From: Paul Eggert Date: Fri, 27 May 2011 19:37:32 +0000 (-0700) Subject: Merge: Integer overflow fixes. X-Git-Tag: emacs-pretest-24.0.90~104^2~618^2~139 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=0f6990a78ae5016d8ae73253cdb4739adf0197e7;p=emacs.git Merge: Integer overflow fixes. --- 0f6990a78ae5016d8ae73253cdb4739adf0197e7 diff --cc src/ChangeLog index 1ffeba88607,d276e309c50..d45543c8d36 --- a/src/ChangeLog +++ b/src/ChangeLog @@@ -1,95 -1,87 +1,177 @@@ -2011-05-24 Paul Eggert ++2011-05-27 Paul Eggert ++ ++ Integer overflow fixes. + + * dbusbind.c: Serial number integer overflow fixes. + (CHECK_DBUS_SERIAL_GET_SERIAL): New macro. + (Fdbus_call_method_asynchronously, xd_read_message_1): Use a float + to hold a serial number that is too large for a fixnum. + (Fdbus_method_return_internal, Fdbus_method_error_internal): + Check for serial numbers out of range. Decode any serial number + that was so large that it became a float. (Bug#8722) + + * dbusbind.c: Use XFASTINT rather than XUINT, and check for nonneg. + (Fdbus_call_method, Fdbus_call_method_asynchronously): + Use XFASTINT rather than XUINT when numbers are nonnegative. + (xd_append_arg, Fdbus_method_return_internal): + (Fdbus_method_error_internal): Likewise. Also, for unsigned + arguments, check that Lisp number is nonnegative, rather than + silently wrapping negative numbers around. (Bug#8722) + (xd_read_message_1): Don't assume dbus_uint32_t can fit in int. + (Bug#8722) + + * data.c (arith_driver, Flsh): Avoid unnecessary casts to EMACS_UINT. + -2011-05-23 Paul Eggert - + * ccl.c (ccl_driver): Redo slightly to avoid the need for 'unsigned'. + + ccl: add integer overflow checks + * ccl.c (CCL_CODE_MAX, GET_CCL_RANGE, GET_CCL_CODE, GET_CCL_INT): + (IN_INT_RANGE): New macros. + (ccl_driver): Use them to check for integer overflow when + decoding a CCL program. Many of the new checks are whether XINT (x) + fits in int; it doesn't always, on 64-bit hosts. The new version + doesn't catch all possible integer overflows, but it's an + improvement. (Bug#8719) + + * alloc.c (make_event_array): Use XINT, not XUINT. + There's no need for unsigned here. + + * mem-limits.h (EXCEEDS_LISP_PTR) [!USE_LSB_TAG]: EMACS_UINT -> uintptr_t + This follows up to the 2011-05-06 change that substituted uintptr_t + for EMACS_INT. This case wasn't caught back then. + -2011-05-22 Paul Eggert - + Rework Fformat to avoid integer overflow issues. + * editfns.c: Include unconditionally, as it's everywhere + now (part of C89). Include . + (MAX_10_EXP, CONVERTED_BYTE_SIZE): Remove; no longer needed. + (pWIDE, pWIDElen, signed_wide, unsigned_wide): New defns. + (Fformat): Avoid the prepass trying to compute sizes; it was only + approximate and thus did not catch overflow reliably. Instead, walk + through the format just once, formatting and computing sizes as we go, + checking for integer overflow at every step, and allocating a larger + buffer as needed. Keep track separately whether the format is + multibyte. Keep only the most-recently calculated precision, rather + than them all. Record whether each argument has been converted to + string. Use EMACS_INT, not int, for byte and char and arg counts. + Support field widths and precisions larger than INT_MAX. Avoid + sprintf's undefined behavior with conversion specifications such as %#d + and %.0c. Fix bug with strchr succeeding on '\0' when looking for + flags. Fix bug with (format "%c" 256.0). Avoid integer overflow when + formatting out-of-range floating point numbers with int + formats. (Bug#8668) + + * lisp.h (FIXNUM_OVERFLOW_P): Work even if arg is a NaN. + + * data.c: Avoid integer truncation in expressions involving floats. + * data.c: Include . + (arith_driver): When there's an integer overflow in an expression + involving floating point, convert the integers to floating point + so that the resulting value does not suffer from catastrophic + integer truncation. For example, on a 64-bit host (* 4 + most-negative-fixnum 0.5) should yield about -4.6e+18, not zero. + Do not rely on undefined behavior after integer overflow. + + merge count_size_as_multibyte, parse_str_to_multibyte + * character.c, character.h (count_size_as_multibyte): + Renamed from parse_str_to_multibyte; all uses changed. + Check for integer overflow. + * insdel.c, lisp.h (count_size_as_multibyte): Remove, + since it's now a duplicate of the other. This is more of + a character than a buffer op, so better that it's in character.c. + * fns.c, print.c: Adjust to above changes. + +2011-05-27 Paul Eggert + + * xselect.c: Fix minor problems prompted by GCC 4.6.0 warnings. + (x_handle_selection_request, frame_for_x_selection): Remove unused vars. + (x_clipboard_manager_save): Now static. + (Fx_clipboard_manager_save): Rename local to avoid shadowing. + + * fns.c: Fix minor problems prompted by GCC 4.6.0 warnings. + (crypto_hash_function): Now static. + Fix pointer signedness problems. Avoid unnecessary initializations. + +2011-05-27 Chong Yidong + + * termhooks.h (Vselection_alist): Make it terminal-local. + + * terminal.c (create_terminal): Initialize it. + + * xselect.c: Support for clipboard managers. + (Vselection_alist): Move to termhooks.h as terminal-local var. + (LOCAL_SELECTION): New macro. + (x_atom_to_symbol): Handle x_display_info_for_display fail case. + (symbol_to_x_atom): Remove gratuitous arg. + (x_handle_selection_request, lisp_data_to_selection_data) + (x_get_foreign_selection, Fx_register_dnd_atom): Callers changed. + (x_own_selection, x_get_local_selection, x_convert_selection): New + arg, specifying work frame. Use terminal-local Vselection_alist. + (some_frame_on_display): Delete unused function. + (Fx_own_selection_internal, Fx_get_selection_internal) + (Fx_disown_selection_internal, Fx_selection_owner_p) + (Fx_selection_exists_p): New optional frame arg. + (frame_for_x_selection, Fx_clipboard_manager_save): New functions. + (x_handle_selection_clear): Don't treat other terminals with the + same keyboard specially. Use the terminal-local Vselection_alist. + (x_clear_frame_selections): Use Frun_hook_with_args. + + * xterm.c (x_term_init): Intern ATOM and CLIPBOARD_MANAGER atoms. + + * xterm.h: Add support for those atoms. + +2011-05-26 Chong Yidong + + * xselect.c: ICCCM-compliant handling of MULTIPLE targets. + (converted_selections, conversion_fail_tag): New global variables. + (x_selection_request_lisp_error): Free the above. + (x_get_local_selection): Remove unnecessary code. + (x_reply_selection_request): Args changed; handle arbitrary array + of converted selections stored in converted_selections. Separate + the XChangeProperty and SelectionNotify steps. + (x_handle_selection_request): Rewrite to handle MULTIPLE target. + (x_convert_selection): New function. + (x_handle_selection_event): Simplify. + (x_get_foreign_selection): Don't ignore incoming requests while + waiting for an answer; this will fail when we implement + SAVE_TARGETS, and seems unnecessary anyway. + (selection_data_to_lisp_data): Recognize ATOM_PAIR type. + (Vx_sent_selection_functions): Doc fix. + +2011-05-26 Leo Liu + + * editfns.c (Ftranspose_regions): Allow empty regions. (Bug#8699) + +2011-05-25 YAMAMOTO Mitsuharu + + * dispextern.h (struct glyph_row): New member fringe_bitmap_periodic_p. + + * dispnew.c (shift_glyph_matrix, scrolling_window): Mark scrolled row + for fringe update if it has periodic bitmap. + (row_equal_p): Also compare left_fringe_offset, right_fringe_offset, + and fringe_bitmap_periodic_p. + + * fringe.c (get_fringe_bitmap_data): New function. + (draw_fringe_bitmap_1, update_window_fringes): Use it. + (update_window_fringes): Record periodicity of fringe bitmap in glyph + row. Mark glyph row for fringe update if periodicity changed. + + * xdisp.c (try_window_reusing_current_matrix): Don't mark scrolled row + for fringe update unless it has periodic bitmap. + +2011-05-25 Kenichi Handa + + * xdisp.c (get_next_display_element): Set correct it->face_id for + a static composition. + +2011-05-24 Leo Liu + + * deps.mk (fns.o): + * makefile.w32-in ($(BLD)/fns.$(O)): Include sha1.h. + + * fns.c (crypto_hash_function, Fsha1): New function. + (Fmd5): Use crypto_hash_function. + (syms_of_fns): Add Ssha1. + 2011-05-22 Paul Eggert * gnutls.c: Remove unused macros.