From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 30 Aug 2011 21:16:49 +0000 (-0700)
Subject: Merge from trunk.
X-Git-Tag: emacs-pretest-24.0.90~104^2~153^2~1^2~9
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=542f2c78acd26112754474223c85311d6c9cc2eb;p=emacs.git

Merge from trunk.
---

542f2c78acd26112754474223c85311d6c9cc2eb
diff --cc src/ChangeLog
index e6c58903f03,e0f2ad096be..b38c11ace93
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@@ -1,109 -1,17 +1,123 @@@
 +2011-08-30  Paul Eggert  <eggert@cs.ucla.edu>
 +
 +	sprintf-related integer and memory overflow issues.
 +
 +	* doprnt.c (doprnt): Support printing ptrdiff_t and intmax_t values.
 +	(esprintf, esnprintf, exprintf, evxprintf): New functions.
 +	* keyboard.c (command_loop_level): Now EMACS_INT, not int.
 +	(cmd_error): kbd macro iterations count is now EMACS_INT, not int.
 +	(modify_event_symbol): Do not assume that the length of
 +	name_alist_or_stem is safe to alloca and fits in int.
 +	(Fexecute_extended_command): Likewise for function name and binding.
 +	(Frecursion_depth): Wrap around reliably on integer overflow.
 +	* keymap.c (push_key_description): First arg is now EMACS_INT, not int,
 +	since some callers pass EMACS_INT values.
 +	(Fsingle_key_description): Don't crash if symbol name contains more
 +	than MAX_ALLOCA bytes.
 +	* minibuf.c (minibuf_level): Now EMACS_INT, not int.
 +	(get_minibuffer): Arg is now EMACS_INT, not int.
 +	* lisp.h (get_minibuffer, push_key_description): Reflect API changes.
 +	(esprintf, esnprintf, exprintf, evxprintf): New decls.
 +	* window.h (command_loop_level, minibuf_level): Reflect API changes.
 +
 +	* dbusbind.c (signature_cat): New function.
 +	(xd_signature, Fdbus_register_signal):
 +	Do not overrun buffer; instead, report string overflow.
 +
 +	* dispnew.c (add_window_display_history): Don't overrun buffer.
 +	Truncate instead; this is OK since it's just a log.
 +
 +	* editfns.c (Fcurrent_time_zone): Don't overrun buffer
 +	even if the time zone offset is outlandishly large.
 +	Don't mishandle offset == INT_MIN.
 +
 +	* emacs.c (main) [NS_IMPL_COCOA]: Don't overrun buffer
 +	when creating daemon; the previous buffer-overflow check was incorrect.
 +
 +	* eval.c (verror): Simplify by rewriting in terms of evxprintf,
 +	which has the guts of the old verror function.
 +
 +	* filelock.c (lock_file_1, lock_file): Don't blindly alloca long name;
 +	use SAFE_ALLOCA instead.  Use esprintf to avoid int-overflow issues.
 +
 +	* font.c: Include <float.h>, for DBL_MAX_10_EXP.
 +	(font_unparse_xlfd): Don't blindly alloca long strings.
 +	Don't assume XINT result fits in int, or that XFLOAT_DATA * 10
 +	fits in int, when using sprintf.  Use single snprintf to count
 +	length of string rather than counting it via multiple sprintfs;
 +	that's simpler and more reliable.
 +	(APPEND_SPRINTF): New macro.
 +	(font_unparse_fcname): Use it to avoid sprintf buffer overrun.
 +	(generate_otf_features) [0 && HAVE_LIBOTF]: Use esprintf, not
 +	sprintf, in case result does not fit in int.
 +
 +	* fontset.c (num_auto_fontsets): Now printmax_t, not int.
 +	(fontset_from_font): Print it.
 +
 +	* frame.c (tty_frame_count): Now printmax_t, not int.
 +	(make_terminal_frame, set_term_frame_name): Print it.
 +	(x_report_frame_params): In X, window IDs are unsigned long,
 +	not signed long, so print them as unsigned.
 +	(validate_x_resource_name): Check for implausibly long names,
 +	and don't assume name length fits in 'int'.
 +	(x_get_resource_string): Don't blindly alloca invocation name;
 +	use SAFE_ALLOCA.  Use esprintf, not sprintf, in case result does
 +	not fit in int.
 +
 +	* gtkutil.c: Include <float.h>, for DBL_MAX_10_EXP.
 +	(xg_check_special_colors, xg_set_geometry):
 +	Make sprintf buffers a bit bigger, to avoid potential buffer overrun.
 +
 +	* lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA.
 +	Use esprintf, not sprintf, in case result does not fit in int.
 +
 +	* macros.c (executing_kbd_macro_iterations): Now EMACS_INT, not int.
 +	(Fend_kbd_macro): Don't mishandle MOST_NEGATIVE_FIXNUM by treating
 +	it as a large positive number.
 +	(Fexecute_kbd_macro): Don't assume repeat count fits in int.
 +	* macros.h (executing_kbd_macro_iterations): Now EMACS_INT, not int.
 +
 +	* nsterm.m ((NSSize)windowWillResize): Use esprintf, not sprintf,
 +	in case result does not fit in int.
 +
 +	* print.c (float_to_string): Detect width overflow more reliably.
 +	(print_object): Make sprintf buffer a bit bigger, to avoid potential
 +	buffer overrun.  Don't assume list length fits in 'int'.  Treat
 +	print length of 0 as 0, not as infinity; to be consistent with other
 +	uses of print length in this function.  Don't overflow print length
 +	index.  Don't assume hash table size fits in 'long', or that
 +	vectorlike size fits in 'unsigned long'.
 +
 +	* process.c (make_process): Use printmax_t, not int, to format
 +	process-name gensyms.
 +
 +	* term.c (produce_glyphless_glyph): Make sprintf buffer a bit bigger
 +	to avoid potential buffer overrun.
 +
 +	* xfaces.c (x_update_menu_appearance): Don't overrun buffer
 +	if X resource line is longer than 512 bytes.
 +
 +	* xfns.c (x_window): Make sprintf buffer a bit bigger
 +	to avoid potential buffer overrun.
 +
 +	* xterm.c (x_io_error_quitter): Don't overrun sprintf buffer.
 +
 +	* xterm.h (x_check_errors): Add ATTRIBUTE_FORMAT_PRINTF.
 +
+ 2011-08-30  Eli Zaretskii  <eliz@gnu.org>
+ 
+ 	* image.c (x_bitmap_pixmap): Cast to int to avoid compiler warnings.
+ 
+ 	* xdisp.c (produce_stretch_glyph): No longer static, compiled also
+ 	when HAVE_WINDOW_SYSTEM is not defined.  Support both GUI and TTY
+ 	frames.  Call tty_append_glyph in the TTY case.  (Bug#9402)
+ 
+ 	* term.c (tty_append_glyph): New function.
+ 	(produce_stretch_glyph): Static function and its prototype deleted.
+ 
+ 	* dispextern.h (produce_stretch_glyph, tty_append_glyph): Add
+ 	prototypes.
+ 
  2011-08-29  Paul Eggert  <eggert@cs.ucla.edu>
  
  	* image.c (parse_image_spec): Check for nonnegative, not for positive,