From: Paul Eggert Date: Wed, 24 Sep 2014 20:30:28 +0000 (-0700) Subject: Avoid signed integer overflow when converting Time to ptrdiff_t. X-Git-Tag: emacs-25.0.90~2635^2~679^2~231 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=203a9eb0ec0e1f28958df5fa1a49c5a7e3f4cae8;p=emacs.git Avoid signed integer overflow when converting Time to ptrdiff_t. * keyboard.c (INPUT_EVENT_POS_MAX, INPUT_EVENT_POS_MIN): New macros. (position_to_Time, Time_to_position): New functions. (gen_help_event, kbd_buffer_get_event): Use them. * systime.h (Time) [emacs && !HAVE_X_WINDOWS]: Go back to plain 'unsigned long', so that 'Time' is the same for both X and non-X builds; this is less likely to cause surprise. * termhooks.h: Remove compile-time check that Time and ptrdiff_t are the same size; this is no longer required. --- diff --git a/src/ChangeLog b/src/ChangeLog index 9ee4a3de1d0..5f95c1594ef 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,16 @@ 2014-09-24 Paul Eggert + Avoid signed integer overflow when converting Time to ptrdiff_t. + * keyboard.c (INPUT_EVENT_POS_MAX, INPUT_EVENT_POS_MIN): + New macros. + (position_to_Time, Time_to_position): New functions. + (gen_help_event, kbd_buffer_get_event): Use them. + * systime.h (Time) [emacs && !HAVE_X_WINDOWS]: + Go back to plain 'unsigned long', so that 'Time' is the same + for both X and non-X builds; this is less likely to cause surprise. + * termhooks.h: Remove compile-time check that Time and ptrdiff_t + are the same size; this is no longer required. + * keyboard.c (make_lispy_event): Avoid unnecessary tests of bit 28 and of whether an unsigned value is negative. This simplifies the code a bit, and pacifies clang 3.4. diff --git a/src/keyboard.c b/src/keyboard.c index 718614f080a..704109e1671 100644 --- a/src/keyboard.c +++ b/src/keyboard.c @@ -3729,6 +3729,34 @@ kbd_buffer_unget_event (register struct input_event *event) } } +/* Limit help event positions to this range, to avoid overflow problems. */ +#define INPUT_EVENT_POS_MAX \ + ((ptrdiff_t) min (PTRDIFF_MAX, min (TYPE_MAXIMUM (Time) / 2, \ + MOST_POSITIVE_FIXNUM))) +#define INPUT_EVENT_POS_MIN (-1 - INPUT_EVENT_POS_MAX) + +/* Return a Time that encodes position POS. POS must be in range. */ + +static Time +position_to_Time (ptrdiff_t pos) +{ + eassert (INPUT_EVENT_POS_MIN <= pos && pos <= INPUT_EVENT_POS_MAX); + return pos; +} + +/* Return the position that ENCODED_POS encodes. + Avoid signed integer overflow. */ + +static ptrdiff_t +Time_to_position (Time encoded_pos) +{ + if (encoded_pos <= INPUT_EVENT_POS_MAX) + return encoded_pos; + Time encoded_pos_min = INPUT_EVENT_POS_MIN; + eassert (encoded_pos_min <= encoded_pos); + ptrdiff_t notpos = -1 - encoded_pos; + return -1 - notpos; +} /* Generate a HELP_EVENT input_event and store it in the keyboard buffer. @@ -3752,7 +3780,7 @@ gen_help_event (Lisp_Object help, Lisp_Object frame, Lisp_Object window, event.arg = object; event.x = WINDOWP (window) ? window : frame; event.y = help; - event.timestamp = pos; + event.timestamp = position_to_Time (pos); kbd_buffer_store_event (&event); } @@ -4084,7 +4112,7 @@ kbd_buffer_get_event (KBOARD **kbp, frame = event->frame_or_window; object = event->arg; - position = make_number (event->timestamp); + position = make_number (Time_to_position (event->timestamp)); window = event->x; help = event->y; clear_event (event); diff --git a/src/systime.h b/src/systime.h index 30a13d0ebcf..a834bce76dc 100644 --- a/src/systime.h +++ b/src/systime.h @@ -19,7 +19,6 @@ along with GNU Emacs. If not, see . */ #ifndef EMACS_SYSTIME_H #define EMACS_SYSTIME_H -#include #include INLINE_HEADER_BEGIN @@ -28,7 +27,7 @@ INLINE_HEADER_BEGIN # ifdef HAVE_X_WINDOWS # include # else -typedef size_t Time; +typedef unsigned long Time; # endif #endif diff --git a/src/termhooks.h b/src/termhooks.h index 6412f0da6ca..8d85fba8af8 100644 --- a/src/termhooks.h +++ b/src/termhooks.h @@ -288,9 +288,6 @@ struct input_event Lisp_Object arg; }; -/* To make sure we don't break HELP_EVENT. */ -verify (sizeof (Time) == sizeof (ptrdiff_t)); - #define EVENT_INIT(event) memset (&(event), 0, sizeof (struct input_event)) /* Bits in the modifiers member of the input_event structure.