From: Paul Eggert Date: Sun, 22 Apr 2012 04:20:28 +0000 (-0700) Subject: Merge from trunk. X-Git-Tag: emacs-24.2.90~471^2~6^2~114 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=c62c46f33c517369cd3a6a590d6b0053962a5521;p=emacs.git Merge from trunk. --- c62c46f33c517369cd3a6a590d6b0053962a5521 diff --cc src/ChangeLog index ae8ab9420a8,a5777058d9c..0504fb006a3 --- a/src/ChangeLog +++ b/src/ChangeLog @@@ -1,795 -1,14 +1,806 @@@ - 2012-04-21 Paul Eggert ++2012-04-22 Paul Eggert + + Fix integer width and related bugs (Bug#9874). + * alloc.c (pure_bytes_used_lisp, pure_bytes_used_non_lisp): + (allocate_vectorlike, buffer_memory_full, struct sdata, SDATA_SIZE) + (string_bytes, check_sblock, allocate_string_data): + (compact_small_strings, Fmake_bool_vector, make_string) + (make_unibyte_string, make_multibyte_string) + (make_string_from_bytes, make_specified_string) + (allocate_vectorlike, Fmake_vector, find_string_data_in_pure) + (make_pure_string, make_pure_c_string, make_pure_vector, Fpurecopy) + (mark_vectorlike): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (allocate_pseudovector): + Use int, not EMACS_INT, where int is wide enough. + (inhibit_garbage_collection, Fgarbage_collect): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + * bidi.c (bidi_mirror_char): Use EMACS_INT, not int, where + int might not be wide enough. + (bidi_cache_search, bidi_cache_find, bidi_init_it) + (bidi_count_bytes, bidi_char_at_pos, bidi_fetch_char) + (bidi_at_paragraph_end, bidi_find_paragraph_start) + (bidi_paragraph_init, bidi_resolve_explicit, bidi_resolve_weak) + (bidi_level_of_next_char, bidi_move_to_visually_next): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + * buffer.c (copy_overlays, Fgenerate_new_buffer_name) + (Fkill_buffer, Fset_buffer_major_mode) + (advance_to_char_boundary, Fbuffer_swap_text) + (Fset_buffer_multibyte, overlays_at, overlays_in) + (overlay_touches_p, struct sortvec, record_overlay_string) + (overlay_strings, recenter_overlay_lists) + (adjust_overlays_for_insert, adjust_overlays_for_delete) + (fix_start_end_in_overlays, fix_overlays_before, modify_overlay) + (Fmove_overlay, Fnext_overlay_change, Fprevious_overlay_change) + (Foverlay_recenter, last_overlay_modification_hooks_used) + (report_overlay_modification, evaporate_overlays, enlarge_buffer_text): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (validate_region): Omit unnecessary test for b <= e, + since that's guaranteed by the previous test. + (adjust_overlays_for_delete): Avoid pos + length overflow. + (Fmove_overlay, Fdelete_overlay, add_overlay_mod_hooklist) + (report_overlay_modification): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (Foverlays_at, Fnext_overlay_change, Fprevious_overlay_change): + Omit pointer cast, which isn't needed anyway, and doesn't work + after the EMACS_INT -> ptrdiff_t change. + (Fmove_overlay): Delete an evaporating overlay + if it becomes empty after its bounds are adjusted to fit within + its buffer. Without this fix, in a nonempty buffer (let ((o + (make-overlay 1 2))) (overlay-put o 'evaporate t) (move-overlay o 0 1)) + yields an empty overlay that has the evaporate property, which is + not supposed to happen. (Bug#9642) + * buffer.h: Adjust decls to match defn changes elsewhere. + (struct buffer_text, struct buffer): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + Use EMACS_INT, not int, where int might not be wide enough. + * bytecode.c (unmark_byte_stack, exec_byte_code): Use ptrdiff_t, + not int, to avoid needless 32-bit limit on 64-bit hosts. + (exec_byte_code): Use tighter memory-full test, one that checks + for alloca overflow. Don't compute the address of the object just + before an array, as that's not portable. Use EMACS_INT, not + ptrdiff_t or int, where ptrdiff_t or int might not be wide enough. + * callint.c (Fcall_interactively): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + * callproc.c (call_process_kill, Fcall_process): + Don't assume pid_t fits into an Emacs fixnum. + (call_process_cleanup, Fcall_process, child_setup): + Don't assume pid_t fits into int. + (call_process_cleanup, Fcall_process, delete_temp_file) + (Fcall_process_region): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (Fcall_process): Simplify handling of volatile integers. + Use int, not EMACS_INT, where int will do. + * casefiddle.c (casify_object, casify_region, operate_on_word) + (Fupcase_word, Fdowncase_word, Fcapitalize_word): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (casify_object): Avoid integer overflow when overallocating buffer. + * casetab.c (set_identity, shuffle): Prefer int to unsigned when + either works. Use lint_assume to convince GCC 4.6.1 that it's OK. + * category.c (Fchar_category_set): Don't assume fixnum fits in int. + * category.h (CATEGORYP): Don't assume arg is nonnegative. + * ccl.c (GET_CCL_INT): Remove; no longer needed, since the + integers are now checked earlier. All uses replaced with XINT. + (ccl_driver): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + For CCL_MapSingle, check that content and value are in int range. + (ccl_driver, Fregister_code_conversion_map): + Check that Vcode_version_map_vector is a vector. + (resolve_symbol_ccl_program): Check that vector header is in range. + Always copy the vector, so that we can check its contents reliably + now rather than having to recheck each instruction as it's being + executed. Check that vector words fit in 'int'. + (ccl_get_compiled_code, Fregister_ccl_program) + (Fregister_code_conversion_map): Use ptrdiff_t, not int, for + program indexes, to avoid needless 32-bit limit on 64-bit hosts. + (Fccl_execute, Fccl_execute_on_string): Check that initial reg + contents are in range. + (Fccl_execute_on_string): Check that status is in range. + * ccl.h (struct ccl_program.idx): Now ptrdiff_t, not int. + * character.c (char_resolve_modifier_mask, Fchar_resolve_modifiers): + Accept and return EMACS_INT, not int, because callers can pass values + out of 'int' range. + (c_string_width, strwidth, lisp_string_width, chars_in_text) + (multibyte_chars_in_text, parse_str_as_multibyte) + (str_as_multibyte, count_size_as_multibyte, str_to_multibyte) + (str_as_unibyte, str_to_unibyte, string_count_byte8) + (string_escape_byte8, Fget_byte): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (Funibyte_string): Use CHECK_RANGED_INTEGER, not CHECK_NATNUM, to + avoid mishandling large integers. + * character.h: Adjust decls to match defn changes elsewhere. + * charset.c (load_charset_map_from_file, find_charsets_in_text) + (Ffind_charset_region): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (load_charset_map_from_file): Redo idx calculation to avoid overflow. + (load_charset_map_from_vector, Fdefine_charset_internal): + Don't assume fixnum fits in int. + (load_charset_map_from_vector, Fmap_charset_chars): + Remove now-unnecessary CHECK_NATNUMs. + (Fdefine_charset_internal): Check ranges here, more carefully. + Don't rely on undefined behavior with signed left shift overflow. + Don't assume unsigned int fits into fixnum, or that fixnum fits + into unsigned int. Don't require max_code to be a valid fixnum; + that's not true for gb10830 4-byte on a 32-bit host. Allow + invalid_code to be a cons, for the same reason. Require code_offset + to be a character. Avoid int overflow if max_char is close + to INT_MAX. + (CODE_POINT_TO_INDEX): On 32-bit hosts, return int, not unsigned; + this is intended anyway and avoids some undefined behavior. + (load_charset_map): Pass unsigned, not int, as 2nd arg of + INDEX_TO_CODE_POINT, as that's what it expects. + (Funify_charset, encode_char): Don't stuff unsigned vals into int vars. + * charset.h (DECODE_CHAR): Return int, not unsigned; + this is what was intended anyway, and it avoids undefined behavior. + (CHARSET_OFFSET): Remove unused macro, instead of fixing its + integer-overflow issues. + (ENCODE_CHAR): Return unsigned on all hosts, not just on 32-bit hosts. + Formerly, it returned EMACS_INT on 64-bit hosts in the common case + where the argument is EMACS_INT, and this behavior is not intended. + * chartab.c (Fmake_char_table, Fset_char_table_range) + (uniprop_get_decoder, uniprop_get_encoder): + Don't assume fixnum fits in int. + * cmds.c (move_point): New function, that does the gist of + Fforward_char and Fbackward_char, but does so while checking + for integer overflow more accurately. + (Fforward_char, Fbackward_char): Use it. + (Fforward_line, Fend_of_line, internal_self_insert) + (internal_self_insert): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + Fix a FIXME, by checking for integer overflow when calculating + target_clm and actual_clm. + * coding.c (detect_coding_XXX, encode_coding_XXX, CODING_DECODE_CHAR) + (CODING_ENCODE_CHAR, CODING_CHAR_CHARSET, CODING_CHAR_CHARSET_P) + (ASSURE_DESTINATION, coding_alloc_by_realloc) + (coding_alloc_by_making_gap, alloc_destination) + (detect_coding_utf_8, encode_coding_utf_8, decode_coding_utf_16) + (encode_coding_utf_16, detect_coding_emacs_mule) + (decode_coding_emacs_mule, encode_coding_emacs_mule) + (detect_coding_iso_2022, decode_coding_iso_2022) + (encode_invocation_designation, encode_designation_at_bol) + (encode_coding_iso_2022, detect_coding_sjis, detect_coding_big5) + (decode_coding_sjis, decode_coding_big5, encode_coding_sjis) + (encode_coding_big5, detect_coding_ccl, decode_coding_ccl) + (encode_coding_ccl, encode_coding_raw_text) + (detect_coding_charset, decode_coding_charset) + (encode_coding_charset, detect_eol, decode_eol, produce_chars) + (produce_composition, produce_charset, produce_annotation) + (decode_coding, handle_composition_annotation) + (handle_charset_annotation, consume_chars, decode_coding_gap) + (decode_coding_object, encode_coding_object, detect_coding_system) + (Ffind_coding_systems_region_internal, Fcheck_coding_systems_region) + (code_convert_region, code_convert_string) + (Fdefine_coding_system_internal) + (coding_set_source, coding_set_destination): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (setup_iso_safe_charsets, consume_chars, Funencodable_char_position) + (Fdefine_coding_system_internal): + Don't assume fixnums fit in int. + (decode_coding_gap, decode_coding_object, encode_coding_object) + (Fread_coding_system, Fdetect_coding_region) + (Funencodable_char_position, Fcheck_coding_systems_region) + (get_translation, handle_composition_annotation, consume_chars): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (consume_chars): Rewrite to not calculate an address outside buffer. + (Ffind_operation_coding_system): NATNUMP can eval its arg twice. + Don't access memory outside of the args array. + (Fdefine_coding_system_internal): Check for charset-id overflow. + (ENCODE_ISO_CHARACTER): Use unsigned, not int, to store the unsigned + result of ENCODE_CHAR. + * coding.h: Adjust decls to match defn changes elsewhere. + (struct coding_system): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + * composite.c (get_composition_id, find_composition) + (run_composition_function, update_compositions) + (compose_text, composition_gstring_put_cache) + (composition_gstring_p, composition_gstring_width) + (fill_gstring_header, fill_gstring_body, autocmp_chars) + (composition_compute_stop_pos, composition_reseat_it) + (composition_update_it, struct position_record) + (find_automatic_composition, composition_adjust_point) + (Fcomposition_get_gstring, Ffind_composition_internal): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (update_compositions): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + * composite.h: Adjust decls to match defn changes elsewhere. + (struct composition): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + * data.c (let_shadows_buffer_binding_p, let_shadows_global_binding_p): + Do not attempt to compute the address of the object just before a + buffer; this is not portable. + (Faref, Faset): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (Faset): Use int, not EMACS_INT, where int is wide enough. + (Fstring_to_number): Don't assume fixnums fit in int. + (Frem): Don't assume arg is nonnegative. + * dbusbind.c (xd_append_arg): Check for integers out of range. + (Fdbus_call_method): Don't overflow the timeout int. + * dired.c (directory_files_internal, file_name_completion, scmp) + (file_name_completion_stat): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (file_name_completion): Don't overflow matchcount. + (file_name_completion_stat): Use SAFE_ALLOCA, not alloca. + * dispextern.h: Adjust decls to match defn changes elsewhere. + (struct text_pos, struct glyph, struct bidi_saved_info) + (struct bidi_string_data, struct bidi_it, struct composition_it) + (struct it): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (struct display_pos, struct composition_it, struct it): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + * dispnew.c (increment_matrix_positions) + (increment_row_positions, mode_line_string) + (marginal_area_string): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (change_frame_size_1, Fredisplay, Fframe_or_buffer_changed_p): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (duration_to_sec_usec): New function, to check for overflow better. + (Fsleep_for, sit_for): Use it. + * doc.c (get_doc_string, store_function_docstring): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (get_doc_string, Fsnarf_documentation): + Use int, not EMACS_INT, where int is wide enough. + (get_doc_string): + Use SAFE_ALLOCA, not alloca. + Check for overflow when converting EMACS_INT to off_t. + * doprnt.c (doprnt): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + * editfns.c (init_editfns, Fuser_uid, Fuser_real_uid): + Don't assume uid_t fits into fixnum. + (buildmark, Fgoto_char, overlays_around, find_field, Fdelete_field) + (Ffield_string, Ffield_string_no_properties, Ffield_beginning) + (Ffield_end, Fconstrain_to_field, Fline_beginning_position) + (Fline_end_position, Fprevious_char, Fchar_after, Fchar_before) + (general_insert_function) + (Finsert_char, make_buffer_string, make_buffer_string_both) + (update_buffer_properties, Fbuffer_substring) + (Fbuffer_substring_no_properties, Fcompare_buffer_substrings) + (Fsubst_char_in_region, check_translation) + (Ftranslate_region_internal, save_restriction_restore, Fformat) + (transpose_markers, Ftranspose_regions): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (clip_to_bounds): Move to lisp.h as an inline function). + (Fconstrain_to_field): Don't assume integers are nonnegative. + (Fline_beginning_position, Fsave_excursion, Fsave_current_buffer): + (Fsubst_char_in_region, Fsave_restriction): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (Femacs_pid): Don't assume pid_t fits into fixnum. + (lo_time): Use int, not EMACS_INT, when int suffices. + (lisp_time_argument): Check for usec out of range. + (Fencode_time): Don't assume fixnum fits in int. + (Fuser_login_name, Fuser_full_name): Signal an error + if a uid argument is out of range, rather than relying on + undefined behavior. + (Fformat_time_string): Remove now-unnecessary check. + lisp_time_argument checks for out-of-range usec now. + * emacs.c (gdb_valbits, gdb_gctypebits): Now int, not EMACS_INT. + (gdb_data_seg_bits): Now uintptr_t, not EMACS_INT. + (PVEC_FLAG, gdb_array_mark_flag): Now ptrdiff_t, not EMACS_INT. + (init_cmdargs, Fdump_emacs): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (Fkill_emacs): Don't assume fixnum fits in int; instead, take just + the bottom (typically) 32 bits of the fixnum. + * eval.c (specpdl_size, call_debugger): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (when_entered_debugger, Fbacktrace_debug): + Don't assume fixnum can fit in int. + (Fdefvaralias, Fdefvar): Do not attempt to compute the address of + the object just before a buffer; this is not portable. + (FletX, Flet, Funwind_protect, do_autoload, Feval, funcall_lambda) + (grow_specpdl, unbind_to): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (Fapply, apply_lambda): Don't assume ptrdiff_t can hold fixnum. + (grow_specpdl): Simplify allocation by using xpalloc. + (Fprog1, Fprog2): Don't assume list length fits in int. Simplify. + * fileio.c (Ffind_file_name_handler, Fcopy_file, Frename_file) + (Finsert_file_contents, Fwrite_region, Fdo_auto_save): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (Ffind_file_name_handler, non_regular_inserted, Finsert_file_contents) + (a_write, e_write): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (Fcopy_file, non_regular_nbytes, read_non_regular) + (Finsert_file_contents): + Use int, not EMACS_INT, where int is wide enough. + (READ_BUF_SIZE): Verify that it fits in int. + (Finsert_file_contents): Check that counts are in proper range, + rather than assuming fixnums fit into ptrdiff_t etc. + Don't assume fixnums fit into int. + * floatfns.c (Fexpt): Avoid undefined signed * signed overflow. + * fns.c (Fcompare_strings, Fstring_lessp, struct textprop_rec, concat) + (string_char_byte_cache_charpos, string_char_byte_cache_bytepos) + (string_char_to_byte, string_byte_to_char) + (string_make_multibyte, string_to_multibyte) + (string_make_unibyte, Fstring_as_unibyte, Fstring_as_multibyte) + (Fstring_to_unibyte, Fsubstring, Fsubstring_no_properties) + (substring_both, Fdelete, internal_equal, Ffillarray) + (Fclear_string, mapcar1) + (Fbase64_encode_region, Fbase64_encode_string, base64_encode_1) + (Fbase64_decode_region, Fbase64_decode_string, base64_decode_1) + (larger_vector, make_hash_table, maybe_resize_hash_table) + (hash_lookup, hash_remove_from_table, hash_clear, sweep_weak_table) + (Fmaphash, secure_hash): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (concat): Check for string index and length overflow. + (Fmapconcat): Don't assume fixnums fit into ptrdiff_t. + (Frequire): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (larger_vector): New API (vec, incr_min, size_max) replaces old + one (vec, new_size, init). This catches size overflow. + INIT was removed because it was always Qnil. + All callers changed. + (INDEX_SIZE_BOUND): New macro, which calculates more precisely + the upper bound on a hash table index size. + (make_hash_table, maybe_resize_hash_table): Use it. + (secure_hash): Computer start_byte and end_byte only after + they're known to be in ptrdiff_t range. + * font.c (font_intern_prop, font_at, font_range, Ffont_shape_gstring) + (Ffont_get_glyphs, Ffont_at): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (font_style_to_value, font_prop_validate_style, font_expand_wildcards) + (Flist_fonts, Fopen_font): + Don't assume fixnum can fit in int. + (check_gstring): Don't assume index can fit in int. + (font_match_p): Check that fixnum is a character, not a nonnegative + fixnum, since the later code needs to stuff it into an int. + (font_find_for_lface): Use SAFE_ALLOCA_LISP, not alloca. + (font_fill_lglyph_metrics): Use unsigned, not EMACS_INT, to avoid + conversion overflow issues. + (Fopen_font): Check for integer out of range. + (Ffont_get_glyphs): Don't assume index can fit in int. + * font.h: Adjust decls to match defn changes elsewhere. + * fontset.c (reorder_font_vector): Redo score calculation to avoid + integer overflow. + (num_auto_fontsets, fontset_from_font): Use ptrdiff_t, not + printmax_t, where ptrdiff_t is wide enough. + (Finternal_char_font): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + * frame.c (Fset_mouse_position, Fset_mouse_pixel_position) + (Fset_frame_height, Fset_frame_width, Fset_frame_size) + (Fset_frame_position, x_set_frame_parameters) + (x_set_line_spacing, x_set_border_width) + (x_set_internal_border_width, x_set_alpha, x_figure_window_size): + Check that fixnums are in proper range for system types. + (frame_name_fnn_p, Fframe_parameter, Fmodify_frame_parameters): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (Fmodify_frame_parameters): Don't assume fixnum fits in int. + Use SAFE_ALLOCA_LISP, not alloca. + * frame.h (struct frame): Use intptr_t, not EMACS_INT, where + intptr_t is wide enough. + * fringe.c (lookup_fringe_bitmap, get_logical_fringe_bitmap) + (Fdefine_fringe_bitmap): Don't assume fixnum fits in int. + (Ffringe_bitmaps_at_pos): Don't assume index fits in int. + Check for fixnum out of range. + * ftfont.c (ftfont_list): Don't assume index fits in int. + Check that fixnums are in proper range for system types. + (ftfont_shape_by_flt): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + * gnutls.c (emacs_gnutls_write, emacs_gnutls_read): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (Fgnutls_error_fatalp, Fgnutls_error_string, Fgnutls_boot): + Check that fixnums are in proper range for system types. + * gnutls.h: Adjust decls to match defn changes elsewhere. + * gtkutil.c (xg_dialog_run): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (update_frame_tool_bar): + Check that fixnums are in proper range for system types. + * image.c (parse_image_spec): Redo count calculation to avoid overflow. + (lookup_image): Check that fixnums are in range for system types. + * indent.c (last_known_column, last_known_column_point): + (current_column_bol_cache): + (skip_invisible, current_column, check_display_width): + (check_display_width, scan_for_column, current_column_1) + (Findent_to, Fcurrent_indentation, position_indentation) + (indented_beyond_p, Fmove_to_column, compute_motion): + (Fcompute_motion, Fvertical_motion): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (last_known_column_modified): Use EMACS_INT, not int. + (check_display_width): + (Fcompute_motion): + Check that fixnums and floats are in proper range for system types. + (compute_motion): Don't assume index or fixnum fits in int. + (compute_motion, Fcompute_motion): + Use int, not EMACS_INT, when it is wide enough. + (vmotion): Omit local var start_hpos that is always 0; that way + we don't need to worry about overflow in expressions involving it. + * indent.h: Adjust decls to match defn changes elsewhere. + (struct position): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + Use int, not EMACS_INT, where int is wide enough. + Remove unused members ovstring_chars_done and tab_offset; + all uses removed. + * insdel.c (move_gap, move_gap_both, gap_left, gap_right) + (adjust_markers_for_delete, adjust_markers_for_insert, adjust_point) + (adjust_markers_for_replace, make_gap_larger, make_gap_smaller) + (make_gap, copy_text, insert, insert_and_inherit) + (insert_before_markers, insert_before_markers_and_inherit) + (insert_1, count_combining_before, count_combining_after) + (insert_1_both, insert_from_string) + (insert_from_string_before_markers, insert_from_string_1) + (insert_from_gap, insert_from_buffer, insert_from_buffer_1) + (adjust_after_replace, adjust_after_insert, replace_range) + (replace_range_2, del_range, del_range_1, del_range_byte) + (del_range_both, del_range_2, modify_region) + (prepare_to_modify_buffer, signal_before_change) + (signal_after_change, Fcombine_after_change_execute): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + * intervals.c (traverse_intervals, rotate_right, rotate_left) + (balance_an_interval, split_interval_right, split_interval_left) + (find_interval, next_interval, update_interval) + (adjust_intervals_for_insertion, delete_node, delete_interval) + (interval_deletion_adjustment, adjust_intervals_for_deletion) + (static_offset_intervals, offset_intervals) + (merge_interval_right, merge_interval_left, make_new_interval) + (graft_intervals_into_buffer, temp_set_point_both) + (temp_set_point, set_point, adjust_for_invis_intang) + (set_point_both, move_if_not_intangible, get_property_and_range) + (get_local_map, copy_intervals, copy_intervals_to_string) + (compare_string_intervals, set_intervals_multibyte_1): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + * intervals.h: Adjust decls to match defn changes elsewhere. + (struct interval): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + * keyboard.c (this_command_key_count, this_single_command_key_start) + (before_command_key_count, before_command_echo_length, echo_now) + (echo_length, recursive_edit_1, Frecursive_edit, Ftrack_mouse) + (command_loop_1, safe_run_hooks, read_char, timer_check_2) + (menu_item_eval_property, read_key_sequence, Fread_key_sequence) + (Fread_key_sequence_vector, Fexecute_extended_command, Fsuspend_emacs): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (last_non_minibuf_size, last_point_position, echo_truncate) + (command_loop_1, adjust_point_for_property, read_char, gen_help_event) + (make_lispy_position, make_lispy_event, parse_modifiers_uncached) + (parse_modifiers, modify_event_symbol, Fexecute_extended_command) + (stuff_buffered_input): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (last_auto_save, command_loop_1, read_char): + Use EMACS_INT, not int, to avoid integer overflow. + (record_char): Avoid overflow in total_keys computation. + (parse_modifiers_uncached): Redo index calculation to avoid overflow. + * keyboard.h: Adjust decls to match defn changes elsewhere. + * keymap.c (Fdefine_key, Fcurrent_active_maps, accessible_keymaps_1) + (Fkey_description, Fdescribe_vector, Flookup_key): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (click_position): New function, to check that positions are in range. + (Fcurrent_active_maps): + (describe_command): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (Faccessible_keymaps, Fkey_description): + (preferred_sequence_p): + Don't assume fixnum can fit into int. + (Fkey_description): Use SAFE_ALLOCA_LISP, not alloca. + Check for integer overflow in size calculations. + (Ftext_char_description): Use CHECK_CHARACTER, not CHECK_NUMBER, to + avoid mishandling large integers. + * lisp.h: Adjust decls to match defn changes elsewhere. + (ARRAY_MARK_FLAG, PSEUDOVECTOR_FLAG, struct Lisp_String) + (struct vectorlike_header, struct Lisp_Subr, struct Lisp_Hash_Table) + (struct Lisp_Marker): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (clip_to_bounds): Now an inline function, moved here from editfns.c. + (GLYPH_CODE_P): Check for overflow in system types, subsuming the + need for GLYPH_CODE_CHAR_VALID_P and doing proper checking ourselves. + All callers changed. + (GLYPH_CODE_CHAR, GLYPH_CODE_FACE): + Assume the arg has valid form, since it always does. + (TYPE_RANGED_INTEGERP): Avoid bug when checking against a wide + unsigned integer system type. + (CHECK_RANGED_INTEGER, CHECK_TYPE_RANGED_INTEGER): New macros. + (struct catchtag, specpdl_size, SPECPDL_INDEX, USE_SAFE_ALLOCA): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (struct catchtag): Use EMACS_INT, not int, since it may be a fixnum. + (duration_to_sec_usec): New decl. + * lread.c (read_from_string_index, read_from_string_index_byte) + (read_from_string_limit, readchar, unreadchar, openp) + (read_internal_start, read1, oblookup): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (Fload, readevalloop, Feval_buffer, Feval_region): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (openp): Check for out-of-range argument to 'access'. + (read1): Use int, not EMACS_INT, where int is wide enough. + Don't assume fixnum fits into int. + Fix off-by-one error that can read outside a buffer. + (read_filtered_event): Use duration_to_sec_usec + to do proper overflow checking on durations. + * macros.c (Fstart_kbd_macro): Use xpalloc to check for overflow + in size calculation. + (Fexecute_kbd_macro): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + * marker.c (cached_charpos, cached_bytepos, CONSIDER) + (byte_char_debug_check, buf_charpos_to_bytepos, verify_bytepos) + (buf_bytepos_to_charpos, Fset_marker, set_marker_restricted) + (set_marker_both, set_marker_restricted_both, marker_position) + (marker_byte_position, Fbuffer_has_markers_at): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (Fset_marker, set_marker_restricted): Don't assume fixnum fits in int. + * menu.c (ensure_menu_items): Renamed from grow_menu_items. + It now merely ensures that the menu is large enough, without + necessarily growing it, as this avoids some integer overflow issues. + All callers changed. + (keymap_panes, parse_single_submenu, Fx_popup_menu): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (parse_single_submenu, Fx_popup_menu): Don't assume fixnum fits in int. + Use SAFE_ALLOCA_LISP, not alloca. + (find_and_return_menu_selection): Avoid unnecessary casts of pointers + to EMACS_INT. Check that fixnums are in proper range for system types. + * minibuf.c (minibuf_prompt_width, string_to_object) + (Fminibuffer_contents, Fminibuffer_contents_no_properties) + (Fminibuffer_completion_contents, Ftry_completion, Fall_completions): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (get_minibuffer, read_minibuf_unwind): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (read_minibuf): Omit unnecessary arg BACKUP_N, which is always nil; + this simplifies overflow checking. All callers changed. + (read_minibuf, Fread_buffer, Ftry_completion, Fall_completions) + (Ftest_completion): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + * nsfns.m (check_ns_display_info): Don't assume fixnum fits in long. + (x_set_menu_bar_lines, x_set_tool_bar_lines, Fx_create_frame): + Check that fixnums are in proper range for system types. + (Fx_create_frame, Fx_show_tip): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + * nsfont.m (ns_findfonts, nsfont_list_family): + Don't assume fixnum fits in long. + * nsmenu.m (ns_update_menubar, ns_menu_show, ns_popup_dialog): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (ns_update_menubar): Use intptr_t, not EMACS_INT, when intptr_t is + wide enough. + * nsselect.m (ns_get_local_selection, clean_local_selection_data): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + * print.c (print_buffer_size, print_buffer_pos, print_buffer_pos_byte) + (PRINTDECLARE, PRINTPREPARE): + (strout, print_string): + (print, print_preprocess, print_check_string_charset_prop) + (print_object): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (PRINTDECLARE): + (temp_output_buffer_setup, Fprin1_to_string, print_object): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (PRINTPREPARE): Use int, not ptrdiff_t, where int is wide enough. + (printchar, strout): Use xpalloc to catch size calculation overflow. + (Fexternal_debugging_output): Don't overflow EMACS_INT->int conversion. + (print_error_message): Use SAFE_ALLOCA, not alloca. + (print_object): Use int, not EMACS_INT, where int is wide enough. + * process.c (Fdelete_process): Don't assume pid fits into EMACS_INT. + (Fset_process_window_size, Fformat_network_address) + (get_lisp_to_sockaddr_size, set_socket_option, Fmake_network_process) + (sigchld_handler): + Check that fixnums are in proper range for system types. + (Fsignal_process): Simplify by avoiding a goto. + Check for process-ids out of pid_t range rather than relying on + undefined behavior. + (Fformat_network_address, read_process_output, send_process) + (Fprocess_send_region, status_notify): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (Fformat_network_address, Fmake_serial_process, Fmake_network_process) + (wait_reading_process_output, read_process_output, exec_sentinel): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (conv_lisp_to_sockaddr): Don't assume fixnums fit into int. + (Faccept_process_output): Use duration_to_sec_usec to do proper + overflow checking on durations. + (emacs_get_tty_pgrp, Fprocess_running_child_p, process_send_signal): + Don't assume pid_t fits in int. + * puresize.h (PURESIZE_RATIO): Shrink this to 8/6 on 32-bit hosts + configured --with-wide-int. + * scroll.c (calculate_scrolling, calculate_direct_scrolling) + (line_ins_del): Use int, not EMACS_INT, where int is wide enough. + * search.c (looking_at_1, string_match_1): + (fast_string_match, fast_c_string_match_ignore_case) + (fast_string_match_ignore_case, fast_looking_at, scan_buffer) + (scan_newline, find_before_next_newline, search_command) + (trivial_regexp_p, search_buffer, simple_search, boyer_moore) + (set_search_regs, wordify): + (Freplace_match): + (Fmatch_data): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (string_match_1, search_buffer, set_search_regs): + (Fmatch_data): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (wordify): Check for overflow in size calculation. + (Freplace_match): Avoid potential buffer overflow in search_regs.start. + (Fset_match_data): Don't assume fixnum fits in ptrdiff_t. + Check that fixnums are in proper range for system types. + * sound.c (struct sound_device) + (wav_play, au_play, vox_write, alsa_period_size, alsa_write): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (Fplay_sound_internal): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + * syntax.c (struct lisp_parse_state, find_start_modiff) + (Finternal_describe_syntax_value, scan_lists, scan_sexps_forward): + (Fparse_partial_sexp): + Don't assume fixnums can fit in int. + (struct lisp_parse_state, find_start_pos, find_start_value) + (find_start_value_byte, find_start_begv) + (update_syntax_table, char_quoted, dec_bytepos) + (find_defun_start, prev_char_comend_first, back_comment): + (scan_words, skip_chars, skip_syntaxes, forw_comment, Fforward_comment) + (scan_lists, Fbackward_prefix_chars, scan_sexps_forward): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (Finternal_describe_syntax_value): Check that match_lisp is a + character, not an integer, since the code stuffs it into int. + (scan_words, scan_sexps_forward): + Check that fixnums are in proper range for system types. + (Fforward_word): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (scan_sexps_forward): + Use CHARACTERP, not INTEGERP, since the value must fit into int. + (Fparse_partial_sexp): Fix doc; element 8 is not ignored. + * syntax.h: Adjust decls to match defn changes elsewhere. + (struct gl_state_s): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (SETUP_SYNTAX_TABLE_FOR_OBJECT): Use PTRDIFF_MAX, not + MOST_POSITIVE_FIXNUM. + * sysdep.c (wait_for_termination_1, wait_for_termination) + (interruptible_wait_for_termination, mkdir): + Don't assume pid_t fits in int; on 64-bit AIX pid_t is 64-bit. + (emacs_read, emacs_write): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (system_process_attributes): Don't assume uid_t, gid_t, EMACS_INT, + and double all fit in int. + * term.c (set_tty_color_mode): + Check that fixnums are in proper range for system types. + * termhooks.h (struct input_event): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + * textprop.c (validate_interval_range, interval_of) + (Fadd_text_properties, set_text_properties_1) + (Fremove_text_properties, Fremove_list_of_text_properties) + (Ftext_property_any, Ftext_property_not_all) + (copy_text_properties, text_property_list, extend_property_ranges) + (verify_interval_modification): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (Fnext_single_char_property_change) + (Fprevious_single_char_property_change): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (copy_text_properties): + Check for integer overflow in index calculation. + * undo.c (last_boundary_position, record_point, record_insert) + (record_delete, record_marker_adjustment, record_change) + (record_property_change): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (truncate_undo_list, Fprimitive_undo): Don't assume fixnum fits in int. + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + * w32fns.c (Fx_create_frame, x_create_tip_frame, Fx_show_tip) + (Fx_hide_tip, Fx_file_dialog): + * w32menu.c (set_frame_menubar): + Use ptrdiff_t, not int, for consistency with rest of code. + * window.c (window_scroll_preserve_hpos, window_scroll_preserve_vpos) + (select_window, Fdelete_other_windows_internal) + (window_scroll_pixel_based, window_scroll_line_based) + (Frecenter, Fset_window_configuration): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (Fset_window_hscroll, run_window_configuration_change_hook) + (set_window_buffer, temp_output_buffer_show, scroll_command) + (Fscroll_other_window, Frecenter): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (Fwindow_line_height, window_scroll, Fscroll_left, Fscroll_right): + Don't assume fixnum fits in int. + (Fset_window_scroll_bars): + Check that fixnums are in proper range for system types. + * xdisp.c (help_echo_pos, pos_visible_p, string_pos_nchars_ahead) + (string_pos, c_string_pos, number_of_chars, init_iterator) + (in_ellipses_for_invisible_text_p, init_from_display_pos) + (compute_stop_pos, next_overlay_change, compute_display_string_pos) + (compute_display_string_end, handle_face_prop) + (face_before_or_after_it_pos, handle_invisible_prop) + (handle_display_prop, handle_display_spec, handle_single_display_spec) + (display_prop_intangible_p, string_buffer_position_lim) + (string_buffer_position, handle_composition_prop, load_overlay_strings) + (get_overlay_strings_1, get_overlay_strings) + (iterate_out_of_display_property, forward_to_next_line_start) + (back_to_previous_visible_line_start, reseat, reseat_to_string) + (get_next_display_element, set_iterator_to_next) + (get_visually_first_element, compute_stop_pos_backwards) + (handle_stop_backwards, next_element_from_buffer) + (move_it_in_display_line_to, move_it_in_display_line) + (move_it_to, move_it_vertically_backward, move_it_by_lines) + (add_to_log, message_dolog, message_log_check_duplicate) + (message2, message2_nolog, message3, message3_nolog + (with_echo_area_buffer, display_echo_area_1, resize_mini_window_1) + (current_message_1, truncate_echo_area, truncate_message_1) + (set_message, set_message_1, store_mode_line_noprop) + (hscroll_window_tree, debug_delta, debug_delta_bytes, debug_end_vpos) + (text_outside_line_unchanged_p, check_point_in_composition) + (reconsider_clip_changes) + (redisplay_internal, set_cursor_from_row, try_scrolling) + (try_cursor_movement, set_vertical_scroll_bar, redisplay_window) + (redisplay_window, find_last_unchanged_at_beg_row) + (find_first_unchanged_at_end_row, row_containing_pos, try_window_id) + (trailing_whitespace_p, find_row_edges, display_line) + (RECORD_MAX_MIN_POS, Fcurrent_bidi_paragraph_direction) + (display_mode_element, store_mode_line_string) + (pint2str, pint2hrstr, decode_mode_spec) + (display_count_lines, display_string, draw_glyphs) + (x_produce_glyphs, x_insert_glyphs) + (rows_from_pos_range, mouse_face_from_buffer_pos) + (fast_find_string_pos, mouse_face_from_string_pos) + (note_mode_line_or_margin_highlight, note_mouse_highlight): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (safe_call, init_from_display_pos, handle_fontified_prop) + (handle_single_display_spec, load_overlay_strings) + (with_echo_area_buffer, setup_echo_area_for_printing) + (display_echo_area, echo_area_display) + (x_consider_frame_title, prepare_menu_bars, update_menu_bar) + (update_tool_bar, hscroll_window_tree, redisplay_internal) + (redisplay_window, dump_glyph_row, display_mode_line) + (Fformat_mode_line, decode_mode_spec, on_hot_spot_p): + (handle_display_spec, display_prop_string_p): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (handle_single_display_spec, build_desired_tool_bar_string) + (redisplay_tool_bar, scroll_window_tree, Fdump_glyph_matrix) + (get_specified_cursor_type): + Check that fixnums are in proper range for system types. + (struct overlay_entry, resize_mini_window, Fdump_glyph_row) + (Flookup_image_map): + Don't assume fixnums fit in int. + (compare_overlay_entries): + Avoid mishandling comparisons due to subtraction overflow. + (load_overlay_strings): Use SAFE_NALLOCA, not alloca. + (last_escape_glyph_face_id, last_glyphless_glyph_face_id): + (handle_tool_bar_click): + Use int, not unsigned, since we prefer signed and the signedness + doesn't matter here. + (get_next_display_element, next_element_from_display_vector): + Use int, not EMACS_INT, when int is wide enough. + (start_hourglass): Use duration_to_sec_usec to do proper + overflow checking on durations. + * xfaces.c (Fbitmap_spec_p): + Check that fixnums are in proper range for system types. + (compare_fonts_by_sort_order): + Avoid mishandling comparisons due to subtraction overflow. + (Fx_family_fonts, realize_basic_faces): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (Fx_family_fonts): + Don't assume fixnum fits in int. + Use SAFE_ALLOCA_LISP, not alloca. + (merge_face_heights): Remove unnecessary cast to EMACS_INT. + (Finternal_make_lisp_face): Don't allocate more than MAX_FACE_ID. + (face_at_buffer_position, face_for_overlay_string) + (face_at_string_position): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + (merge_faces): Use int, not EMACS_INT, where int is wide enough. + * xfns.c (x_set_menu_bar_lines, x_set_tool_bar_lines, x_icon_verify) + (Fx_show_tip): + Check that fixnums are in proper range for system types. + (Fx_create_frame, x_create_tip_frame, Fx_show_tip) + (Fx_hide_tip, Fx_file_dialog, Fx_select_font): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (Fx_change_window_property): Don't assume fixnums fit in int. + * xfont.c (xfont_chars_supported): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + * xmenu.c (Fx_popup_dialog, set_frame_menubar) + (create_and_show_popup_menu, create_and_show_dialog, xmenu_show): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + * xml.c (parse_region): + * xrdb.c (magic_file_p): + Use ptrdiff_t, not EMACS_INT, where ptrdiff_t is wide enough. + * xselect.c (TRACE1): Don't assume pid_t promotes to int. + (x_get_local_selection, x_reply_selection_request) + (x_handle_selection_request, wait_for_property_change): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + (selection_data_to_lisp_data): Use short, not EMACS_INT, where + short is wide enough. + (x_send_client_event): Don't assume fixnum fits in int. + * xterm.c (x_x_to_emacs_modifiers): + Don't assume EMACS_INT overflows nicely into int. + (x_emacs_to_x_modifiers): Use EMACS_INT, not int, because values + may come from Lisp. + (handle_one_xevent): NATNUMP can eval its arg twice. + (x_connection_closed): + Use ptrdiff_t, not int, to avoid needless 32-bit limit on 64-bit hosts. + * xterm.h: Adjust decls to match defn changes elsewhere. + (struct scroll_bar): Use struct vectorlike_header + rather than rolling our own approximation. + (SCROLL_BAR_VEC_SIZE): Remove; not used. + + 2012-04-22 Leo Liu + + * sysdep.c (list_system_processes): Support Darwin (Bug#5725). + + 2012-04-22 Paul Eggert + + * sysdep.c [__FreeBSD__]: Minor cleanups. + (list_system_processes, system_process_attributes) [__FreeBSD__]: + Use Emacs indenting style more consistently. Avoid some casts. + Use 'double' consistently rather than mixing 'float' and 'double'. + 2012-04-21 Eduard Wiebe * sysdep.c (list_system_processes, system_process_attributes): Add