automatic composition.  Provided that ELT is an element of
      Vcomposition_function_table for CH, (nth ELT RULE_IDX) is the
      rule for the composition.  */
-  int rule_idx;
+  EMACS_INT rule_idx;
   /* If this is an automatic composition, how many characters to look
      back from the position where a character triggering the
      composition exists.  */

diff --git a/src/keyboard.c b/src/keyboard.c
index 168232203fe7269e0f0563ca2e63c828cdfff52c..ed8e71fd0a7fdd8798de0f8baa7e82fc8f3948e8 100644 (file)
--- a/src/keyboard.c
+++ b/src/keyboard.c
@@ -10020,7 +10020,7 @@ Internal use only.  */)
     add_command_key (make_number ('x' | meta_modifier));
   else
     add_command_key (make_number (key0));
-  for (int i = 1; i < SCHARS (keys); i++)
+  for (ptrdiff_t i = 1; i < SCHARS (keys); i++)
     add_command_key (make_number (SREF (keys, i)));
   return Qnil;
 }

diff --git a/src/xwidget.c b/src/xwidget.c
index 4ba1617d8df85f32abe7459a9f18d2b62f3126af..5c276b1371c08e8b01907e6db34cb14c7d40757e 100644 (file)
--- a/src/xwidget.c
+++ b/src/xwidget.c
@@ -301,13 +301,13 @@ webkit_js_to_lisp (JSContextRef context, JSValueRef value)
           {
             JSStringRef pname = JSStringCreateWithUTF8CString("length");
             JSValueRef len = JSObjectGetProperty (context, (JSObjectRef) value, pname, NULL);
-            int n = JSValueToNumber (context, len, NULL);
+            EMACS_INT n = JSValueToNumber (context, len, NULL);
             JSStringRelease(pname);
 
             Lisp_Object obj;
             struct Lisp_Vector *p = allocate_vector (n);
 
-            for (int i = 0; i < n; ++i)
+            for (ptrdiff_t i = 0; i < n; ++i)
               {
                 p->contents[i] =
                   webkit_js_to_lisp (context,
@@ -323,13 +323,13 @@ webkit_js_to_lisp (JSContextRef context, JSValueRef value)
             JSPropertyNameArrayRef properties =
               JSObjectCopyPropertyNames (context, (JSObjectRef) value);
 
-            int n = JSPropertyNameArrayGetCount (properties);
+            ptrdiff_t n = JSPropertyNameArrayGetCount (properties);
             Lisp_Object obj;
 
             /* TODO: can we use a regular list here?  */
             struct Lisp_Vector *p = allocate_vector (n);
 
-            for (int i = 0; i < n; ++i)
+            for (ptrdiff_t i = 0; i < n; ++i)
               {
                 JSStringRef name = JSPropertyNameArrayGetNameAtIndex (properties, i);
                 JSValueRef property = JSObjectGetProperty (context,
@@ -733,8 +733,8 @@ DEFUN ("xwidget-resize", Fxwidget_resize, Sxwidget_resize, 3, 3, 0,
   (Lisp_Object xwidget, Lisp_Object new_width, Lisp_Object new_height)
 {
   CHECK_XWIDGET (xwidget);
-  CHECK_NATNUM (new_width);
-  CHECK_NATNUM (new_height);
+  CHECK_RANGED_INTEGER (new_width, 0, INT_MAX);
+  CHECK_RANGED_INTEGER (new_height, 0, INT_MAX);
   struct xwidget *xw = XXWIDGET (xwidget);
   int w = XFASTINT (new_width);
   int h = XFASTINT (new_height);