Paul Eggert [Mon, 20 Jun 2011 03:11:40 +0000 (20:11 -0700)]
* filelock.c: Fix some buffer overrun and integer overflow issues.
(get_boot_time): Don't assume that gzip command string fits in 100 bytes.
Reformulate so as not to need the command string.
Invoke gzip -cd rather than gunzip, as it's more portable.
(lock_info_type, lock_file_1, lock_file):
Don't assume pid_t and time_t fit in unsigned long.
(LOCK_PID_MAX): Remove; we now use more-reliable bounds.
(current_lock_owner): Prefer signed type for sizes.
Use memcpy, not strncpy, where memcpy is what is really wanted.
Don't assume (via atoi) that time_t and pid_t fit in int.
Check for time_t and/or pid_t out of range, e.g., via a network share.
Don't alloca where an auto var works fine.
Paul Eggert [Sun, 19 Jun 2011 19:06:16 +0000 (12:06 -0700)]
* fileio.c: Fix some integer overflow issues.
(file_name_as_directory, Fexpand_file_name, Fsubstitute_in_file_name):
Don't assume string length fits in int.
(directory_file_name): Don't assume string length fits in long.
(make_temp_name): Don't assume pid fits in int, or that its print
length is less than 20.
Paul Eggert [Sun, 19 Jun 2011 01:31:41 +0000 (18:31 -0700)]
* lread.c (invalid_syntax): Omit length argument.
All uses changed. This doesn't fix a bug, but it simplifies the
code away from its former Hollerith-constant appearance, and it's
one less 'int' to worry about when looking at integer-overflow issues.
Paul Eggert [Fri, 17 Jun 2011 19:55:19 +0000 (12:55 -0700)]
* dispextern.h (struct it.selective): Now EMACS_INT, not int.
* xdisp.c (forward_to_next_line_start)
(back_to_previous_visible_line_start)
(reseat_at_next_visible_line_start, next_element_from_buffer):
Don't arbitrarily truncate the value of 'selective' to int.
Paul Eggert [Thu, 16 Jun 2011 21:18:12 +0000 (14:18 -0700)]
Improve buffer-overflow checking.
* fileio.c (Finsert_file_contents):
* insdel.c (insert_from_buffer_1, replace_range, replace_range_2):
Remove the old (too-loose) buffer overflow checks.
They weren't needed, since make_gap checks for buffer overflow.
* insdel.c (make_gap_larger): Catch buffer overflows that were missed.
The old code merely checked for Emacs fixnum overflow, and relied
on undefined (wraparound) behavior. The new code avoids undefined
behavior, and also checks for ptrdiff_t and/or size_t overflow.
Martin Rudalics [Thu, 16 Jun 2011 09:21:56 +0000 (11:21 +0200)]
Never ever pop up a new frame in noninteractive mode (bug#8857).
(display-buffer): Don't check noninteractive when calling
display-buffer-pop-up-frame.
(display-buffer-pop-up-frame): Never pop up a frame in
noninteractive mode (Bug#8857).
Martin Rudalics [Thu, 16 Jun 2011 07:31:51 +0000 (09:31 +0200)]
Improve cohabitation of pop-up-frames and second argument of display-buffer (bug#8865).
* window.el (display-buffer-normalize-specifiers-1): Respect
current value of pop-up-frames for most reasonable values of
second argument of display-buffer (Bug#8865).
Teodor Zlatanov [Thu, 16 Jun 2011 06:18:18 +0000 (06:18 +0000)]
Merge changes made in Gnus trunk.
auth-source.el (auth-source-save-secrets): New variable to control if secret tokens should be saved encrypted.
(auth-source-netrc-parse, auth-source-netrc-search): Pass the file name to `auth-source-netrc-normalize'.
(with-auth-source-epa-overrides): Add convenience macro. Don't depend on the EPA variables being defined.
(auth-source-epa-make-gpg-token): Convert text to a "gpg:" token.
(auth-source-netrc-normalize): Convert "gpg:" tokens back to text in the lexical-let closure.
(auth-source-netrc-create): Create "gpg:" tokens according to `auth-source-save-secrets'.
(open-network-stream): Add the keyword :always-query-capabilities.
This is for the case where you want to force a `plain' network
connection, but the protocol still requires the capabilitiy command
(i.e., SMTP and EHLO).
Alan Mackenzie [Wed, 15 Jun 2011 18:24:25 +0000 (18:24 +0000)]
progmodes/cc-fonts.el (c-font-lock-declarations): 1: Whilst checking for
declarators, disable knr checking to speed up for normal files. 2:
Refactor, replacing a sequence of nested if forms by a cond form.
Martin Rudalics [Wed, 15 Jun 2011 07:09:47 +0000 (09:09 +0200)]
Don't let display-buffer pop up new frames by default (bug#8857).
* window.el (display-buffer-alist): Trim default value to avoid
popping up a new frame (Bug#8857) or reusing an arbitrary window
on another frame.
(display-buffer): Do not fall back on popping up a new frame in
batch mode (Bug#8857).
Paul Eggert [Tue, 14 Jun 2011 22:32:12 +0000 (15:32 -0700)]
* fns.c: Don't overflow int when computing a list length.
(Fsafe_length): Return a float if the value is not representable
as a fixnum. This shouldn't happen except in contrived situations.
Use same QUIT_COUNT_HEURISTIC as Flength now does.
Paul Eggert [Tue, 14 Jun 2011 22:01:32 +0000 (15:01 -0700)]
* fns.c (Flength): Don't overflow int when computing a list length.
Use EMACS_INT, not int, to avoid unwanted truncation on 64-bit hosts.
Check for QUIT every 1024 entries rather than every other entry;
that's faster and is responsive enough. Report an error instead of
overflowing an integer.
Paul Eggert [Tue, 14 Jun 2011 21:30:16 +0000 (14:30 -0700)]
* alloc.c: Check that resized vectors' lengths fit in fixnums.
(header_size, word_size): New constants.
(allocate_vectorlike): Don't check size overflow here.
(allocate_vector): Check it here instead, since this is the only
caller of allocate_vectorlike that could cause overflow.
Check that the new vector's length is representable as a fixnum.