From 71f02bc59a291588afa9b6bd1244f330948d20c1 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 4 Sep 2011 11:46:51 -0700 Subject: [PATCH] * window.c: Integer overflow fixes. (window_scroll_line_based, Frecenter): Check that an Emacs fixnum is in range before assigning it to 'int'. (Frecenter, Fmove_to_window_line): Use EMACS_INT, not int, for values converted from Emacs fixnums. (Frecenter): Don't wrap around a line count if it is out of 'int' range; instead, treat it as an extreme value. (Fset_window_configuration, compare_window_configurations): Use ptrdiff_t, not int, for index that might exceed 2 GiB. --- src/ChangeLog | 10 ++++++++++ src/window.c | 28 +++++++++++----------------- 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 101fa7ceab7..d2f956fe66f 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,15 @@ 2011-09-04 Paul Eggert + * window.c: Integer overflow fixes. + (window_scroll_line_based, Frecenter): + Check that an Emacs fixnum is in range before assigning it to 'int'. + (Frecenter, Fmove_to_window_line): Use EMACS_INT, not int, for + values converted from Emacs fixnums. + (Frecenter): Don't wrap around a line count if it is out of 'int' + range; instead, treat it as an extreme value. + (Fset_window_configuration, compare_window_configurations): + Use ptrdiff_t, not int, for index that might exceed 2 GiB. + * search.c: Integer overflow fixes (Freplace_match): Use ptrdiff_t, not int, for indexes that can exceed INT_MAX. Check that EMACS_INT value is in range before diff --git a/src/window.c b/src/window.c index 96b1144acf2..e3850387a64 100644 --- a/src/window.c +++ b/src/window.c @@ -4662,14 +4662,9 @@ window_scroll_line_based (Lisp_Object window, int n, int whole, int noerror) if (pos < ZV) { - int this_scroll_margin = scroll_margin; - /* Don't use a scroll margin that is negative or too large. */ - if (this_scroll_margin < 0) - this_scroll_margin = 0; - - if (XINT (w->total_lines) < 4 * scroll_margin) - this_scroll_margin = XINT (w->total_lines) / 4; + int this_scroll_margin = + max (0, min (scroll_margin, XINT (w->total_lines) / 4)); set_marker_restricted_both (w->start, w->buffer, pos, pos_byte); w->start_at_line_beg = bolp; @@ -5057,7 +5052,7 @@ and redisplay normally--don't erase and redraw the frame. */) struct buffer *obuf = current_buffer; int center_p = 0; EMACS_INT charpos, bytepos; - int iarg IF_LINT (= 0); + EMACS_INT iarg IF_LINT (= 0); int this_scroll_margin; /* If redisplay is suppressed due to an error, try again. */ @@ -5096,9 +5091,8 @@ and redisplay normally--don't erase and redraw the frame. */) /* Do this after making BUF current in case scroll_margin is buffer-local. */ - this_scroll_margin = max (0, scroll_margin); - this_scroll_margin = min (this_scroll_margin, - XFASTINT (w->total_lines) / 4); + this_scroll_margin = + max (0, min (scroll_margin, XFASTINT (w->total_lines) / 4)); /* Handle centering on a graphical frame specially. Such frames can have variable-height lines and centering point on the basis of @@ -5122,7 +5116,7 @@ and redisplay normally--don't erase and redraw the frame. */) { struct it it; struct text_pos pt; - int nlines = -iarg; + int nlines = min (INT_MAX, -iarg); int extra_line_spacing; int h = window_box_height (w); void *itdata = bidi_shelve_cache (); @@ -5288,15 +5282,14 @@ zero means top of window, negative means relative to bottom of window. */) lines = displayed_window_lines (w); #if 0 - this_scroll_margin = max (0, scroll_margin); - this_scroll_margin = min (this_scroll_margin, lines / 4); + this_scroll_margin = max (0, min (scroll_margin, lines / 4)); #endif if (NILP (arg)) XSETFASTINT (arg, lines / 2); else { - int iarg = XINT (Fprefix_numeric_value (arg)); + EMACS_INT iarg = XINT (Fprefix_numeric_value (arg)); if (iarg < 0) iarg = iarg + lines; @@ -5468,7 +5461,8 @@ the return value is nil. Otherwise the value is t. */) struct window *root_window; struct window **leaf_windows; int n_leaf_windows; - int k, i, n; + ptrdiff_t k; + int i, n; /* If the frame has been resized since this window configuration was made, we change the frame to the size specified in the @@ -6344,7 +6338,7 @@ compare_window_configurations (Lisp_Object configuration1, Lisp_Object configura { register struct save_window_data *d1, *d2; struct Lisp_Vector *sws1, *sws2; - int i; + ptrdiff_t i; CHECK_WINDOW_CONFIGURATION (configuration1); CHECK_WINDOW_CONFIGURATION (configuration2); -- 2.39.2