Paul Eggert [Thu, 28 Jul 2011 20:29:44 +0000 (13:29 -0700)]
* ccl.c: Integer and memory overflow fixes.
(Fccl_execute_on_string): Check for memory overflow.
Use ptrdiff_t rather than EMACS_INT where ptrdiff_t will do.
Redo buffer-overflow calculations to avoid integer overflow.
Paul Eggert [Thu, 28 Jul 2011 20:28:33 +0000 (13:28 -0700)]
* buffer.c: Memory overflow fixes.
(overlays_at, overlays_in, record_overlay_string, overlay_strings):
Don't update size of array until after memory allocation succeeds,
because xmalloc/xrealloc may not return.
Paul Eggert [Thu, 28 Jul 2011 20:27:41 +0000 (13:27 -0700)]
* bidi.c: Integer overflow fix.
(bidi_shelve_header_size): New constant.
(bidi_cache_ensure_space, bidi_shelve_cache): Use it.
(bidi_cache_ensure_space): Avoid integer overflow when allocating.
Paul Eggert [Tue, 19 Jul 2011 17:33:06 +0000 (10:33 -0700)]
Port to OpenBSD.
See http://lists.gnu.org/archive/html/emacs-devel/2011-07/msg00688.html
and the surrounding thread.
* minibuf.c (read_minibuf_noninteractive): Rewrite to use getchar
rather than fgets, and retry after EINTR. Otherwise, 'emacs
--batch -f byte-compile-file' fails on OpenBSD if an inactivity
timer goes off.
* s/openbsd.h (BROKEN_SIGIO): Define.
* unexelf.c (unexec) [__OpenBSD__]:
Don't update the .mdebug section of the Alpha COFF symbol table.
Paul Eggert [Tue, 19 Jul 2011 00:42:24 +0000 (17:42 -0700)]
Don't assume that stated character widths fit in int.
* character.c (Fchar_width, c_string_width, lisp_string_width):
* character.h (CHAR_WIDTH):
* indent.c (MULTIBYTE_BYTES_WIDTH):
Use sanitize_char_width to avoid undefined and/or bad behavior
with outlandish widths.
* character.h (sanitize_tab_width): Renamed from sanitize_width,
now that we have two such functions. All uses changed.
(sanitize_char_width): New inline function.
Paul Eggert [Mon, 18 Jul 2011 21:57:37 +0000 (14:57 -0700)]
Don't assume that tab-width fits in int.
* character.h (sanitize_width): New inline function.
(SANE_TAB_WIDTH): New macro.
(ASCII_CHAR_WIDTH): Use it.
* indent.c (sane_tab_width): Remove. All uses replaced by
SANE_TAB_WIDTH (current_buffer).
* xdisp.c (init_iterator): Use SANE_TAB_WIDTH.
Paul Eggert [Mon, 18 Jul 2011 17:21:18 +0000 (10:21 -0700)]
* fileio.c (Fcopy_file): Adjust mode if fchown fails. (Bug#9002)
If fchown fails to set both uid and gid, try to set just gid,
as that is sometimes allowed. Adjust the file's mode to eliminate
setuid or setgid bits that are inappropriate if fchown fails.
Stefan Monnier [Mon, 18 Jul 2011 02:34:14 +0000 (22:34 -0400)]
* src/xdisp.c (next_element_from_string, next_element_from_buffer): Use EQ
to compare Lisp_Objects.
* src/gnutls.c (syms_of_gnutls): Rename Vgnutls_log_level to
global_gnutls_log_level, don't mistake it for a Lisp_Object.
(init_gnutls_functions, emacs_gnutls_handle_error): Fix up uses.
Paul Eggert [Sun, 17 Jul 2011 20:56:13 +0000 (13:56 -0700)]
* xterm.c: don't go over XClientMessageEvent limit
(scroll_bar_windows_size): Now ptrdiff_t, as we prefer signed.
(x_send_scroll_bar_event): Likewise. Check that the size does not
exceed limits imposed by XClientMessageEvent, as well as the usual
ptrdiff_t and size_t limits.
Bill Wohler [Sun, 17 Jul 2011 20:45:52 +0000 (13:45 -0700)]
* mh-compat.el (mh-pop-to-buffer-same-window): Delete.
* mh-folder.el (mh-inc-folder, mh-modify, mh-scan-folder)
(mh-make-folder): Revert to switch-to-buffer, as the Emacs folks
decided that it was fine to use it in programs.
Paul Eggert [Sun, 17 Jul 2011 03:00:19 +0000 (20:00 -0700)]
* keyboard.c: Overflow, signedness and related fixes.
(make_lispy_movement): Use same integer type in forward decl
that is used in the definition.
(read_key_sequence, keyremap_step):
Change bufsize argument back to int, undoing my 2011-03-30 change.
We prefer signed types, and int is wide enough here.
(parse_tool_bar_item): Don't assume tool_bar_max_label_size is less
than TYPE_MAXIMUM (EMACS_INT) / 2. Don't let the label size grow
larger than STRING_BYTES_BOUND. Use ptrdiff_t for Emacs string
length, not size_t. Use ptrdiff_t for index, not int.
(keyremap_step, read_key_sequence): Redo bufsize check to avoid
possibility of integer overflow.
Paul Eggert [Sun, 17 Jul 2011 01:18:51 +0000 (18:18 -0700)]
* fileio.c (Fcopy_file): Pacify gcc re fchown. (Bug#9002)
This works around a problem with the previous change to Fcopy_file.
Recent glibc declares fchown with __attribute__((warn_unused_result)),
and without this change, GCC might complain about discarding
fchown's return value.
* image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros.
(x_bitmap_pixmap, x_create_x_image_and_pixmap):
Omit unnecessary casts to int.
(parse_image_spec): Check that integers fall into 'int' range
when the callers expect that.
(image_ascent): Redo ascent calculation to avoid int overflow.
(clear_image_cache): Avoid overflow when sqrt (INT_MAX) < nimages.
(lookup_image): Remove unnecessary tests.
(xbm_image_p): Locals are now of int, not EMACS_INT,
since parse_image_check makes sure they fit into int.
(png_load, gif_load, svg_load_image):
Prefer int to unsigned where either will do.
(tiff_handler): New function, combining the cores of the
old tiff_error_handler and tiff_warning_handler. This
function is rewritten to use vsnprintf and thereby avoid
stack buffer overflows. It uses only the features of vsnprintf
that are common to both POSIX and native Microsoft.
(tiff_error_handler, tiff_warning_handler): Use it.
(tiff_load, gif_load, imagemagick_load_image):
Don't assume :index value fits in 'int'.
(gif_load): Omit unnecessary cast to double, and avoid double-rounding.
(imagemagick_load_image): Check that crop parameters fit into
the integer types that MagickCropImage accepts. Don't assume
Vimagemagick_render_type has a nonnegative value. Don't assume
size_t fits in 'long'.
(gs_load): Use printmax_t to print the widest integers possible.
Check for integer overflow when computing image height and width.
message.el (message-auto-save-directory): If the ~/Mail directory doesn't exist, use ~ as the auto-save directory (bug#4432).
gnus-group.el (gnus-group-read-ephemeral-group): Start Gnus if it hasn't already been started.
Martin Rudalics [Sat, 16 Jul 2011 13:02:51 +0000 (15:02 +0200)]
To fixes wrt window selection and buffer list.
* frame.el (select-frame-set-input-focus): New argument
NORECORD.
* window.el (pop-to-buffer): Select window used even if it was
selected before, see discussion of (Bug#8615), (Bug#6954). Pass
argument NORECORD on to select-frame-set-input-focus.
gnus.el (debbugs-gnu): Renamed from debbugs-emacs.
message.el (message-reply): Work around mysterious bug where `message-mode' seems to overwrite the locally bound `subject' variable.
* lisp/jka-compr.el (jka-compr-verbose): Move from here...
* lisp/jka-cmpr-hook.el (jka-compr-verbose): ... to here. (Bug#9090)
Add missing :version tag.
* lisp/info.el: No need to require jka-compr when compiling.
Add new command `Info-beginning-of-buffer' to allow announcing `b'
* info.el (Info-beginning-of-buffer): New command.
(Info-mode-map): Use it instead of `beginning-of-buffer' to allow
announcing `b' as the key (bug#8325).
Paul Eggert [Thu, 14 Jul 2011 21:57:00 +0000 (14:57 -0700)]
* bidi.c: Integer size and overflow fixes.
(bidi_cache_size, bidi_cache_idx, bidi_cache_last_idx)
(bidi_cache_start, bidi_cache_fetch_state, bidi_cache_search)
(bidi_cache_find_level_change, bidi_cache_ensure_space)
(bidi_cache_iterator_state, bidi_cache_find, bidi_cache_start_stack)
(bidi_find_other_level_edge):
Use ptrdiff_t instead of EMACS_INT where either will do.
This works better on 32-bit hosts configured --with-wide-int.
(bidi_cache_ensure_space): Check for size-calculation overflow.
Use % rather than repeated addition, for better worst-case speed.
Don't set bidi_cache_size until after xrealloc returns, because it
might not return.
(bidi_dump_cached_states): Use ptrdiff_t, not int, to avoid overflow.