From 1ef7689b9784baa31d1d723909d226fddd95bc86 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Thu, 28 Jul 2011 18:04:51 -0700 Subject: [PATCH] * nsterm.h (struct ns_color_table.size, struct ns_color_table.avail): Now ptrdiff_t, not int. * nsterm.m (ns_index_color): Use ptrdiff_t, not int, for table indexes. (ns_draw_fringe_bitmap): Rewrite to avoid overflow. --- src/ChangeLog | 5 +++++ src/nsterm.h | 4 ++-- src/nsterm.m | 21 ++++++++++++++------- 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 4e10537edc8..748ccc333b2 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,10 @@ 2011-07-29 Paul Eggert + * nsterm.h (struct ns_color_table.size, struct ns_color_table.avail): + Now ptrdiff_t, not int. + * nsterm.m (ns_index_color): Use ptrdiff_t, not int, for table indexes. + (ns_draw_fringe_bitmap): Rewrite to avoid overflow. + * minibuf.c (read_minibuf_noninteractive): Don't leak memory on memory overflow. diff --git a/src/nsterm.h b/src/nsterm.h index f419391a11e..17003ac947b 100644 --- a/src/nsterm.h +++ b/src/nsterm.h @@ -416,8 +416,8 @@ struct ns_bitmap_record /* this to map between emacs color indices and NSColor objects */ struct ns_color_table { - unsigned int size; - unsigned int avail; + ptrdiff_t size; + ptrdiff_t avail; #ifdef __OBJC__ NSColor **colors; NSMutableSet *empty_indices; diff --git a/src/nsterm.m b/src/nsterm.m index 546247ab74a..4fb9a8e8f61 100644 --- a/src/nsterm.m +++ b/src/nsterm.m @@ -1343,7 +1343,7 @@ unsigned long ns_index_color (NSColor *color, struct frame *f) { struct ns_color_table *color_table = FRAME_NS_DISPLAY_INFO (f)->color_table; - int idx; + ptrdiff_t idx; NSNumber *index; if (!color_table->colors) @@ -1358,7 +1358,7 @@ ns_index_color (NSColor *color, struct frame *f) /* do we already have this color ? */ { - int i; + ptrdiff_t i; for (i = 1; i < color_table->avail; i++) { if (color_table->colors[i] && [color_table->colors[i] isEqual: color]) @@ -1373,16 +1373,23 @@ ns_index_color (NSColor *color, struct frame *f) { index = [color_table->empty_indices anyObject]; [color_table->empty_indices removeObject: index]; - idx = [index unsignedIntValue]; + idx = [index unsignedLongValue]; } else { if (color_table->avail == color_table->size) { - color_table->size += NS_COLOR_CAPACITY; + ptrdiff_t size; + ptrdiff_t size_max = + min (ULONG_MAX, + min (PTRDIFF_MAX, SIZE_MAX) / sizeof (NSColor *)); + if (size_max - NS_COLOR_CAPACITY < color_table->size) + memory_full (SIZE_MAX); + size = color_table->size + NS_COLOR_CAPACITY; color_table->colors = (NSColor **)xrealloc (color_table->colors, - color_table->size * sizeof (NSColor *)); + size * sizeof (NSColor *)); + color_table->size = size; } idx = color_table->avail++; } @@ -2323,7 +2330,7 @@ ns_draw_fringe_bitmap (struct window *w, struct glyph_row *row, if (!img) { unsigned short *bits = p->bits + p->dh; - int len = 8 * p->h/8; + int len = p->h; int i; unsigned char *cbits = xmalloc (len); @@ -4705,7 +4712,7 @@ ns_term_shutdown (int sig) } } - + #if !defined (NS_IMPL_COCOA) || MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_6 /* if we get here we should send the key for input manager processing */ if (firstTime && [[NSInputManager currentInputManager] -- 2.39.2