From: Paul Eggert Date: Sun, 14 Aug 2011 06:40:45 +0000 (-0700) Subject: Merge from trunk. X-Git-Tag: emacs-pretest-24.0.90~104^2~152^2~84 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=70c60eb2f9e5120f609ba5b6f2d82eef26d21c15;p=emacs.git Merge from trunk. --- 70c60eb2f9e5120f609ba5b6f2d82eef26d21c15 diff --cc src/ChangeLog index 7f90c576fb1,60c835cb100,1e18ffd5d6b..9d7834fd053 --- a/src/ChangeLog +++ b/src/ChangeLog @@@@ -1,414 -1,3 -1,84 +1,495 @@@@ - 2011-08-06 Paul Eggert +++2011-08-14 Paul Eggert ++ - Integer and memory overflow issues. +++ Integer and memory overflow issues (Bug#9196). ++ ++ * charset.c (charset_table_size) ++ (struct charset_sort_data.priority): Now ptrdiff_t. ++ (charset_compare): Don't overflow if priorities differ greatly. ++ (Fsort_charsets): Don't assume list length fits in int. ++ Check for size-calculation overflow when allocating sort data. ++ (syms_of_charset): Allocate an initial charset table that is ++ just under 64 KiB, to avoid problems with glibc malloc and mmap. ++ ++ * cmds.c (internal_self_insert): Check for size-calculation overflow. ++ ++ * composite.h (struct composition.glyph_len): Now int, not unsigned. ++ The actual value is always <= INT_MAX, and leaving it unsigned made ++ overflow checking harder. ++ ++ * dispextern.h (struct glyph_matrix.rows_allocated) ++ (struct face_cache.size): Now ptrdiff_t, for convenience in use ++ with xpalloc. The values are still always <= INT_MAX. ++ ++ * indent.c (compute_motion): Adjust to region_cache_forward sig change. ++ ++ * lisp.h (xnmalloc, xnrealloc, xpalloc): New decls. ++ (SAFE_NALLOCA): New macro. ++ ++ * region-cache.c (struct boundary.pos, find_cache_boundary) ++ (move_cache_gap, insert_cache_boundary, delete_cache_boundaries) ++ (set_cache_region, invalidate_region_cache) ++ (revalidate_region_cache, know_region_cache, region_cache_forward) ++ (region_cache_backward, pp_cache): ++ Use ptrdiff_t, not EMACS_INT, since either will do. This is needed ++ so that ptrdiff_t * can be passed to xpalloc. ++ (struct region_cache): Similarly, for gap_start, gap_len, cache_len, ++ beg_unchanged, end_unchanged, buffer_beg, buffer_end members. ++ (pp_cache): Don't assume cache_len fits in int. ++ * region-cache.h: Adjust extern decls to match. ++ ++ * search.c (scan_buffer, Freplace_match): Use ptrdiff_t, not ++ EMACS_INT, since either will do, for xpalloc. ++ ++ * alloc.c: Include verify.h, and check that int fits in ptrdiff_t. ++ (xnmalloc, xnrealloc, xpalloc): New functions. ++ ++ * bidi.c (bidi_shelve_header_size): New constant. ++ (bidi_cache_ensure_space, bidi_shelve_cache): Use it. ++ (bidi_cache_ensure_space): Avoid integer overflow when allocating. ++ ++ * buffer.c (overlays_at, overlays_in, record_overlay_string) ++ (overlay_strings): ++ Don't update size of array until after memory allocation succeeds, ++ because xmalloc/xrealloc may not return. ++ (struct sortstrlist.bytes): Now ptrdiff_t, as EMACS_INT doesn't help ++ now that we have proper integer overflow checking. ++ (record_overlay_string, overlay_strings): Catch overflows when ++ calculating size of overlay_str_buf. ++ ++ * callproc.c (Fcall_process): Check for size overflow when ++ calculating size of args2. ++ (child_setup): Avoid overflow by using size_t rather than ptrdiff_t. ++ Normally we prefer signed values, but sticking with ptrdiff_t would ++ require adding more-complicated checks. ++ ++ * ccl.c (Fccl_execute_on_string): Check for memory overflow. ++ Use ptrdiff_t rather than EMACS_INT where ptrdiff_t will do. ++ Redo buffer-overflow calculations to avoid integer overflow. ++ Add a FIXME comment where memory seems to be over-allocated. ++ ++ * character.c (Fstring): Check for size-calculation overflow. ++ ++ * coding.c (produce_chars): Redo buffer-overflow calculations to avoid ++ unnecessary integer overflow. Check for size overflow. ++ (encode_coding_object): Don't update size until xmalloc succeeds. ++ ++ * composite.c (get_composition_id): Check for overflow in glyph ++ length calculations. ++ ++ Integer and memory overflow fixes for display code. ++ * dispextern.h (struct glyph_pool.nglyphs): Now ptrdiff_t, not int. ++ * dispnew.c (adjust_glyph_matrix, realloc_glyph_pool) ++ (scrolling_window): Check for overflow in size calculations. ++ (line_draw_cost, realloc_glyph_pool, add_row_entry): ++ Don't assume glyph table len fits in int. ++ (struct row_entry.bucket, row_entry_pool_size, row_entry_idx) ++ (row_table_size): Now ptrdiff_t, not int. ++ (scrolling_window): Avoid overflow in size calculations. ++ Don't update size until allocation succeeds. ++ * fns.c (concat): Check for overflow in size calculations. ++ (next_almost_prime): Verify NEXT_ALMOST_PRIME_LIMIT. ++ * lisp.h (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros. ++ (NEXT_ALMOST_PRIME_LIMIT): New constant. ++ ++ * doc.c (get_doc_string_buffer_size): Now ptrdiff_t, not int. ++ (get_doc_string): Check for size calculation overflow. ++ Don't update size until allocation succeeds. ++ (get_doc_string, Fsubstitute_command_keys): Use ptrdiff_t, not ++ EMACS_INT, where ptrdiff_t will do. ++ (Fsubstitute_command_keys): Check for string overflow. ++ ++ * editfns.c (set_time_zone_rule): Don't assume environment length ++ fits in int. ++ (message_length): Now ptrdiff_t, not int. ++ (Fmessage_box): Don't update size until allocation succeeds. ++ Don't assume message length fits in int. ++ (Fformat): Use ptrdiff_t, not EMACS_INT, where ptrdiff_t will do. ++ ++ * emacs.c (main): Do not reallocate argv, since there is a null at ++ the end that can be overwritten, and this way there's no need to ++ worry about size-calculation overflow. ++ (sort_args): Check for size-calculation overflow. ++ ++ * eval.c (init_eval_once, grow_specpdl): Don't update size until ++ alloc succeeds. ++ (call_debugger, grow_specpdl): Redo calculations to avoid overflow. ++ ++ * frame.c (set_menu_bar_lines, x_set_frame_parameters) ++ (x_set_scroll_bar_width, x_figure_window_size): ++ Check for integer overflow. ++ (x_set_alpha): Do not assume XINT fits in int. ++ ++ * frame.h (struct frame): Use int, not EMACS_INT, where int works. ++ This is for the members text_lines, text_cols, total_lines, total_cols, ++ where the system imposes an 'int' limit. ++ ++ * fringe.c (Fdefine_fringe_bitmap): ++ Don't update size until alloc works. ++ ++ * ftfont.c (ftfont_get_open_type_spec, setup_otf_gstring) ++ (ftfont_shape_by_flt): Check for integer overflow in size calculations. ++ ++ * gtkutil.c (get_utf8_string, xg_store_widget_in_map): ++ Check for size-calculation overflow. ++ (get_utf8_string): Use ptrdiff_t, not size_t, where either will ++ do, as we prefer signed integers. ++ (id_to_widget.max_size, id_to_widget.used) ++ (xg_store_widget_in_map, xg_remove_widget_from_map) ++ (xg_get_widget_from_map, xg_get_scroll_id_for_window) ++ (xg_remove_scroll_bar, xg_update_scrollbar_pos): ++ Use and return ptrdiff_t, not int. ++ (xg_gtk_scroll_destroy): Don't assume ptrdiff_t fits in int. ++ * gtkutil.h: Change prototypes to match the above. ++ ++ * image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): Remove; these ++ are duplicate now that they've been promoted to lisp.h. ++ (x_allocate_bitmap_record, x_alloc_image_color) ++ (make_image_cache, cache_image, xpm_load): ++ Don't update size until alloc is done. ++ (xpm_load, lookup_rgb_color, lookup_pixel_color, x_to_xcolors) ++ (x_detect_edges): ++ Check for size calculation overflow. ++ (ct_colors_allocated_max): New constant. ++ (x_to_xcolors, x_detect_edges): Reorder multiplicands to avoid ++ overflow. ++ ++ * keyboard.c (read_char, menu_bar_items, tool_bar_items) ++ (read_char_x_menu_prompt, read_char_minibuf_menu_width) ++ (read_char_minibuf_menu_prompt, follow_key, read_key_sequence): ++ Use ptrdiff_t, not int, to count maps. ++ (read_char_minibuf_menu_prompt): Check for overflow in size ++ calculations. Don't update size until allocation succeeds. Redo ++ calculations to avoid overflow. ++ * keyboard.h: Change prototypes to match the above. ++ ++ * keymap.c (cmm_size, current_minor_maps): Use ptrdiff_t, not int, ++ to count maps. ++ (current_minor_maps): Check for size calculation overflow. ++ * keymap.h: Change prototypes to match the above. ++ ++ * lread.c (read1, init_obarray): Don't update size until alloc done. ++ ++ * macros.c (Fstart_kbd_macro): Don't update size until alloc done. ++ (store_kbd_macro_char): Reorder multiplicands to avoid overflow. ++ ++ * nsterm.h (struct ns_color_table.size, struct ns_color_table.avail): ++ Now ptrdiff_t, not int. ++ * nsterm.m (ns_index_color): Use ptrdiff_t, not int, for table indexes. ++ (ns_draw_fringe_bitmap): Rewrite to avoid overflow. ++ ++ * process.c (Fnetwork_interface_list): Check for overflow ++ in size calculation. ++ ++ * region-cache.c (move_cache_gap): Check for size calculation overflow. ++ ++ * scroll.c (do_line_insertion_deletion_costs): Check for size calc ++ overflow. Don't bother calling xmalloc when xrealloc will do. ++ ++ * search.c (Freplace_match): Check for size calculation overflow. ++ (Fset_match_data): Don't assume list lengths fit in 'int'. ++ ++ * sysdep.c (system_process_attributes): Use ptrdiff_t, not int, ++ for command line length. Do not attempt to address one before the ++ beginning of an array, as that's not portable. ++ ++ * term.c (max_frame_lines): Remove; unused. ++ (encode_terminal_src_size, encode_terminal_dst_size): Now ptrdiff_t, ++ not int. ++ (encode_terminal_code, calculate_costs): Check for size ++ calculation overflow. ++ (encode_terminal_code): Use ptrdiff_t, not int, to record glyph ++ table lengths and related sizes. Don't update size until alloc ++ done. Redo calculations to avoid overflow. ++ (calculate_costs): Don't bother calling xmalloc when xrealloc will do. ++ ++ * termcap.c (tgetent): Use ptrdiff_t, not int, to record results of ++ subtracting pointers. ++ (gobble_line): Check for overflow more carefully. Don't update size ++ until alloc done. ++ ++ * tparam.c (tparam1): Use ptrdiff_t, not int, for sizes. ++ Don't update size until alloc done. ++ Redo size calculations to avoid overflow. ++ Check for size calculation overflow. ++ (main) [DEBUG]: Fix typo in invoking tparam1. ++ ++ * xdisp.c (store_mode_line_noprop_char, x_consider_frame_title): ++ Use ptrdiff_t, not int, for sizes. ++ (store_mode_line_noprop_char): Don't update size until alloc done. ++ ++ * xfaces.c (lface_id_to_name_size, Finternal_make_lisp_face): ++ Use ptrdiff_t, not int, for sizes. ++ (Finternal_make_lisp_face, cache_face): ++ Check for size calculation overflow. ++ (cache_face): Treat size calculation overflows as if they were ++ memory exhaustion (the usual treatment), rather than aborting. ++ ++ * xfns.c (x_encode_text, x_set_name_internal) ++ (Fx_change_window_property): Use ptrdiff_t, not int, to count ++ sizes, since they can exceed INT_MAX in size. Check for size ++ calculation overflow. ++ ++ * xgselect.c (gfds_size): Now ptrdiff_t, for convenience with xpalloc. ++ (xg_select): Check for size calculation overflow. ++ Don't update size until alloc done. ++ ++ * xrdb.c (get_environ_db): Don't assume path length fits in int, ++ as sprintf is limited to int lengths. ++ ++ * xselect.c (X_LONG_SIZE, X_SHRT_MAX, X_SHRT_MIN, X_LONG_MAX) ++ (X_LONG_MIN): New macros. ++ Use them to make the following changes clearer. ++ (MAX_SELECTION_QUANTUM): Make the other bounds on this value clearer. ++ This change doesn't affect the value now, but it may help remind ++ future maintainers not to raise the value too much later. ++ (SELECTION_QUANTUM): Remove, replacing with ... ++ (selection_quantum): ... new function, which avoids overflow. ++ All uses changed. ++ (struct selection_data.size): Now ptrdiff_t, not int, to avoid ++ assumption that selection length fits in 'int'. ++ (x_reply_selection_request, x_handle_selection_request) ++ (x_get_window_property, receive_incremental_selection) ++ (x_get_window_property_as_lisp_data, selection_data_to_lisp_data) ++ (lisp_data_to_selection_data, clean_local_selection_data): ++ Use ptrdiff_t, not int, to record length of selection. ++ (x_reply_selection_request, x_get_window_property) ++ (receive_incremental_selection, x_property_data_to_lisp): ++ Redo calculations to avoid overflow. ++ (x_reply_selection_request): When sending hint, ceiling it at ++ X_LONG_MAX rather than relying on wraparound overflow to send ++ something. ++ (x_get_window_property, receive_incremental_selection) ++ (lisp_data_to_selection_data, x_property_data_to_lisp): ++ Check for size-calculation overflow. ++ (x_get_window_property, receive_incremental_selection) ++ (lisp_data_to_selection_data, Fx_register_dnd_atom): ++ Don't store size until memory allocation succeeds. ++ (x_get_window_property): Plug memory leak on memory exhaustion. ++ Don't double-block input; malloc is safe here. Don't assume 2**34 ++ - 4 fits in unsigned long. Add an xassert to check ++ XGetWindowProperty overflow. Be more careful about overflow ++ calculations, and distinguish size from memory overflow better. ++ (receive_incremental_selection): When tracing, don't assume ++ unsigned int is less than INT_MAX. ++ (x_selection_data_to_lisp_data): Remove unnecessary (and in theory ++ harmful) conversions of unsigned short to int. ++ (lisp_data_to_selection_data): Don't assume that integers ++ in the range -65535 through -1 fit in an X unsigned short. ++ Don't assume that ULONG_MAX == X_ULONG_MAX. Don't store into ++ result parameters unless successful. Rely on cons_to_unsigned ++ to report problems with elements; the old code wasn't right anyway. ++ (x_check_property_data): Check for int overflow; we cannot use ++ a wider type due to X limits. ++ (x_handle_dnd_message): Use unsigned int, to avoid int overflow. ++ ++ * xsmfns.c (smc_save_yourself_CB): Check for size calc overflow. ++ ++ * xterm.c (x_color_cells, x_send_scrollbar_event, handle_one_xevent) ++ (x_term_init): Check for size calculation overflow. ++ (x_color_cells): Don't store size until memory allocation succeeds. ++ (handle_one_xevent): Use ptrdiff_t, not int, for byte counts. ++ Don't assume alloca size is less than MAX_ALLOCA. ++ (x_term_init): Don't assume length fits in int (sprintf is limited ++ to int size). ++ ++ Use ptrdiff_t for composition IDs. ++ * character.c (lisp_string_width): ++ * composite.c (composition_table_size, n_compositions) ++ (get_composition_id, composition_gstring_from_id): ++ * dispextern.h (struct glyph_string.cmp_id, struct composition_it.id): ++ * xdisp.c (BUILD_COMPOSITE_GLYPH_STRING): ++ * window.c (Frecenter): ++ Use ptrdiff_t, not int, for composition IDs. ++ * composite.c (get_composition_id): Check for integer overflow. ++ * composite.h: Adjust prototypes to match the above changes. ++ ++ Use ptrdiff_t for hash table indexes. ++ * category.c (hash_get_category_set): ++ * ccl.c (ccl_driver): ++ * charset.h (struct charset.hash_index, CHECK_CHARSET_GET_ID): ++ * coding.c (coding_system_charset_list, detect_coding_system): ++ * coding.h (struct coding_system.id): ++ * composite.c (get_composition_id, gstring_lookup_cache): ++ * fns.c (hash_lookup, hash_put, Fgethash, Fputhash): ++ * image.c (xpm_get_color_table_h): ++ * lisp.h (hash_lookup, hash_put): ++ * minibuf.c (Ftest_completion): ++ Use ptrdiff_t for hash table indexes, not int (which is too ++ narrow, on 64-bit hosts) or EMACS_INT (which is too wide, on ++ 32-bit --with-wide-int hosts). ++ ++ * charset.c (Fdefine_charset_internal): Check for integer overflow. ++ Add a FIXME comment about memory leaks. ++ (syms_of_charset): Don't assume xmalloc returns. ++ ++ Don't assume that stated character widths fit in int. ++ * character.c (Fchar_width, c_string_width, lisp_string_width): ++ * character.h (CHAR_WIDTH): ++ * indent.c (MULTIBYTE_BYTES_WIDTH): ++ Use sanitize_char_width to avoid undefined and/or bad behavior ++ with outlandish widths. ++ * character.h (sanitize_tab_width): Renamed from sanitize_width, ++ now that we have two such functions. All uses changed. ++ (sanitize_char_width): New inline function. ++ ++ Don't assume that tab-width fits in int. ++ * character.h (sanitize_width): New inline function. ++ (SANE_TAB_WIDTH): New macro. ++ (ASCII_CHAR_WIDTH): Use it. ++ * indent.c (sane_tab_width): Remove. All uses replaced by ++ SANE_TAB_WIDTH (current_buffer). ++ * xdisp.c (init_iterator): Use SANE_TAB_WIDTH. ++ ++ * fileio.c: Integer overflow issues with file modes. ++ (Fset_file_modes, auto_save_1): Don't assume EMACS_INT fits in int. ++ ++ * charset.c (read_hex): New arg OVERFLOW. All uses changed. ++ Remove unreachable code. ++ (read_hex, load_charset_map_from_file): Check for integer overflow. ++ ++ * xterm.c: don't go over XClientMessageEvent limit ++ (scroll_bar_windows_size): Now ptrdiff_t, as we prefer signed. ++ (x_send_scroll_bar_event): Likewise. Check that the size does not ++ exceed limits imposed by XClientMessageEvent, as well as the usual ++ ptrdiff_t and size_t limits. ++ ++ * keyboard.c: Overflow, signedness and related fixes. ++ (make_lispy_movement): Use same integer type in forward decl ++ that is used in the definition. ++ (read_key_sequence, keyremap_step): ++ Change bufsize argument back to int, undoing my 2011-03-30 change. ++ We prefer signed types, and int is wide enough here. ++ (parse_tool_bar_item): Don't assume tool_bar_max_label_size is less ++ than TYPE_MAXIMUM (EMACS_INT) / 2. Don't let the label size grow ++ larger than STRING_BYTES_BOUND. Use ptrdiff_t for Emacs string ++ length, not size_t. Use ptrdiff_t for index, not int. ++ (keyremap_step, read_key_sequence): Redo bufsize check to avoid ++ possibility of integer overflow. ++ ++ Overflow, signedness and related fixes for images. ++ ++ * dispextern.h (struct it.stack[0].u.image.image_id) ++ (struct_it.image_id, struct image.id, struct image_cache.size) ++ (struct image_cache.used, struct image_cache.ref_count): ++ * gtkutil.c (update_frame_tool_bar): ++ * image.c (x_reference_bitmap, Fimage_size, Fimage_mask_p) ++ (Fimage_metadata, free_image_cache, clear_image_cache, lookup_image) ++ (cache_image, mark_image_cache, x_kill_gs_process, Flookup_image): ++ * nsmenu.m (update_frame_tool_bar): ++ * xdisp.c (calc_pixel_width_or_height): ++ * xfns.c (image_cache_refcount): ++ Image IDs are now ptrdiff_t, not int, to avoid arbitrary limits ++ on typical 64-bit hosts. ++ ++ * image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros. ++ (x_bitmap_pixmap, x_create_x_image_and_pixmap): ++ Omit unnecessary casts to int. ++ (parse_image_spec): Check that integers fall into 'int' range ++ when the callers expect that. ++ (image_ascent): Redo ascent calculation to avoid int overflow. ++ (clear_image_cache): Avoid overflow when sqrt (INT_MAX) < nimages. ++ (lookup_image): Remove unnecessary tests. ++ (xbm_image_p): Locals are now of int, not EMACS_INT, ++ since parse_image_check makes sure they fit into int. ++ (png_load, gif_load, svg_load_image): ++ Prefer int to unsigned where either will do. ++ (tiff_handler): New function, combining the cores of the ++ old tiff_error_handler and tiff_warning_handler. This ++ function is rewritten to use vsnprintf and thereby avoid ++ stack buffer overflows. It uses only the features of vsnprintf ++ that are common to both POSIX and native Microsoft. ++ (tiff_error_handler, tiff_warning_handler): Use it. ++ (tiff_load, gif_load, imagemagick_load_image): ++ Don't assume :index value fits in 'int'. ++ (gif_load): Omit unnecessary cast to double, and avoid double-rounding. ++ (imagemagick_load_image): Check that crop parameters fit into ++ the integer types that MagickCropImage accepts. Don't assume ++ Vimagemagick_render_type has a nonnegative value. Don't assume ++ size_t fits in 'long'. ++ (gs_load): Use printmax_t to print the widest integers possible. ++ Check for integer overflow when computing image height and width. ++ ++ 2011-08-14 Paul Eggert ++ ++ * xfaces.c (Qframe_set_background_mode): Now static. ++ * dispextern.h (Qframe_set_background_mode): Remove decl. ++ ++ * process.c (Fnetwork_interface_info): Declare local only if needed. ++ ++ 2011-08-13 Jan Djärv ++ ++ * process.c: Include ifaddrs.h and net/if_dl.h if available (Bug#8477). ++ (Fnetwork_interface_list): Allocate in increments of bytes instead ++ of sizeof (struct ifreq). Iterate over ifconf.ifc_req by counting ++ bytes (Bug#8477). Count bytes correctly when ifr_addr is a struct ++ sockaddr. ++ (struct ifflag_def): notrailers is smart on OSX. ++ (Fnetwork_interface_info): Handle case when ifr_flags is negative. ++ Get hardware address with getifaddrs if available. ++ ++ 2011-08-12 Eli Zaretskii ++ ++ * xdisp.c (iterate_out_of_display_property): xassert that ++ IT->position is set to within IT->object's boundaries. Break from ++ the loop as soon as EOB is reached; avoids infloops in redisplay ++ when IT->position is set up wrongly due to some bug. Set ++ IT->current to match the bidi iterator unconditionally. ++ (push_display_prop): Allow GET_FROM_STRING as IT->method on ++ entry. Force push_it to save on the stack the current ++ buffer/string position, to be restored by pop_it. Fix flags in ++ the iterator structure wrt the object coming from a display ++ property, as `line-prefix' and `wrap-prefix' are not ``replacing'' ++ properties. (Bug#9284) ++ ++ 2011-08-09 Andreas Schwab ++ ++ * fontset.c (fontset_get_font_group): Add proper type checks. ++ (Bug#9172) ++ ++ 2011-08-09 YAMAMOTO Mitsuharu ++ ++ * unexmacosx.c (print_load_command_name): Add cases LC_FUNCTION_STARTS ++ and LC_VERSION_MIN_MACOSX. ++ (copy_linkedit_data) [LC_FUNCTION_STARTS]: New function. ++ (dump_it) [LC_FUNCTION_STARTS]: Use it. ++ ++ 2011-08-08 Eli Zaretskii ++ ++ * xdisp.c (forward_to_next_line_start): Allow to use the ++ no-display-properties-and-no-overlays under bidi display. Set ++ disp_pos in the bidi iterator to avoid searches for display ++ properties and overlays. ++ ++ 2011-08-08 Chong Yidong ++ ++ * editfns.c (Fset_time_zone_rule): Document relationship with the ++ setenv function. ++ ++ * ftfont.c (ftfont_pattern_entity): Copy the extras argument to ++ the font entity extracted from the cache (Bug#8109). ++ ++ 2011-08-07 Chong Yidong ++ ++ * composite.c (autocmp_chars): Don't reset point. That is done by ++ restore_point_unwind (Bug#5984). ++ ++ 2011-08-07 Juri Linkov ++ ++ * editfns.c (Fformat_time_string): Doc fix, add tag `usage:' ++ to show the arg `TIME' instead of `TIMEVAL'. ++ ++ 2011-08-06 Eli Zaretskii ++ ++ * xdisp.c (set_cursor_from_row): Fix cursor positioning when a ++ display property strides EOL and includes a newline, as in ++ longlines-mode. (Bug#9254) ++ (move_it_in_display_line_to): Fix vertical-motion in a buffer with ++ word-wrap under bidirectional display. (Bug#9224) ++ ++ * bidi.c (bidi_unshelve_cache): Don't reset the cache if JUST_FREE ++ is non-zero, even if the data buffer is NULL. Fixes a crash in ++ vertical-motion with longlines-mode. (Bug#9254) ++ 2011-08-05 Eli Zaretskii * bidi.c : Now static. diff --cc src/ftfont.c index 5b95e2b2f08,4e313a89021,5c98073057c..7858a31be21 --- a/src/ftfont.c +++ b/src/ftfont.c @@@@ -1764,10 -1761,15 -1765,15 +1768,10 @@@@ static OTF_GlyphString otf_gstring static void setup_otf_gstring (int size) { -- if (otf_gstring.size == 0) - { - otf_gstring.glyphs = (OTF_Glyph *) xmalloc (sizeof (OTF_Glyph) * size); - otf_gstring.size = size; - } - else if (otf_gstring.size < size) ++ if (otf_gstring.size < size) { - otf_gstring.glyphs = (OTF_Glyph *) xmalloc (sizeof (OTF_Glyph) * size); - otf_gstring.size = size; - } - else if (otf_gstring.size < size) - { -- otf_gstring.glyphs = xrealloc (otf_gstring.glyphs, -- sizeof (OTF_Glyph) * size); ++ otf_gstring.glyphs = xnrealloc (otf_gstring.glyphs, ++ size, sizeof (OTF_Glyph)); otf_gstring.size = size; } otf_gstring.used = size; diff --cc src/process.c index f2c2bfd81c5,236c27e5c3a,9d20d0c2b09..887090df26c --- a/src/process.c +++ b/src/process.c @@@@ -3557,9 -3557,9 -3568,9 +3568,10 @@@@ format; see the description of ADDRESS (void) { struct ifconf ifconf; -- struct ifreq *ifreqs = NULL; - ptrdiff_t ifaces = 0; - int ifaces = 0; -- int buf_size, s; ++ struct ifreq *ifreq; ++ void *buf = NULL; - int buf_size = 512, s, i; +++ ptrdiff_t buf_size = 512; +++ int s, i; Lisp_Object res; s = socket (AF_INET, SOCK_STREAM, 0); @@@@ -3567,11 -3567,17 -3578,15 +3579,10 @@@@ return Qnil; again: - ifreqs = xpalloc (ifreqs, &ifaces, 25, - INT_MAX / sizeof *ifreqs, sizeof *ifreqs); - ifaces += 25; -- buf_size = ifaces * sizeof (ifreqs[0]); - ifreqs = (struct ifreq *)xrealloc(ifreqs, buf_size); - if (!ifreqs) - buf_size *= 2; - buf = xrealloc(buf, buf_size); - if (!buf) -- { -- close (s); -- return Qnil; -- } + +++ buf = xpalloc (buf, &buf_size, sizeof *ifreq, INT_MAX, 1); ++ ifconf.ifc_buf = buf; + ifconf.ifc_len = buf_size; -- ifconf.ifc_req = ifreqs; if (ioctl (s, SIOCGIFCONF, &ifconf)) { close (s);