aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Eggert2023-05-17 15:36:54 -0700
committerPaul Eggert2023-05-17 15:41:00 -0700
commit5ef169ed701fa4f850fdca5563cdd468207d5d4f (patch)
tree949560affb29a8d9b114bac310a317a8209542ab
parentafbdae00ab59bbda971780fa04dd75dc7d1e7df7 (diff)
downloademacs-5ef169ed701fa4f850fdca5563cdd468207d5d4f.tar.gz
emacs-5ef169ed701fa4f850fdca5563cdd468207d5d4f.zip
Prefer C23 ckd_* to Gnulib *_WRAPV macros
C23 has added ckd_add etc. macros with functionality equivalent to the older Gnulib INT_ADD_WRAPV macros, so switch to the more-standard names. * admin/merge-gnulib (GNULIB_MODULES): Add stdckdint. This merely makes the dependency explicit, as we were already using this Gnulib module indirectly. * lib-src/etags.c, src/lisp.h: Include stdckdint.h. * lib-src/etags.c (xnmalloc, xnrealloc): * src/alloc.c (xnmalloc, xnrealloc, xpalloc, Fmake_string) (mark_memory): * src/bignum.c (emacs_mpz_pow_ui): * src/buffer.c (record_overlay_string, overlay_strings): * src/bytecode.c (exec_byte_code): * src/casefiddle.c (do_casify_multibyte_string): * src/ccl.c (ccl_driver, Fccl_execute_on_string): * src/character.c (char_width, c_string_width) (lisp_string_width, count_size_as_multibyte) (string_escape_byte8): * src/cmds.c (internal_self_insert): * src/coding.c (coding_alloc_by_realloc, produce_chars): * src/data.c (arith_driver): * src/dispnew.c (realloc_glyph_pool, init_display_interactive): * src/doprnt.c (parse_format_integer): * src/editfns.c (Freplace_buffer_contents, str2num) (styled_format): * src/emacs-module.c (module_global_reference_p) (module_make_global_ref, module_funcall): * src/eval.c (max_ensure_room): * src/fileio.c (blocks_to_bytes): * src/fns.c (Ffillarray): * src/font.c (font_intern_prop): * src/frame.c (check_frame_pixels): * src/gnutls.c (gnutls_hex_string, gnutls_symmetric_aead): * src/gtkutil.c (get_utf8_string): * src/haikuterm.c (haiku_term_init): * src/image.c (xbm_scan, image_to_emacs_colors) (image_detect_edges, png_load_body): * src/keyboard.c (Frecursion_depth): * src/keymap.c (Flookup_key, Fkey_description): * src/lisp.h (modiff_incr, SAFE_ALLOCA_LISP_EXTRA): * src/lread.c (read_bool_vector): * src/pgtkterm.c (pgtk_term_init): * src/regex-emacs.c (regex_compile): * src/term.c (encode_terminal_code): * src/termcap.c (tputs): * src/textconv.c (textconv_query): * src/timefns.c (timespec_ticks, lisp_time_hz_ticks) (Fdecode_time, check_tm_member): * src/tparam.c (tparam1): * src/w32term.c (w32_initialize_display_info): * src/xdisp.c (fill_column_indicator_column, decode_mode_spec): * src/xselect.c (selection_data_size, x_property_data_to_lisp): * src/xsmfns.c (smc_save_yourself_CB): * src/xterm.c (xm_setup_dnd_targets, x_sync_get_monotonic_time) (x_sync_current_monotonic_time, x_sync_note_frame_times) (x_display_set_last_user_time, x_term_init): Prefer the C23 stdckdint macros to their Gnulib intprops.h counterparts, since C23 is standard.
Diffstat
-rwxr-xr-xadmin/merge-gnulib2
-rw-r--r--lib-src/etags.c5
-rw-r--r--lib/gnulib.mk.in1
-rw-r--r--src/alloc.c16
-rw-r--r--src/bignum.c2
-rw-r--r--src/buffer.c6
-rw-r--r--src/bytecode.c2
-rw-r--r--src/casefiddle.c4
-rw-r--r--src/ccl.c20
-rw-r--r--src/character.c16
-rw-r--r--src/cmds.c2
-rw-r--r--src/coding.c7
-rw-r--r--src/data.c6
-rw-r--r--src/dispnew.c6
-rw-r--r--src/doprnt.c4
-rw-r--r--src/editfns.c16
-rw-r--r--src/emacs-module.c6
-rw-r--r--src/eval.c2
-rw-r--r--src/fileio.c2
-rw-r--r--src/fns.c3
-rw-r--r--src/font.c2
-rw-r--r--src/frame.c2
-rw-r--r--src/gnutls.c6
-rw-r--r--src/gtkutil.c4
-rw-r--r--src/haikuterm.c2
-rw-r--r--src/image.c22
-rw-r--r--src/keyboard.c2
-rw-r--r--src/keymap.c6
-rw-r--r--src/lisp.h7
-rw-r--r--src/lread.c12
-rw-r--r--src/pgtkterm.c3
-rw-r--r--src/regex-emacs.c5
-rw-r--r--src/term.c2
-rw-r--r--src/termcap.c2
-rw-r--r--src/textconv.c6
-rw-r--r--src/timefns.c18
-rw-r--r--src/tparam.c3
-rw-r--r--src/w32term.c2
-rw-r--r--src/xdisp.c9
-rw-r--r--src/xselect.c6
-rw-r--r--src/xsmfns.c2
-rw-r--r--src/xterm.c46
42 files changed, 143 insertions, 154 deletions
diff --git a/admin/merge-gnulib b/admin/merge-gnulib
index 97487381886..3e7526102ae 100755
--- a/admin/merge-gnulib
+++ b/admin/merge-gnulib
@@ -44,7 +44,7 @@ GNULIB_MODULES='
44 nanosleep nproc nstrftime 44 nanosleep nproc nstrftime
45 pathmax pipe2 pselect pthread_sigmask 45 pathmax pipe2 pselect pthread_sigmask
46 qcopy-acl readlink readlinkat regex 46 qcopy-acl readlink readlinkat regex
47 sig2str sigdescr_np socklen stat-time std-gnu11 stdbool stddef stdio 47 sig2str sigdescr_np socklen stat-time std-gnu11 stdbool stdckdint stddef stdio
48 stpcpy strnlen strtoimax symlink sys_stat sys_time 48 stpcpy strnlen strtoimax symlink sys_stat sys_time
49 tempname time-h time_r time_rz timegm timer-time timespec-add timespec-sub 49 tempname time-h time_r time_rz timegm timer-time timespec-add timespec-sub
50 update-copyright unlocked-io utimensat 50 update-copyright unlocked-io utimensat
diff --git a/lib-src/etags.c b/lib-src/etags.c
index 2c6b4e7a630..147ecbd7c1b 100644
--- a/lib-src/etags.c
+++ b/lib-src/etags.c
@@ -109,6 +109,7 @@ University of California, as described above. */
109#include <limits.h> 109#include <limits.h>
110#include <unistd.h> 110#include <unistd.h>
111#include <stdarg.h> 111#include <stdarg.h>
112#include <stdckdint.h>
112#include <stdlib.h> 113#include <stdlib.h>
113#include <string.h> 114#include <string.h>
114#include <sysstdio.h> 115#include <sysstdio.h>
@@ -8038,7 +8039,7 @@ xnmalloc (ptrdiff_t nitems, ptrdiff_t item_size)
8038 ptrdiff_t nbytes; 8039 ptrdiff_t nbytes;
8039 assume (0 <= nitems); 8040 assume (0 <= nitems);
8040 assume (0 < item_size); 8041 assume (0 < item_size);
8041 if (INT_MULTIPLY_WRAPV (nitems, item_size, &nbytes)) 8042 if (ckd_mul (&nbytes, nitems, item_size))
8042 memory_full (); 8043 memory_full ();
8043 return xmalloc (nbytes); 8044 return xmalloc (nbytes);
8044} 8045}
@@ -8049,7 +8050,7 @@ xnrealloc (void *pa, ptrdiff_t nitems, ptrdiff_t item_size)
8049 ptrdiff_t nbytes; 8050 ptrdiff_t nbytes;
8050 assume (0 <= nitems); 8051 assume (0 <= nitems);
8051 assume (0 < item_size); 8052 assume (0 < item_size);
8052 if (INT_MULTIPLY_WRAPV (nitems, item_size, &nbytes) || SIZE_MAX < nbytes) 8053 if (ckd_mul (&nbytes, nitems, item_size) || SIZE_MAX < nbytes)
8053 memory_full (); 8054 memory_full ();
8054 void *result = realloc (pa, nbytes); 8055 void *result = realloc (pa, nbytes);
8055 if (!result) 8056 if (!result)
diff --git a/lib/gnulib.mk.in b/lib/gnulib.mk.in
index 5722e2588eb..a25bee25aae 100644
--- a/lib/gnulib.mk.in
+++ b/lib/gnulib.mk.in
@@ -147,6 +147,7 @@
147# stat-time \ 147# stat-time \
148# std-gnu11 \ 148# std-gnu11 \
149# stdbool \ 149# stdbool \
150# stdckdint \
150# stddef \ 151# stddef \
151# stdio \ 152# stdio \
152# stpcpy \ 153# stpcpy \
diff --git a/src/alloc.c b/src/alloc.c
index 29393deeff4..17ca5c725d0 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -863,7 +863,7 @@ xnmalloc (ptrdiff_t nitems, ptrdiff_t item_size)
863{ 863{
864 eassert (0 <= nitems && 0 < item_size); 864 eassert (0 <= nitems && 0 < item_size);
865 ptrdiff_t nbytes; 865 ptrdiff_t nbytes;
866 if (INT_MULTIPLY_WRAPV (nitems, item_size, &nbytes) || SIZE_MAX < nbytes) 866 if (ckd_mul (&nbytes, nitems, item_size) || SIZE_MAX < nbytes)
867 memory_full (SIZE_MAX); 867 memory_full (SIZE_MAX);
868 return xmalloc (nbytes); 868 return xmalloc (nbytes);
869} 869}
@@ -877,7 +877,7 @@ xnrealloc (void *pa, ptrdiff_t nitems, ptrdiff_t item_size)
877{ 877{
878 eassert (0 <= nitems && 0 < item_size); 878 eassert (0 <= nitems && 0 < item_size);
879 ptrdiff_t nbytes; 879 ptrdiff_t nbytes;
880 if (INT_MULTIPLY_WRAPV (nitems, item_size, &nbytes) || SIZE_MAX < nbytes) 880 if (ckd_mul (&nbytes, nitems, item_size) || SIZE_MAX < nbytes)
881 memory_full (SIZE_MAX); 881 memory_full (SIZE_MAX);
882 return xrealloc (pa, nbytes); 882 return xrealloc (pa, nbytes);
883} 883}
@@ -924,13 +924,13 @@ xpalloc (void *pa, ptrdiff_t *nitems, ptrdiff_t nitems_incr_min,
924 NITEMS_MAX, and what the C language can represent safely. */ 924 NITEMS_MAX, and what the C language can represent safely. */
925 925
926 ptrdiff_t n, nbytes; 926 ptrdiff_t n, nbytes;
927 if (INT_ADD_WRAPV (n0, n0 >> 1, &n)) 927 if (ckd_add (&n, n0, n0 >> 1))
928 n = PTRDIFF_MAX; 928 n = PTRDIFF_MAX;
929 if (0 <= nitems_max && nitems_max < n) 929 if (0 <= nitems_max && nitems_max < n)
930 n = nitems_max; 930 n = nitems_max;
931 931
932 ptrdiff_t adjusted_nbytes 932 ptrdiff_t adjusted_nbytes
933 = ((INT_MULTIPLY_WRAPV (n, item_size, &nbytes) || SIZE_MAX < nbytes) 933 = ((ckd_mul (&nbytes, n, item_size) || SIZE_MAX < nbytes)
934 ? min (PTRDIFF_MAX, SIZE_MAX) 934 ? min (PTRDIFF_MAX, SIZE_MAX)
935 : nbytes < DEFAULT_MXFAST ? DEFAULT_MXFAST : 0); 935 : nbytes < DEFAULT_MXFAST ? DEFAULT_MXFAST : 0);
936 if (adjusted_nbytes) 936 if (adjusted_nbytes)
@@ -942,9 +942,9 @@ xpalloc (void *pa, ptrdiff_t *nitems, ptrdiff_t nitems_incr_min,
942 if (! pa) 942 if (! pa)
943 *nitems = 0; 943 *nitems = 0;
944 if (n - n0 < nitems_incr_min 944 if (n - n0 < nitems_incr_min
945 && (INT_ADD_WRAPV (n0, nitems_incr_min, &n) 945 && (ckd_add (&n, n0, nitems_incr_min)
946 || (0 <= nitems_max && nitems_max < n) 946 || (0 <= nitems_max && nitems_max < n)
947 || INT_MULTIPLY_WRAPV (n, item_size, &nbytes))) 947 || ckd_mul (&nbytes, n, item_size)))
948 memory_full (SIZE_MAX); 948 memory_full (SIZE_MAX);
949 pa = xrealloc (pa, nbytes); 949 pa = xrealloc (pa, nbytes);
950 *nitems = n; 950 *nitems = n;
@@ -2375,7 +2375,7 @@ a multibyte string even if INIT is an ASCII character. */)
2375 ptrdiff_t len = CHAR_STRING (c, str); 2375 ptrdiff_t len = CHAR_STRING (c, str);
2376 EMACS_INT string_len = XFIXNUM (length); 2376 EMACS_INT string_len = XFIXNUM (length);
2377 2377
2378 if (INT_MULTIPLY_WRAPV (len, string_len, &nbytes)) 2378 if (ckd_mul (&nbytes, len, string_len))
2379 string_overflow (); 2379 string_overflow ();
2380 val = make_clear_multibyte_string (string_len, nbytes, clearit); 2380 val = make_clear_multibyte_string (string_len, nbytes, clearit);
2381 if (!clearit) 2381 if (!clearit)
@@ -5226,7 +5226,7 @@ mark_memory (void const *start, void const *end)
5226 a Lisp_Object might be split into registers saved into 5226 a Lisp_Object might be split into registers saved into
5227 non-adjacent words and P might be the low-order word's value. */ 5227 non-adjacent words and P might be the low-order word's value. */
5228 intptr_t ip; 5228 intptr_t ip;
5229 INT_ADD_WRAPV ((intptr_t) p, (intptr_t) lispsym, &ip); 5229 ckd_add (&ip, (intptr_t) p, (intptr_t) lispsym);
5230 mark_maybe_pointer ((void *) ip, true); 5230 mark_maybe_pointer ((void *) ip, true);
5231 } 5231 }
5232} 5232}
diff --git a/src/bignum.c b/src/bignum.c
index e64653b2873..22ed171533f 100644
--- a/src/bignum.c
+++ b/src/bignum.c
@@ -354,7 +354,7 @@ emacs_mpz_pow_ui (mpz_t rop, mpz_t const base, unsigned long exp)
354 enum { lim = min (NLIMBS_LIMIT, GMP_NLIMBS_MAX - pow_ui_extra_limbs) }; 354 enum { lim = min (NLIMBS_LIMIT, GMP_NLIMBS_MAX - pow_ui_extra_limbs) };
355 355
356 int nbase = emacs_mpz_size (base), n; 356 int nbase = emacs_mpz_size (base), n;
357 if (INT_MULTIPLY_WRAPV (nbase, exp, &n) || lim < n) 357 if (ckd_mul (&n, nbase, exp) || lim < n)
358 overflow_error (); 358 overflow_error ();
359 mpz_pow_ui (rop, base, exp); 359 mpz_pow_ui (rop, base, exp);
360} 360}
diff --git a/src/buffer.c b/src/buffer.c
index 7951b7ac322..0c46b201586 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -3343,7 +3343,7 @@ record_overlay_string (struct sortstrlist *ssl, Lisp_Object str,
3343 else 3343 else
3344 nbytes = SBYTES (str); 3344 nbytes = SBYTES (str);
3345 3345
3346 if (INT_ADD_WRAPV (ssl->bytes, nbytes, &nbytes)) 3346 if (ckd_add (&nbytes, nbytes, ssl->bytes))
3347 memory_full (SIZE_MAX); 3347 memory_full (SIZE_MAX);
3348 ssl->bytes = nbytes; 3348 ssl->bytes = nbytes;
3349 3349
@@ -3357,7 +3357,7 @@ record_overlay_string (struct sortstrlist *ssl, Lisp_Object str,
3357 else 3357 else
3358 nbytes = SBYTES (str2); 3358 nbytes = SBYTES (str2);
3359 3359
3360 if (INT_ADD_WRAPV (ssl->bytes, nbytes, &nbytes)) 3360 if (ckd_add (&nbytes, nbytes, ssl->bytes))
3361 memory_full (SIZE_MAX); 3361 memory_full (SIZE_MAX);
3362 ssl->bytes = nbytes; 3362 ssl->bytes = nbytes;
3363 } 3363 }
@@ -3429,7 +3429,7 @@ overlay_strings (ptrdiff_t pos, struct window *w, unsigned char **pstr)
3429 unsigned char *p; 3429 unsigned char *p;
3430 ptrdiff_t total; 3430 ptrdiff_t total;
3431 3431
3432 if (INT_ADD_WRAPV (overlay_heads.bytes, overlay_tails.bytes, &total)) 3432 if (ckd_add (&total, overlay_heads.bytes, overlay_tails.bytes))
3433 memory_full (SIZE_MAX); 3433 memory_full (SIZE_MAX);
3434 if (total > overlay_str_len) 3434 if (total > overlay_str_len)
3435 overlay_str_buf = xpalloc (overlay_str_buf, &overlay_str_len, 3435 overlay_str_buf = xpalloc (overlay_str_buf, &overlay_str_len,
diff --git a/src/bytecode.c b/src/bytecode.c
index 74a94859aba..4207ff0b71f 100644
--- a/src/bytecode.c
+++ b/src/bytecode.c
@@ -1327,7 +1327,7 @@ exec_byte_code (Lisp_Object fun, ptrdiff_t args_template,
1327 Lisp_Object v1 = TOP; 1327 Lisp_Object v1 = TOP;
1328 intmax_t res; 1328 intmax_t res;
1329 if (FIXNUMP (v1) && FIXNUMP (v2) 1329 if (FIXNUMP (v1) && FIXNUMP (v2)
1330 && !INT_MULTIPLY_WRAPV (XFIXNUM (v1), XFIXNUM (v2), &res) 1330 && !ckd_mul (&res, XFIXNUM (v1), XFIXNUM (v2))
1331 && !FIXNUM_OVERFLOW_P (res)) 1331 && !FIXNUM_OVERFLOW_P (res))
1332 TOP = make_fixnum (res); 1332 TOP = make_fixnum (res);
1333 else 1333 else
diff --git a/src/casefiddle.c b/src/casefiddle.c
index 1a959b1c07b..d567a5e353a 100644
--- a/src/casefiddle.c
+++ b/src/casefiddle.c
@@ -283,8 +283,8 @@ do_casify_multibyte_string (struct casing_context *ctx, Lisp_Object obj)
283 283
284 ptrdiff_t size = SCHARS (obj), n; 284 ptrdiff_t size = SCHARS (obj), n;
285 USE_SAFE_ALLOCA; 285 USE_SAFE_ALLOCA;
286 if (INT_MULTIPLY_WRAPV (size, MAX_MULTIBYTE_LENGTH, &n) 286 if (ckd_mul (&n, size, MAX_MULTIBYTE_LENGTH)
287 || INT_ADD_WRAPV (n, sizeof (struct casing_str_buf), &n)) 287 || ckd_add (&n, n, sizeof (struct casing_str_buf)))
288 n = PTRDIFF_MAX; 288 n = PTRDIFF_MAX;
289 unsigned char *dst = SAFE_ALLOCA (n); 289 unsigned char *dst = SAFE_ALLOCA (n);
290 unsigned char *dst_end = dst + n; 290 unsigned char *dst_end = dst + n;
diff --git a/src/ccl.c b/src/ccl.c
index ce9abd59493..67f2a275841 100644
--- a/src/ccl.c
+++ b/src/ccl.c
@@ -1156,9 +1156,9 @@ ccl_driver (struct ccl_program *ccl, int *source, int *destination, int src_size
1156 ccl_expr_self: 1156 ccl_expr_self:
1157 switch (op) 1157 switch (op)
1158 { 1158 {
1159 case CCL_PLUS: INT_ADD_WRAPV (reg[rrr], i, &reg[rrr]); break; 1159 case CCL_PLUS: ckd_add (&reg[rrr], reg[rrr], i); break;
1160 case CCL_MINUS: INT_SUBTRACT_WRAPV (reg[rrr], i, &reg[rrr]); break; 1160 case CCL_MINUS: ckd_sub (&reg[rrr], reg[rrr], i); break;
1161 case CCL_MUL: INT_MULTIPLY_WRAPV (reg[rrr], i, &reg[rrr]); break; 1161 case CCL_MUL: ckd_mul (&reg[rrr], reg[rrr], i); break;
1162 case CCL_DIV: 1162 case CCL_DIV:
1163 if (!i) 1163 if (!i)
1164 CCL_INVALID_CMD; 1164 CCL_INVALID_CMD;
@@ -1194,7 +1194,7 @@ ccl_driver (struct ccl_program *ccl, int *source, int *destination, int src_size
1194 if (i == -1) 1194 if (i == -1)
1195 { 1195 {
1196 reg[7] = 0; 1196 reg[7] = 0;
1197 INT_SUBTRACT_WRAPV (0, reg[rrr], &reg[rrr]); 1197 ckd_sub (&reg[rrr], 0, reg[rrr]);
1198 } 1198 }
1199 else 1199 else
1200 { 1200 {
@@ -1251,9 +1251,9 @@ ccl_driver (struct ccl_program *ccl, int *source, int *destination, int src_size
1251 ccl_set_expr: 1251 ccl_set_expr:
1252 switch (op) 1252 switch (op)
1253 { 1253 {
1254 case CCL_PLUS: INT_ADD_WRAPV (i, j, &reg[rrr]); break; 1254 case CCL_PLUS: ckd_add (&reg[rrr], i, j); break;
1255 case CCL_MINUS: INT_SUBTRACT_WRAPV (i, j, &reg[rrr]); break; 1255 case CCL_MINUS: ckd_sub (&reg[rrr], i, j); break;
1256 case CCL_MUL: INT_MULTIPLY_WRAPV (i, j, &reg[rrr]); break; 1256 case CCL_MUL: ckd_mul (&reg[rrr], i, j); break;
1257 case CCL_DIV: 1257 case CCL_DIV:
1258 if (!j) 1258 if (!j)
1259 CCL_INVALID_CMD; 1259 CCL_INVALID_CMD;
@@ -1288,7 +1288,7 @@ ccl_driver (struct ccl_program *ccl, int *source, int *destination, int src_size
1288 CCL_INVALID_CMD; 1288 CCL_INVALID_CMD;
1289 if (j == -1) 1289 if (j == -1)
1290 { 1290 {
1291 INT_SUBTRACT_WRAPV (0, reg[rrr], &reg[rrr]); 1291 ckd_sub (&reg[rrr], 0, reg[rrr]);
1292 reg[7] = 0; 1292 reg[7] = 0;
1293 } 1293 }
1294 else 1294 else
@@ -2169,8 +2169,8 @@ usage: (ccl-execute-on-string CCL-PROGRAM STATUS STRING &optional CONTINUE UNIBY
2169 2169
2170 buf_magnification = ccl.buf_magnification ? ccl.buf_magnification : 1; 2170 buf_magnification = ccl.buf_magnification ? ccl.buf_magnification : 1;
2171 outbufsize = str_bytes; 2171 outbufsize = str_bytes;
2172 if (INT_MULTIPLY_WRAPV (buf_magnification, outbufsize, &outbufsize) 2172 if (ckd_mul (&outbufsize, outbufsize, buf_magnification)
2173 || INT_ADD_WRAPV (256, outbufsize, &outbufsize)) 2173 || ckd_add (&outbufsize, outbufsize, 256))
2174 memory_full (SIZE_MAX); 2174 memory_full (SIZE_MAX);
2175 outp = outbuf = xmalloc (outbufsize); 2175 outp = outbuf = xmalloc (outbufsize);
2176 2176
diff --git a/src/character.c b/src/character.c
index d0b18367a83..ae153a579d6 100644
--- a/src/character.c
+++ b/src/character.c
@@ -250,7 +250,7 @@ char_width (int c, struct Lisp_Char_Table *dp)
250 if (c >= 0) 250 if (c >= 0)
251 { 251 {
252 int w = CHARACTER_WIDTH (c); 252 int w = CHARACTER_WIDTH (c);
253 if (INT_ADD_WRAPV (width, w, &width)) 253 if (ckd_add (&width, width, w))
254 string_overflow (); 254 string_overflow ();
255 } 255 }
256 } 256 }
@@ -301,7 +301,7 @@ c_string_width (const unsigned char *str, ptrdiff_t len, int precision,
301 *nbytes = i_byte; 301 *nbytes = i_byte;
302 return width; 302 return width;
303 } 303 }
304 if (INT_ADD_WRAPV (thiswidth, width, &width)) 304 if (ckd_add (&width, width, thiswidth))
305 string_overflow (); 305 string_overflow ();
306 i++; 306 i++;
307 i_byte += bytes; 307 i_byte += bytes;
@@ -441,7 +441,7 @@ lisp_string_width (Lisp_Object string, ptrdiff_t from, ptrdiff_t to,
441 *nbytes = i_byte - from_byte; 441 *nbytes = i_byte - from_byte;
442 return width; 442 return width;
443 } 443 }
444 if (INT_ADD_WRAPV (thiswidth, width, &width)) 444 if (ckd_add (&width, width, thiswidth))
445 string_overflow (); 445 string_overflow ();
446 i += chars; 446 i += chars;
447 i_byte += bytes; 447 i_byte += bytes;
@@ -664,7 +664,7 @@ count_size_as_multibyte (const unsigned char *str, ptrdiff_t len)
664 for (ptrdiff_t i = 0; i < len; i++) 664 for (ptrdiff_t i = 0; i < len; i++)
665 nonascii += str[i] >> 7; 665 nonascii += str[i] >> 7;
666 ptrdiff_t bytes; 666 ptrdiff_t bytes;
667 if (INT_ADD_WRAPV (len, nonascii, &bytes)) 667 if (ckd_add (&bytes, len, nonascii))
668 string_overflow (); 668 string_overflow ();
669 return bytes; 669 return bytes;
670} 670}
@@ -780,21 +780,21 @@ string_escape_byte8 (Lisp_Object string)
780 if (byte8_count == 0) 780 if (byte8_count == 0)
781 return string; 781 return string;
782 782
783 if (INT_MULTIPLY_WRAPV (byte8_count, 3, &thrice_byte8_count)) 783 if (ckd_mul (&thrice_byte8_count, byte8_count, 3))
784 string_overflow (); 784 string_overflow ();
785 785
786 if (multibyte) 786 if (multibyte)
787 { 787 {
788 /* Convert 2-byte sequence of byte8 chars to 4-byte octal. */ 788 /* Convert 2-byte sequence of byte8 chars to 4-byte octal. */
789 if (INT_ADD_WRAPV (nchars, thrice_byte8_count, &uninit_nchars) 789 if (ckd_add (&uninit_nchars, nchars, thrice_byte8_count)
790 || INT_ADD_WRAPV (nbytes, 2 * byte8_count, &uninit_nbytes)) 790 || ckd_add (&uninit_nbytes, nbytes, 2 * byte8_count))
791 string_overflow (); 791 string_overflow ();
792 val = make_uninit_multibyte_string (uninit_nchars, uninit_nbytes); 792 val = make_uninit_multibyte_string (uninit_nchars, uninit_nbytes);
793 } 793 }
794 else 794 else
795 { 795 {
796 /* Convert 1-byte sequence of byte8 chars to 4-byte octal. */ 796 /* Convert 1-byte sequence of byte8 chars to 4-byte octal. */
797 if (INT_ADD_WRAPV (thrice_byte8_count, nbytes, &uninit_nbytes)) 797 if (ckd_add (&uninit_nbytes, thrice_byte8_count, nbytes))
798 string_overflow (); 798 string_overflow ();
799 val = make_uninit_string (uninit_nbytes); 799 val = make_uninit_string (uninit_nbytes);
800 } 800 }
diff --git a/src/cmds.c b/src/cmds.c
index 15caa4a6972..37e1779296a 100644
--- a/src/cmds.c
+++ b/src/cmds.c
@@ -453,7 +453,7 @@ internal_self_insert (int c, EMACS_INT n)
453 } 453 }
454 454
455 ptrdiff_t to; 455 ptrdiff_t to;
456 if (INT_ADD_WRAPV (PT, chars_to_delete, &to)) 456 if (ckd_add (&to, PT, chars_to_delete))
457 to = PTRDIFF_MAX; 457 to = PTRDIFF_MAX;
458 replace_range (PT, to, string, 1, 1, 1, 0, false); 458 replace_range (PT, to, string, 1, 1, 1, 0, false);
459 Fforward_char (make_fixnum (n)); 459 Fforward_char (make_fixnum (n));
diff --git a/src/coding.c b/src/coding.c
index a2e0d7040f8..f014749c4ea 100644
--- a/src/coding.c
+++ b/src/coding.c
@@ -989,7 +989,7 @@ static void
989coding_alloc_by_realloc (struct coding_system *coding, ptrdiff_t bytes) 989coding_alloc_by_realloc (struct coding_system *coding, ptrdiff_t bytes)
990{ 990{
991 ptrdiff_t newbytes; 991 ptrdiff_t newbytes;
992 if (INT_ADD_WRAPV (coding->dst_bytes, bytes, &newbytes) 992 if (ckd_add (&newbytes, coding->dst_bytes, bytes)
993 || SIZE_MAX < newbytes) 993 || SIZE_MAX < newbytes)
994 string_overflow (); 994 string_overflow ();
995 coding->destination = xrealloc (coding->destination, newbytes); 995 coding->destination = xrealloc (coding->destination, newbytes);
@@ -7059,9 +7059,8 @@ produce_chars (struct coding_system *coding, Lisp_Object translation_table,
7059 { 7059 {
7060 eassert (growable_destination (coding)); 7060 eassert (growable_destination (coding));
7061 ptrdiff_t dst_size; 7061 ptrdiff_t dst_size;
7062 if (INT_MULTIPLY_WRAPV (to_nchars, MAX_MULTIBYTE_LENGTH, 7062 if (ckd_mul (&dst_size, to_nchars, MAX_MULTIBYTE_LENGTH)
7063 &dst_size) 7063 || ckd_add (&dst_size, dst_size, buf_end - buf))
7064 || INT_ADD_WRAPV (buf_end - buf, dst_size, &dst_size))
7065 memory_full (SIZE_MAX); 7064 memory_full (SIZE_MAX);
7066 dst = alloc_destination (coding, dst_size, dst); 7065 dst = alloc_destination (coding, dst_size, dst);
7067 if (EQ (coding->src_object, coding->dst_object)) 7066 if (EQ (coding->src_object, coding->dst_object))
diff --git a/src/data.c b/src/data.c
index 8f9ee63e779..9d7e7effdcd 100644
--- a/src/data.c
+++ b/src/data.c
@@ -3190,9 +3190,9 @@ arith_driver (enum arithop code, ptrdiff_t nargs, Lisp_Object *args,
3190 intmax_t a; 3190 intmax_t a;
3191 switch (code) 3191 switch (code)
3192 { 3192 {
3193 case Aadd : overflow = INT_ADD_WRAPV (accum, next, &a); break; 3193 case Aadd : overflow = ckd_add (&a, accum, next); break;
3194 case Amult: overflow = INT_MULTIPLY_WRAPV (accum, next, &a); break; 3194 case Amult: overflow = ckd_mul (&a, accum, next); break;
3195 case Asub : overflow = INT_SUBTRACT_WRAPV (accum, next, &a); break; 3195 case Asub : overflow = ckd_sub (&a, accum, next); break;
3196 case Adiv: 3196 case Adiv:
3197 if (next == 0) 3197 if (next == 0)
3198 xsignal0 (Qarith_error); 3198 xsignal0 (Qarith_error);
diff --git a/src/dispnew.c b/src/dispnew.c
index a928a5d1b14..9133d515ca3 100644
--- a/src/dispnew.c
+++ b/src/dispnew.c
@@ -1385,7 +1385,7 @@ realloc_glyph_pool (struct glyph_pool *pool, struct dim matrix_dim)
1385 || matrix_dim.width != pool->ncolumns); 1385 || matrix_dim.width != pool->ncolumns);
1386 1386
1387 /* Enlarge the glyph pool. */ 1387 /* Enlarge the glyph pool. */
1388 if (INT_MULTIPLY_WRAPV (matrix_dim.height, matrix_dim.width, &needed)) 1388 if (ckd_mul (&needed, matrix_dim.height, matrix_dim.width))
1389 memory_full (SIZE_MAX); 1389 memory_full (SIZE_MAX);
1390 if (needed > pool->nglyphs) 1390 if (needed > pool->nglyphs)
1391 { 1391 {
@@ -6653,8 +6653,8 @@ init_display_interactive (void)
6653 change. It's not clear what better we could do. The rest of 6653 change. It's not clear what better we could do. The rest of
6654 the code assumes that (width + 2) * height * sizeof (struct glyph) 6654 the code assumes that (width + 2) * height * sizeof (struct glyph)
6655 does not overflow and does not exceed PTRDIFF_MAX or SIZE_MAX. */ 6655 does not overflow and does not exceed PTRDIFF_MAX or SIZE_MAX. */
6656 if (INT_ADD_WRAPV (width, 2, &area) 6656 if (ckd_add (&area, width, 2)
6657 || INT_MULTIPLY_WRAPV (height, area, &area) 6657 || ckd_mul (&area, area, height)
6658 || min (PTRDIFF_MAX, SIZE_MAX) / sizeof (struct glyph) < area) 6658 || min (PTRDIFF_MAX, SIZE_MAX) / sizeof (struct glyph) < area)
6659 fatal ("screen size %dx%d too big", width, height); 6659 fatal ("screen size %dx%d too big", width, height);
6660 } 6660 }
diff --git a/src/doprnt.c b/src/doprnt.c
index 3ebb957e9f2..e8911fad252 100644
--- a/src/doprnt.c
+++ b/src/doprnt.c
@@ -134,8 +134,8 @@ parse_format_integer (char const *fmt, int *value)
134 bool overflow = false; 134 bool overflow = false;
135 for (; '0' <= *fmt && *fmt <= '9'; fmt++) 135 for (; '0' <= *fmt && *fmt <= '9'; fmt++)
136 { 136 {
137 overflow |= INT_MULTIPLY_WRAPV (n, 10, &n); 137 overflow |= ckd_mul (&n, n, 10);
138 overflow |= INT_ADD_WRAPV (n, *fmt - '0', &n); 138 overflow |= ckd_add (&n, n, *fmt - '0');
139 } 139 }
140 if (overflow || min (PTRDIFF_MAX, SIZE_MAX) - SIZE_BOUND_EXTRA < n) 140 if (overflow || min (PTRDIFF_MAX, SIZE_MAX) - SIZE_BOUND_EXTRA < n)
141 error ("Format width or precision too large"); 141 error ("Format width or precision too large");
diff --git a/src/editfns.c b/src/editfns.c
index d02cce4aef3..44e11841faa 100644
--- a/src/editfns.c
+++ b/src/editfns.c
@@ -2027,8 +2027,8 @@ nil. */)
2027 ptrdiff_t ins_bytes = size_b / CHAR_BIT + 1; 2027 ptrdiff_t ins_bytes = size_b / CHAR_BIT + 1;
2028 ptrdiff_t *buffer; 2028 ptrdiff_t *buffer;
2029 ptrdiff_t bytes_needed; 2029 ptrdiff_t bytes_needed;
2030 if (INT_MULTIPLY_WRAPV (diags, 2 * sizeof *buffer, &bytes_needed) 2030 if (ckd_mul (&bytes_needed, diags, 2 * sizeof *buffer)
2031 || INT_ADD_WRAPV (del_bytes + ins_bytes, bytes_needed, &bytes_needed)) 2031 || ckd_add (&bytes_needed, bytes_needed, del_bytes + ins_bytes))
2032 memory_full (SIZE_MAX); 2032 memory_full (SIZE_MAX);
2033 USE_SAFE_ALLOCA; 2033 USE_SAFE_ALLOCA;
2034 buffer = SAFE_ALLOCA (bytes_needed); 2034 buffer = SAFE_ALLOCA (bytes_needed);
@@ -3296,7 +3296,7 @@ str2num (char *str, char **str_end)
3296{ 3296{
3297 ptrdiff_t n = 0; 3297 ptrdiff_t n = 0;
3298 for (; c_isdigit (*str); str++) 3298 for (; c_isdigit (*str); str++)
3299 if (INT_MULTIPLY_WRAPV (n, 10, &n) || INT_ADD_WRAPV (n, *str - '0', &n)) 3299 if (ckd_mul (&n, n, 10) || ckd_add (&n, n, *str - '0'))
3300 n = PTRDIFF_MAX; 3300 n = PTRDIFF_MAX;
3301 *str_end = str; 3301 *str_end = str;
3302 return n; 3302 return n;
@@ -3464,8 +3464,8 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message)
3464 3464
3465 /* Allocate the info and discarded tables. */ 3465 /* Allocate the info and discarded tables. */
3466 ptrdiff_t info_size, alloca_size; 3466 ptrdiff_t info_size, alloca_size;
3467 if (INT_MULTIPLY_WRAPV (nspec_bound, sizeof *info, &info_size) 3467 if (ckd_mul (&info_size, nspec_bound, sizeof *info)
3468 || INT_ADD_WRAPV (formatlen, info_size, &alloca_size) 3468 || ckd_add (&alloca_size, formatlen, info_size)
3469 || SIZE_MAX < alloca_size) 3469 || SIZE_MAX < alloca_size)
3470 memory_full (SIZE_MAX); 3470 memory_full (SIZE_MAX);
3471 info = SAFE_ALLOCA (alloca_size); 3471 info = SAFE_ALLOCA (alloca_size);
@@ -4012,8 +4012,8 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message)
4012 /* Compute the total bytes needed for this item, including 4012 /* Compute the total bytes needed for this item, including
4013 excess precision and padding. */ 4013 excess precision and padding. */
4014 ptrdiff_t numwidth; 4014 ptrdiff_t numwidth;
4015 if (INT_ADD_WRAPV (prefixlen + sprintf_bytes, excess_precision, 4015 if (ckd_add (&numwidth, prefixlen + sprintf_bytes,
4016 &numwidth)) 4016 excess_precision))
4017 numwidth = PTRDIFF_MAX; 4017 numwidth = PTRDIFF_MAX;
4018 ptrdiff_t padding 4018 ptrdiff_t padding
4019 = numwidth < field_width ? field_width - numwidth : 0; 4019 = numwidth < field_width ? field_width - numwidth : 0;
@@ -4173,7 +4173,7 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message)
4173 4173
4174 ptrdiff_t used = p - buf; 4174 ptrdiff_t used = p - buf;
4175 ptrdiff_t buflen_needed; 4175 ptrdiff_t buflen_needed;
4176 if (INT_ADD_WRAPV (used, convbytes, &buflen_needed)) 4176 if (ckd_add (&buflen_needed, used, convbytes))
4177 string_overflow (); 4177 string_overflow ();
4178 if (bufsize <= buflen_needed) 4178 if (bufsize <= buflen_needed)
4179 { 4179 {
diff --git a/src/emacs-module.c b/src/emacs-module.c
index d158e243139..10699ec25d9 100644
--- a/src/emacs-module.c
+++ b/src/emacs-module.c
@@ -416,7 +416,7 @@ module_global_reference_p (emacs_value v, ptrdiff_t *n)
416 } 416 }
417 /* Only used for debugging, so we don't care about overflow, just 417 /* Only used for debugging, so we don't care about overflow, just
418 make sure the operation is defined. */ 418 make sure the operation is defined. */
419 INT_ADD_WRAPV (*n, h->count, n); 419 ckd_add (n, *n, h->count);
420 return false; 420 return false;
421} 421}
422 422
@@ -435,7 +435,7 @@ module_make_global_ref (emacs_env *env, emacs_value value)
435 { 435 {
436 Lisp_Object value = HASH_VALUE (h, i); 436 Lisp_Object value = HASH_VALUE (h, i);
437 struct module_global_reference *ref = XMODULE_GLOBAL_REFERENCE (value); 437 struct module_global_reference *ref = XMODULE_GLOBAL_REFERENCE (value);
438 bool overflow = INT_ADD_WRAPV (ref->refcount, 1, &ref->refcount); 438 bool overflow = ckd_add (&ref->refcount, ref->refcount, 1);
439 if (overflow) 439 if (overflow)
440 overflow_error (); 440 overflow_error ();
441 return &ref->value; 441 return &ref->value;
@@ -662,7 +662,7 @@ module_funcall (emacs_env *env, emacs_value func, ptrdiff_t nargs,
662 Lisp_Object *newargs; 662 Lisp_Object *newargs;
663 USE_SAFE_ALLOCA; 663 USE_SAFE_ALLOCA;
664 ptrdiff_t nargs1; 664 ptrdiff_t nargs1;
665 if (INT_ADD_WRAPV (nargs, 1, &nargs1)) 665 if (ckd_add (&nargs1, nargs, 1))
666 overflow_error (); 666 overflow_error ();
667 SAFE_ALLOCA_LISP (newargs, nargs1); 667 SAFE_ALLOCA_LISP (newargs, nargs1);
668 newargs[0] = value_to_lisp (func); 668 newargs[0] = value_to_lisp (func);
diff --git a/src/eval.c b/src/eval.c
index cd3eb0a3676..3f4e77cd3b1 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -254,7 +254,7 @@ init_eval (void)
254static void 254static void
255max_ensure_room (intmax_t *m, intmax_t a, intmax_t b) 255max_ensure_room (intmax_t *m, intmax_t a, intmax_t b)
256{ 256{
257 intmax_t sum = INT_ADD_WRAPV (a, b, &sum) ? INTMAX_MAX : sum; 257 intmax_t sum = ckd_add (&sum, a, b) ? INTMAX_MAX : sum;
258 *m = max (*m, sum); 258 *m = max (*m, sum);
259} 259}
260 260
diff --git a/src/fileio.c b/src/fileio.c
index a364aa2ea33..859cf57d249 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -6276,7 +6276,7 @@ static Lisp_Object
6276blocks_to_bytes (uintmax_t blocksize, uintmax_t blocks, bool negate) 6276blocks_to_bytes (uintmax_t blocksize, uintmax_t blocks, bool negate)
6277{ 6277{
6278 intmax_t n; 6278 intmax_t n;
6279 if (!INT_MULTIPLY_WRAPV (blocksize, blocks, &n)) 6279 if (!ckd_mul (&n, blocksize, blocks))
6280 return make_int (negate ? -n : n); 6280 return make_int (negate ? -n : n);
6281 Lisp_Object bs = make_uint (blocksize); 6281 Lisp_Object bs = make_uint (blocksize);
6282 if (negate) 6282 if (negate)
diff --git a/src/fns.c b/src/fns.c
index 561f526f8d0..bfd19e8c8f2 100644
--- a/src/fns.c
+++ b/src/fns.c
@@ -2938,8 +2938,7 @@ ARRAY is a vector, string, char-table, or bool-vector. */)
2938 else 2938 else
2939 { 2939 {
2940 ptrdiff_t product; 2940 ptrdiff_t product;
2941 if (INT_MULTIPLY_WRAPV (size, len, &product) 2941 if (ckd_mul (&product, size, len) || product != size_byte)
2942 || product != size_byte)
2943 error ("Attempt to change byte length of a string"); 2942 error ("Attempt to change byte length of a string");
2944 for (idx = 0; idx < size_byte; idx++) 2943 for (idx = 0; idx < size_byte; idx++)
2945 *p++ = str[idx % len]; 2944 *p++ = str[idx % len];
diff --git a/src/font.c b/src/font.c
index de8748dd857..e586277a5d3 100644
--- a/src/font.c
+++ b/src/font.c
@@ -279,7 +279,7 @@ font_intern_prop (const char *str, ptrdiff_t len, bool force_symbol)
279 { 279 {
280 if (i == len) 280 if (i == len)
281 return make_fixnum (n); 281 return make_fixnum (n);
282 if (INT_MULTIPLY_WRAPV (n, 10, &n)) 282 if (ckd_mul (&n, n, 10))
283 break; 283 break;
284 } 284 }
285 285
diff --git a/src/frame.c b/src/frame.c
index 2cea96d4a32..037914ac9dc 100644
--- a/src/frame.c
+++ b/src/frame.c
@@ -3729,7 +3729,7 @@ check_frame_pixels (Lisp_Object size, Lisp_Object pixelwise, int item_size)
3729 item_size = 1; 3729 item_size = 1;
3730 3730
3731 if (!integer_to_intmax (size, &sz) 3731 if (!integer_to_intmax (size, &sz)
3732 || INT_MULTIPLY_WRAPV (sz, item_size, &pixel_size)) 3732 || ckd_mul (&pixel_size, sz, item_size))
3733 args_out_of_range_3 (size, make_int (INT_MIN / item_size), 3733 args_out_of_range_3 (size, make_int (INT_MIN / item_size),
3734 make_int (INT_MAX / item_size)); 3734 make_int (INT_MAX / item_size));
3735 3735
diff --git a/src/gnutls.c b/src/gnutls.c
index ca7e9fc4c73..8f0e2d01703 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1083,8 +1083,8 @@ gnutls_hex_string (unsigned char *buf, ptrdiff_t buf_size, const char *prefix)
1083{ 1083{
1084 ptrdiff_t prefix_length = strlen (prefix); 1084 ptrdiff_t prefix_length = strlen (prefix);
1085 ptrdiff_t retlen; 1085 ptrdiff_t retlen;
1086 if (INT_MULTIPLY_WRAPV (buf_size, 3, &retlen) 1086 if (ckd_mul (&retlen, buf_size, 3)
1087 || INT_ADD_WRAPV (prefix_length - (buf_size != 0), retlen, &retlen)) 1087 || ckd_add (&retlen, retlen, prefix_length - (buf_size != 0)))
1088 string_overflow (); 1088 string_overflow ();
1089 Lisp_Object ret = make_uninit_string (retlen); 1089 Lisp_Object ret = make_uninit_string (retlen);
1090 char *string = SSDATA (ret); 1090 char *string = SSDATA (ret);
@@ -2378,7 +2378,7 @@ gnutls_symmetric_aead (bool encrypting, gnutls_cipher_algorithm_t gca,
2378 2378
2379 ptrdiff_t cipher_tag_size = gnutls_cipher_get_tag_size (gca); 2379 ptrdiff_t cipher_tag_size = gnutls_cipher_get_tag_size (gca);
2380 ptrdiff_t tagged_size; 2380 ptrdiff_t tagged_size;
2381 if (INT_ADD_WRAPV (isize, cipher_tag_size, &tagged_size) 2381 if (ckd_add (&tagged_size, isize, cipher_tag_size)
2382 || SIZE_MAX < tagged_size) 2382 || SIZE_MAX < tagged_size)
2383 memory_full (SIZE_MAX); 2383 memory_full (SIZE_MAX);
2384 size_t storage_length = tagged_size; 2384 size_t storage_length = tagged_size;
diff --git a/src/gtkutil.c b/src/gtkutil.c
index 4cc0f9f15b4..22b2a70f279 100644
--- a/src/gtkutil.c
+++ b/src/gtkutil.c
@@ -694,8 +694,8 @@ get_utf8_string (const char *str)
694 694
695 len = strlen (str); 695 len = strlen (str);
696 ptrdiff_t alloc; 696 ptrdiff_t alloc;
697 if (INT_MULTIPLY_WRAPV (nr_bad, 4, &alloc) 697 if (ckd_mul (&alloc, nr_bad, 4)
698 || INT_ADD_WRAPV (len + 1, alloc, &alloc) 698 || ckd_add (&alloc, alloc, len + 1)
699 || SIZE_MAX < alloc) 699 || SIZE_MAX < alloc)
700 memory_full (SIZE_MAX); 700 memory_full (SIZE_MAX);
701 up = utf8_str = xmalloc (alloc); 701 up = utf8_str = xmalloc (alloc);
diff --git a/src/haikuterm.c b/src/haikuterm.c
index 8733b82fb2b..212870064e8 100644
--- a/src/haikuterm.c
+++ b/src/haikuterm.c
@@ -4420,7 +4420,7 @@ haiku_term_init (void)
4420 { 4420 {
4421 nbytes = sizeof "GNU Emacs" + sizeof " at "; 4421 nbytes = sizeof "GNU Emacs" + sizeof " at ";
4422 4422
4423 if (INT_ADD_WRAPV (nbytes, SBYTES (system_name), &nbytes)) 4423 if (ckd_add (&nbytes, nbytes, SBYTES (system_name)))
4424 memory_full (SIZE_MAX); 4424 memory_full (SIZE_MAX);
4425 4425
4426 name_buffer = alloca (nbytes); 4426 name_buffer = alloca (nbytes);
diff --git a/src/image.c b/src/image.c
index 8ee802a9d62..87a0c1ca497 100644
--- a/src/image.c
+++ b/src/image.c
@@ -4003,7 +4003,7 @@ xbm_scan (char **s, char *end, char *sval, int *ival)
4003 digit = char_hexdigit (c); 4003 digit = char_hexdigit (c);
4004 if (digit < 0) 4004 if (digit < 0)
4005 break; 4005 break;
4006 overflow |= INT_MULTIPLY_WRAPV (value, 16, &value); 4006 overflow |= ckd_mul (&value, value, 16);
4007 value += digit; 4007 value += digit;
4008 } 4008 }
4009 } 4009 }
@@ -4013,7 +4013,7 @@ xbm_scan (char **s, char *end, char *sval, int *ival)
4013 while (*s < end 4013 while (*s < end
4014 && (c = *(*s)++, '0' <= c && c <= '7')) 4014 && (c = *(*s)++, '0' <= c && c <= '7'))
4015 { 4015 {
4016 overflow |= INT_MULTIPLY_WRAPV (value, 8, &value); 4016 overflow |= ckd_mul (&value, value, 8);
4017 value += c - '0'; 4017 value += c - '0';
4018 } 4018 }
4019 } 4019 }
@@ -4024,8 +4024,8 @@ xbm_scan (char **s, char *end, char *sval, int *ival)
4024 while (*s < end 4024 while (*s < end
4025 && (c = *(*s)++, c_isdigit (c))) 4025 && (c = *(*s)++, c_isdigit (c)))
4026 { 4026 {
4027 overflow |= INT_MULTIPLY_WRAPV (value, 10, &value); 4027 overflow |= ckd_mul (&value, value, 10);
4028 overflow |= INT_ADD_WRAPV (value, c - '0', &value); 4028 overflow |= ckd_add (&value, value, c - '0');
4029 } 4029 }
4030 } 4030 }
4031 4031
@@ -4069,7 +4069,7 @@ xbm_scan (char **s, char *end, char *sval, int *ival)
4069 if (digit < 0) 4069 if (digit < 0)
4070 return 0; 4070 return 0;
4071 4071
4072 overflow |= INT_MULTIPLY_WRAPV (value, 16, &value); 4072 overflow |= ckd_mul (&value, value, 16);
4073 value += digit; 4073 value += digit;
4074 } 4074 }
4075 } 4075 }
@@ -6136,8 +6136,8 @@ image_to_emacs_colors (struct frame *f, struct image *img, bool rgb_p)
6136 HGDIOBJ prev; 6136 HGDIOBJ prev;
6137#endif /* HAVE_NTGUI */ 6137#endif /* HAVE_NTGUI */
6138 6138
6139 if (INT_MULTIPLY_WRAPV (sizeof *colors, img->width, &nbytes) 6139 if (ckd_mul (&nbytes, sizeof *colors, img->width)
6140 || INT_MULTIPLY_WRAPV (img->height, nbytes, &nbytes) 6140 || ckd_mul (&nbytes, nbytes, img->height)
6141 || SIZE_MAX < nbytes) 6141 || SIZE_MAX < nbytes)
6142 memory_full (SIZE_MAX); 6142 memory_full (SIZE_MAX);
6143 colors = xmalloc (nbytes); 6143 colors = xmalloc (nbytes);
@@ -6282,8 +6282,8 @@ image_detect_edges (struct frame *f, struct image *img,
6282 6282
6283#define COLOR(A, X, Y) ((A) + (Y) * img->width + (X)) 6283#define COLOR(A, X, Y) ((A) + (Y) * img->width + (X))
6284 6284
6285 if (INT_MULTIPLY_WRAPV (sizeof *new, img->width, &nbytes) 6285 if (ckd_mul (&nbytes, sizeof *new, img->width)
6286 || INT_MULTIPLY_WRAPV (img->height, nbytes, &nbytes)) 6286 || ckd_mul (&nbytes, nbytes, img->height))
6287 memory_full (SIZE_MAX); 6287 memory_full (SIZE_MAX);
6288 new = xmalloc (nbytes); 6288 new = xmalloc (nbytes);
6289 6289
@@ -7655,8 +7655,8 @@ png_load_body (struct frame *f, struct image *img, struct png_load_context *c)
7655 row_bytes = png_get_rowbytes (png_ptr, info_ptr); 7655 row_bytes = png_get_rowbytes (png_ptr, info_ptr);
7656 7656
7657 /* Allocate memory for the image. */ 7657 /* Allocate memory for the image. */
7658 if (INT_MULTIPLY_WRAPV (row_bytes, sizeof *pixels, &nbytes) 7658 if (ckd_mul (&nbytes, row_bytes, sizeof *pixels)
7659 || INT_MULTIPLY_WRAPV (nbytes, height, &nbytes)) 7659 || ckd_mul (&nbytes, nbytes, height))
7660 memory_full (SIZE_MAX); 7660 memory_full (SIZE_MAX);
7661 c->pixels = pixels = xmalloc (nbytes); 7661 c->pixels = pixels = xmalloc (nbytes);
7662 c->rows = rows = xmalloc (height * sizeof *rows); 7662 c->rows = rows = xmalloc (height * sizeof *rows);
diff --git a/src/keyboard.c b/src/keyboard.c
index b1ccf4acde4..14c55666768 100644
--- a/src/keyboard.c
+++ b/src/keyboard.c
@@ -11161,7 +11161,7 @@ DEFUN ("recursion-depth", Frecursion_depth, Srecursion_depth, 0, 0, 0,
11161 (void) 11161 (void)
11162{ 11162{
11163 EMACS_INT sum; 11163 EMACS_INT sum;
11164 INT_ADD_WRAPV (command_loop_level, minibuf_level, &sum); 11164 ckd_add (&sum, command_loop_level, minibuf_level);
11165 return make_fixnum (sum); 11165 return make_fixnum (sum);
11166} 11166}
11167 11167
diff --git a/src/keymap.c b/src/keymap.c
index 7f5777c9251..da2af98c2d6 100644
--- a/src/keymap.c
+++ b/src/keymap.c
@@ -1363,7 +1363,7 @@ recognize the default bindings, just as `read-key-sequence' does. */)
1363 { 1363 {
1364 USE_SAFE_ALLOCA; 1364 USE_SAFE_ALLOCA;
1365 ptrdiff_t size = SCHARS (key_item), n; 1365 ptrdiff_t size = SCHARS (key_item), n;
1366 if (INT_MULTIPLY_WRAPV (size, MAX_MULTIBYTE_LENGTH, &n)) 1366 if (ckd_mul (&n, size, MAX_MULTIBYTE_LENGTH))
1367 n = PTRDIFF_MAX; 1367 n = PTRDIFF_MAX;
1368 unsigned char *dst = SAFE_ALLOCA (n); 1368 unsigned char *dst = SAFE_ALLOCA (n);
1369 unsigned char *p = dst; 1369 unsigned char *p = dst;
@@ -1411,7 +1411,7 @@ recognize the default bindings, just as `read-key-sequence' does. */)
1411 1411
1412 USE_SAFE_ALLOCA; 1412 USE_SAFE_ALLOCA;
1413 ptrdiff_t size = SCHARS (lc_key), n; 1413 ptrdiff_t size = SCHARS (lc_key), n;
1414 if (INT_MULTIPLY_WRAPV (size, MAX_MULTIBYTE_LENGTH, &n)) 1414 if (ckd_mul (&n, size, MAX_MULTIBYTE_LENGTH))
1415 n = PTRDIFF_MAX; 1415 n = PTRDIFF_MAX;
1416 unsigned char *dst = SAFE_ALLOCA (n); 1416 unsigned char *dst = SAFE_ALLOCA (n);
1417 1417
@@ -2097,7 +2097,7 @@ For an approximate inverse of this, see `kbd'. */)
2097 2097
2098 /* This has one extra element at the end that we don't pass to Fconcat. */ 2098 /* This has one extra element at the end that we don't pass to Fconcat. */
2099 ptrdiff_t size4; 2099 ptrdiff_t size4;
2100 if (INT_MULTIPLY_WRAPV (nkeys + nprefix, 4, &size4)) 2100 if (ckd_mul (&size4, nkeys + nprefix, 4))
2101 memory_full (SIZE_MAX); 2101 memory_full (SIZE_MAX);
2102 SAFE_ALLOCA_LISP (args, size4); 2102 SAFE_ALLOCA_LISP (args, size4);
2103 2103
diff --git a/src/lisp.h b/src/lisp.h
index 57c1c7395c1..2bfcd1a1983 100644
--- a/src/lisp.h
+++ b/src/lisp.h
@@ -23,6 +23,7 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
23#include <alloca.h> 23#include <alloca.h>
24#include <setjmp.h> 24#include <setjmp.h>
25#include <stdarg.h> 25#include <stdarg.h>
26#include <stdckdint.h>
26#include <stddef.h> 27#include <stddef.h>
27#include <string.h> 28#include <string.h>
28#include <float.h> 29#include <float.h>
@@ -3927,7 +3928,7 @@ modiff_incr (modiff_count *a, ptrdiff_t len)
3927 increasing it too much. */ 3928 increasing it too much. */
3928 verify (PTRDIFF_MAX <= ULLONG_MAX); 3929 verify (PTRDIFF_MAX <= ULLONG_MAX);
3929 int incr = len == 0 ? 1 : elogb (len) + 1; 3930 int incr = len == 0 ? 1 : elogb (len) + 1;
3930 bool modiff_overflow = INT_ADD_WRAPV (a0, incr, a); 3931 bool modiff_overflow = ckd_add (a, a0, incr);
3931 eassert (!modiff_overflow && *a >> 30 >> 30 == 0); 3932 eassert (!modiff_overflow && *a >> 30 >> 30 == 0);
3932 return a0; 3933 return a0;
3933} 3934}
@@ -5422,8 +5423,8 @@ safe_free_unbind_to (specpdl_ref count, specpdl_ref sa_count, Lisp_Object val)
5422#define SAFE_ALLOCA_LISP_EXTRA(buf, nelt, extra) \ 5423#define SAFE_ALLOCA_LISP_EXTRA(buf, nelt, extra) \
5423 do { \ 5424 do { \
5424 ptrdiff_t alloca_nbytes; \ 5425 ptrdiff_t alloca_nbytes; \
5425 if (INT_MULTIPLY_WRAPV (nelt, word_size, &alloca_nbytes) \ 5426 if (ckd_mul (&alloca_nbytes, nelt, word_size) \
5426 || INT_ADD_WRAPV (alloca_nbytes, extra, &alloca_nbytes) \ 5427 || ckd_add (&alloca_nbytes, alloca_nbytes, extra) \
5427 || SIZE_MAX < alloca_nbytes) \ 5428 || SIZE_MAX < alloca_nbytes) \
5428 memory_full (SIZE_MAX); \ 5429 memory_full (SIZE_MAX); \
5429 else if (alloca_nbytes <= sa_avail) \ 5430 else if (alloca_nbytes <= sa_avail) \
diff --git a/src/lread.c b/src/lread.c
index 4f1d29d80b2..d2e544afef9 100644
--- a/src/lread.c
+++ b/src/lread.c
@@ -3377,8 +3377,8 @@ read_bool_vector (Lisp_Object readcharfun)
3377 invalid_syntax ("#&", readcharfun); 3377 invalid_syntax ("#&", readcharfun);
3378 break; 3378 break;
3379 } 3379 }
3380 if (INT_MULTIPLY_WRAPV (length, 10, &length) 3380 if (ckd_mul (&length, length, 10)
3381 || INT_ADD_WRAPV (length, c - '0', &length)) 3381 || ckd_add (&length, length, c - '0'))
3382 invalid_syntax ("#&", readcharfun); 3382 invalid_syntax ("#&", readcharfun);
3383 } 3383 }
3384 3384
@@ -3423,8 +3423,8 @@ skip_lazy_string (Lisp_Object readcharfun)
3423 UNREAD (c); 3423 UNREAD (c);
3424 break; 3424 break;
3425 } 3425 }
3426 if (INT_MULTIPLY_WRAPV (nskip, 10, &nskip) 3426 if (ckd_mul (&nskip, nskip, 10)
3427 || INT_ADD_WRAPV (nskip, c - '0', &nskip)) 3427 || ckd_add (&nskip, nskip, c - '0'))
3428 invalid_syntax ("#@", readcharfun); 3428 invalid_syntax ("#@", readcharfun);
3429 digits++; 3429 digits++;
3430 if (digits == 2 && nskip == 0) 3430 if (digits == 2 && nskip == 0)
@@ -3988,8 +3988,8 @@ read0 (Lisp_Object readcharfun, bool locate_syms)
3988 c = READCHAR; 3988 c = READCHAR;
3989 if (c < '0' || c > '9') 3989 if (c < '0' || c > '9')
3990 break; 3990 break;
3991 if (INT_MULTIPLY_WRAPV (n, 10, &n) 3991 if (ckd_mul (&n, n, 10)
3992 || INT_ADD_WRAPV (n, c - '0', &n)) 3992 || ckd_add (&n, n, c - '0'))
3993 invalid_syntax ("#", readcharfun); 3993 invalid_syntax ("#", readcharfun);
3994 } 3994 }
3995 if (c == 'r' || c == 'R') 3995 if (c == 'r' || c == 'R')
diff --git a/src/pgtkterm.c b/src/pgtkterm.c
index 6cb1a3a4626..b8c626d81d8 100644
--- a/src/pgtkterm.c
+++ b/src/pgtkterm.c
@@ -6832,8 +6832,7 @@ pgtk_term_init (Lisp_Object display_name, char *resource_name)
6832 6832
6833 Lisp_Object system_name = Fsystem_name (); 6833 Lisp_Object system_name = Fsystem_name ();
6834 ptrdiff_t nbytes; 6834 ptrdiff_t nbytes;
6835 if (INT_ADD_WRAPV (SBYTES (Vinvocation_name), SBYTES (system_name) + 2, 6835 if (ckd_add (&nbytes, SBYTES (Vinvocation_name), SBYTES (system_name) + 2))
6836 &nbytes))
6837 memory_full (SIZE_MAX); 6836 memory_full (SIZE_MAX);
6838 dpyinfo->x_id = ++x_display_id; 6837 dpyinfo->x_id = ++x_display_id;
6839 dpyinfo->x_id_name = xmalloc (nbytes); 6838 dpyinfo->x_id_name = xmalloc (nbytes);
diff --git a/src/regex-emacs.c b/src/regex-emacs.c
index 746779490ad..e3237cd425a 100644
--- a/src/regex-emacs.c
+++ b/src/regex-emacs.c
@@ -2202,9 +2202,8 @@ regex_compile (re_char *pattern, ptrdiff_t size,
2202 FALLTHROUGH; 2202 FALLTHROUGH;
2203 case '1': case '2': case '3': case '4': 2203 case '1': case '2': case '3': case '4':
2204 case '5': case '6': case '7': case '8': case '9': 2204 case '5': case '6': case '7': case '8': case '9':
2205 if (INT_MULTIPLY_WRAPV (regnum, 10, &regnum) 2205 if (ckd_mul (&regnum, regnum, 10)
2206 || INT_ADD_WRAPV (regnum, c - '0', 2206 || ckd_add (&regnum, regnum, c - '0'))
2207 &regnum))
2208 FREE_STACK_RETURN (REG_ESIZE); 2207 FREE_STACK_RETURN (REG_ESIZE);
2209 break; 2208 break;
2210 default: 2209 default:
diff --git a/src/term.c b/src/term.c
index 2b28d3303e8..4df3de8f4a5 100644
--- a/src/term.c
+++ b/src/term.c
@@ -533,7 +533,7 @@ encode_terminal_code (struct glyph *src, int src_len,
533 multibyte-form. But, it may be enlarged on demand if 533 multibyte-form. But, it may be enlarged on demand if
534 Vglyph_table contains a string or a composite glyph is 534 Vglyph_table contains a string or a composite glyph is
535 encountered. */ 535 encountered. */
536 if (INT_MULTIPLY_WRAPV (src_len, MAX_MULTIBYTE_LENGTH, &required)) 536 if (ckd_mul (&required, src_len, MAX_MULTIBYTE_LENGTH))
537 memory_full (SIZE_MAX); 537 memory_full (SIZE_MAX);
538 if (encode_terminal_src_size < required) 538 if (encode_terminal_src_size < required)
539 encode_terminal_src = xpalloc (encode_terminal_src, 539 encode_terminal_src = xpalloc (encode_terminal_src,
diff --git a/src/termcap.c b/src/termcap.c
index d2688b3838d..1e989b6e2de 100644
--- a/src/termcap.c
+++ b/src/termcap.c
@@ -296,7 +296,7 @@ tputs (register const char *str, int nlines, int (*outfun) (int))
296 BAUD_RATE is measured in characters per 10 seconds. 296 BAUD_RATE is measured in characters per 10 seconds.
297 Compute PADFACTOR = 100000 * (how many padding bytes are needed). */ 297 Compute PADFACTOR = 100000 * (how many padding bytes are needed). */
298 intmax_t padfactor; 298 intmax_t padfactor;
299 if (INT_MULTIPLY_WRAPV (padcount, baud_rate, &padfactor)) 299 if (ckd_mul (&padfactor, padcount, baud_rate))
300 padfactor = baud_rate < 0 ? INTMAX_MIN : INTMAX_MAX; 300 padfactor = baud_rate < 0 ? INTMAX_MIN : INTMAX_MAX;
301 301
302 for (; 50000 <= padfactor; padfactor -= 100000) 302 for (; 50000 <= padfactor; padfactor -= 100000)
diff --git a/src/textconv.c b/src/textconv.c
index d5db6d11717..7ed8ede3544 100644
--- a/src/textconv.c
+++ b/src/textconv.c
@@ -125,7 +125,7 @@ textconv_query (struct frame *f, struct textconv_callback_struct *query)
125 overflows, move back to point or to the extremes of the 125 overflows, move back to point or to the extremes of the
126 accessible region. */ 126 accessible region. */
127 127
128 if (INT_ADD_WRAPV (pos, query->position, &pos)) 128 if (ckd_add (&pos, pos, query->position))
129 pos = PT; 129 pos = PT;
130 130
131 if (pos < BEGV) 131 if (pos < BEGV)
@@ -145,7 +145,7 @@ textconv_query (struct frame *f, struct textconv_callback_struct *query)
145 { 145 {
146 case TEXTCONV_FORWARD_CHAR: 146 case TEXTCONV_FORWARD_CHAR:
147 /* Move forward by query->factor characters. */ 147 /* Move forward by query->factor characters. */
148 if (INT_ADD_WRAPV (pos, query->factor, &end) || end > ZV) 148 if (ckd_add (&end, pos, query->factor) || end > ZV)
149 end = ZV; 149 end = ZV;
150 150
151 end_byte = CHAR_TO_BYTE (end); 151 end_byte = CHAR_TO_BYTE (end);
@@ -153,7 +153,7 @@ textconv_query (struct frame *f, struct textconv_callback_struct *query)
153 153
154 case TEXTCONV_BACKWARD_CHAR: 154 case TEXTCONV_BACKWARD_CHAR:
155 /* Move backward by query->factor characters. */ 155 /* Move backward by query->factor characters. */
156 if (INT_SUBTRACT_WRAPV (pos, query->factor, &end) || end < BEGV) 156 if (ckd_sub (&end, pos, query->factor) || end < BEGV)
157 end = BEGV; 157 end = BEGV;
158 158
159 end_byte = CHAR_TO_BYTE (end); 159 end_byte = CHAR_TO_BYTE (end);
diff --git a/src/timefns.c b/src/timefns.c
index 87971cf4563..151f5b482a3 100644
--- a/src/timefns.c
+++ b/src/timefns.c
@@ -514,8 +514,8 @@ timespec_ticks (struct timespec t)
514 /* For speed, use intmax_t arithmetic if it will do. */ 514 /* For speed, use intmax_t arithmetic if it will do. */
515 intmax_t accum; 515 intmax_t accum;
516 if (FASTER_TIMEFNS 516 if (FASTER_TIMEFNS
517 && !INT_MULTIPLY_WRAPV (t.tv_sec, TIMESPEC_HZ, &accum) 517 && !ckd_mul (&accum, t.tv_sec, TIMESPEC_HZ)
518 && !INT_ADD_WRAPV (t.tv_nsec, accum, &accum)) 518 && !ckd_add (&accum, accum, t.tv_nsec))
519 return make_int (accum); 519 return make_int (accum);
520 520
521 /* Fall back on bignum arithmetic. */ 521 /* Fall back on bignum arithmetic. */
@@ -543,7 +543,7 @@ lisp_time_hz_ticks (struct lisp_time t, Lisp_Object hz)
543 /* For speed, use intmax_t arithmetic if it will do. */ 543 /* For speed, use intmax_t arithmetic if it will do. */
544 intmax_t ticks; 544 intmax_t ticks;
545 if (FASTER_TIMEFNS && FIXNUMP (t.ticks) && FIXNUMP (t.hz) 545 if (FASTER_TIMEFNS && FIXNUMP (t.ticks) && FIXNUMP (t.hz)
546 && !INT_MULTIPLY_WRAPV (XFIXNUM (t.ticks), XFIXNUM (hz), &ticks)) 546 && !ckd_mul (&ticks, XFIXNUM (t.ticks), XFIXNUM (hz)))
547 return make_int (ticks / XFIXNUM (t.hz) 547 return make_int (ticks / XFIXNUM (t.hz)
548 - (ticks % XFIXNUM (t.hz) < 0)); 548 - (ticks % XFIXNUM (t.hz) < 0));
549 } 549 }
@@ -1557,12 +1557,10 @@ usage: (decode-time &optional TIME ZONE FORM) */)
1557 Lisp_Object ticks; 1557 Lisp_Object ticks;
1558 intmax_t n; 1558 intmax_t n;
1559 if (FASTER_TIMEFNS && FIXNUMP (lt.ticks) && FIXNUMP (hz) 1559 if (FASTER_TIMEFNS && FIXNUMP (lt.ticks) && FIXNUMP (hz)
1560 && !INT_MULTIPLY_WRAPV (XFIXNUM (hz), local_tm.tm_sec, &n) 1560 && !ckd_mul (&n, XFIXNUM (hz), local_tm.tm_sec)
1561 && ! (INT_ADD_WRAPV 1561 && !ckd_add (&n, n, (XFIXNUM (lt.ticks) % XFIXNUM (hz)
1562 (n, (XFIXNUM (lt.ticks) % XFIXNUM (hz) 1562 + (XFIXNUM (lt.ticks) % XFIXNUM (hz) < 0
1563 + (XFIXNUM (lt.ticks) % XFIXNUM (hz) < 0 1563 ? XFIXNUM (hz) : 0))))
1564 ? XFIXNUM (hz) : 0)),
1565 &n)))
1566 ticks = make_int (n); 1564 ticks = make_int (n);
1567 else 1565 else
1568 { 1566 {
@@ -1603,7 +1601,7 @@ check_tm_member (Lisp_Object obj, int offset)
1603 CHECK_FIXNUM (obj); 1601 CHECK_FIXNUM (obj);
1604 EMACS_INT n = XFIXNUM (obj); 1602 EMACS_INT n = XFIXNUM (obj);
1605 int i; 1603 int i;
1606 if (INT_SUBTRACT_WRAPV (n, offset, &i)) 1604 if (ckd_sub (&i, n, offset))
1607 time_overflow (); 1605 time_overflow ();
1608 return i; 1606 return i;
1609 } 1607 }
diff --git a/src/tparam.c b/src/tparam.c
index 1a5eab37452..a0d2ee74d99 100644
--- a/src/tparam.c
+++ b/src/tparam.c
@@ -173,8 +173,7 @@ tparam1 (const char *string, char *outstring, int len,
173 doup++, append_len_incr = strlen (up); 173 doup++, append_len_incr = strlen (up);
174 else 174 else
175 doleft++, append_len_incr = strlen (left); 175 doleft++, append_len_incr = strlen (left);
176 if (INT_ADD_WRAPV (append_len_incr, 176 if (ckd_add (&append_len, append_len, append_len_incr))
177 append_len, &append_len))
178 memory_full (SIZE_MAX); 177 memory_full (SIZE_MAX);
179 } 178 }
180 } 179 }
diff --git a/src/w32term.c b/src/w32term.c
index 2899e82b295..57dc6b465e4 100644
--- a/src/w32term.c
+++ b/src/w32term.c
@@ -7378,7 +7378,7 @@ w32_initialize_display_info (Lisp_Object display_name)
7378 { 7378 {
7379 static char const at[] = " at "; 7379 static char const at[] = " at ";
7380 ptrdiff_t nbytes = sizeof (title) + sizeof (at); 7380 ptrdiff_t nbytes = sizeof (title) + sizeof (at);
7381 if (INT_ADD_WRAPV (nbytes, SCHARS (Vsystem_name), &nbytes)) 7381 if (ckd_add (&nbytes, nbytes, SCHARS (Vsystem_name)))
7382 memory_full (SIZE_MAX); 7382 memory_full (SIZE_MAX);
7383 dpyinfo->w32_id_name = xmalloc (nbytes); 7383 dpyinfo->w32_id_name = xmalloc (nbytes);
7384 sprintf (dpyinfo->w32_id_name, "%s%s%s", title, at, SDATA (Vsystem_name)); 7384 sprintf (dpyinfo->w32_id_name, "%s%s%s", title, at, SDATA (Vsystem_name));
diff --git a/src/xdisp.c b/src/xdisp.c
index 982e1b3c103..e31533b3680 100644
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -602,8 +602,8 @@ fill_column_indicator_column (struct it *it, int char_width)
602 if (RANGED_FIXNUMP (0, col, INT_MAX)) 602 if (RANGED_FIXNUMP (0, col, INT_MAX))
603 { 603 {
604 int icol = XFIXNUM (col); 604 int icol = XFIXNUM (col);
605 if (!INT_MULTIPLY_WRAPV (char_width, icol, &icol) 605 if (!ckd_mul (&icol, icol, char_width)
606 && !INT_ADD_WRAPV (it->lnum_pixel_width, icol, &icol)) 606 && !ckd_add (&icol, icol, it->lnum_pixel_width))
607 return icol; 607 return icol;
608 } 608 }
609 } 609 }
@@ -28216,9 +28216,8 @@ decode_mode_spec (struct window *w, register int c, int field_width,
28216 ptrdiff_t position; 28216 ptrdiff_t position;
28217 ptrdiff_t distance 28217 ptrdiff_t distance
28218 = (line_number_display_limit_width < 0 ? 0 28218 = (line_number_display_limit_width < 0 ? 0
28219 : INT_MULTIPLY_WRAPV (line_number_display_limit_width, 28219 : ckd_mul (&distance, line_number_display_limit_width,
28220 height * 2 + 30, 28220 height * 2 + 30)
28221 &distance)
28222 ? PTRDIFF_MAX : distance); 28221 ? PTRDIFF_MAX : distance);
28223 28222
28224 if (startpos - distance > limit) 28223 if (startpos - distance > limit)
diff --git a/src/xselect.c b/src/xselect.c
index 0586e46870b..40be6d4c00c 100644
--- a/src/xselect.c
+++ b/src/xselect.c
@@ -744,13 +744,13 @@ selection_data_size (struct selection_data *data)
744 return (size_t) data->size; 744 return (size_t) data->size;
745 745
746 case 16: 746 case 16:
747 if (INT_MULTIPLY_WRAPV (data->size, 2, &scratch)) 747 if (ckd_mul (&scratch, data->size, 2))
748 return SIZE_MAX; 748 return SIZE_MAX;
749 749
750 return scratch; 750 return scratch;
751 751
752 case 32: 752 case 32:
753 if (INT_MULTIPLY_WRAPV (data->size, 4, &scratch)) 753 if (ckd_mul (&scratch, data->size, 4))
754 return SIZE_MAX; 754 return SIZE_MAX;
755 755
756 return scratch; 756 return scratch;
@@ -3027,7 +3027,7 @@ x_property_data_to_lisp (struct frame *f, const unsigned char *data,
3027{ 3027{
3028 ptrdiff_t format_bytes = format >> 3; 3028 ptrdiff_t format_bytes = format >> 3;
3029 ptrdiff_t data_bytes; 3029 ptrdiff_t data_bytes;
3030 if (INT_MULTIPLY_WRAPV (size, format_bytes, &data_bytes)) 3030 if (ckd_mul (&data_bytes, size, format_bytes))
3031 memory_full (SIZE_MAX); 3031 memory_full (SIZE_MAX);
3032 return selection_data_to_lisp_data (FRAME_DISPLAY_INFO (f), data, 3032 return selection_data_to_lisp_data (FRAME_DISPLAY_INFO (f), data,
3033 data_bytes, type, format); 3033 data_bytes, type, format);
diff --git a/src/xsmfns.c b/src/xsmfns.c
index 799c9fd1053..3cf5165242e 100644
--- a/src/xsmfns.c
+++ b/src/xsmfns.c
@@ -223,7 +223,7 @@ smc_save_yourself_CB (SmcConn smcConn,
223 props[props_idx]->name = xstrdup (SmRestartCommand); 223 props[props_idx]->name = xstrdup (SmRestartCommand);
224 props[props_idx]->type = xstrdup (SmLISTofARRAY8); 224 props[props_idx]->type = xstrdup (SmLISTofARRAY8);
225 /* /path/to/emacs, --smid=xxx --no-splash --chdir=dir ... */ 225 /* /path/to/emacs, --smid=xxx --no-splash --chdir=dir ... */
226 if (INT_ADD_WRAPV (initial_argc, 3, &i)) 226 if (ckd_add (&i, initial_argc, 3))
227 memory_full (SIZE_MAX); 227 memory_full (SIZE_MAX);
228 props[props_idx]->num_vals = i; 228 props[props_idx]->num_vals = i;
229 vp = xnmalloc (i, sizeof *vp); 229 vp = xnmalloc (i, sizeof *vp);
diff --git a/src/xterm.c b/src/xterm.c
index 0899fcdc2d6..15bd9f98d17 100644
--- a/src/xterm.c
+++ b/src/xterm.c
@@ -2322,13 +2322,10 @@ xm_setup_dnd_targets (struct x_display_info *dpyinfo,
2322 target_count = header.target_list_count; 2322 target_count = header.target_list_count;
2323 rc = false; 2323 rc = false;
2324 2324
2325 if (INT_ADD_WRAPV (header.target_list_count, 1, 2325 if (ckd_add (&header.target_list_count, header.target_list_count, 1)
2326 &header.target_list_count) 2326 || ckd_mul (&size, ntargets, 4)
2327 || INT_MULTIPLY_WRAPV (ntargets, 4, &size) 2327 || ckd_add (&header.total_data_size, header.total_data_size, size)
2328 || INT_ADD_WRAPV (header.total_data_size, size, 2328 || ckd_add (&header.total_data_size, header.total_data_size, 2))
2329 &header.total_data_size)
2330 || INT_ADD_WRAPV (header.total_data_size, 2,
2331 &header.total_data_size))
2332 { 2329 {
2333 /* Overflow, remove every entry from the targets table 2330 /* Overflow, remove every entry from the targets table
2334 and add one for our current targets list. This 2331 and add one for our current targets list. This
@@ -6949,8 +6946,7 @@ x_sync_get_monotonic_time (struct x_display_info *dpyinfo,
6949 return 0; 6946 return 0;
6950 6947
6951 uint_fast64_t t; 6948 uint_fast64_t t;
6952 return (INT_SUBTRACT_WRAPV (timestamp, dpyinfo->server_time_offset, &t) 6949 return ckd_sub (&t, timestamp, dpyinfo->server_time_offset) ? 0 : t;
6953 ? 0 : t);
6954} 6950}
6955 6951
6956# ifndef CLOCK_MONOTONIC 6952# ifndef CLOCK_MONOTONIC
@@ -6968,8 +6964,8 @@ x_sync_current_monotonic_time (void)
6968 return (((clock_gettime (CLOCK_MONOTONIC, &time) != 0 6964 return (((clock_gettime (CLOCK_MONOTONIC, &time) != 0
6969 && (CLOCK_MONOTONIC == CLOCK_REALTIME 6965 && (CLOCK_MONOTONIC == CLOCK_REALTIME
6970 || clock_gettime (CLOCK_REALTIME, &time) != 0)) 6966 || clock_gettime (CLOCK_REALTIME, &time) != 0))
6971 || INT_MULTIPLY_WRAPV (time.tv_sec, 1000000, &t) 6967 || ckd_mul (&t, time.tv_sec, 1000000)
6972 || INT_ADD_WRAPV (t, time.tv_nsec / 1000, &t)) 6968 || ckd_add (&t, t, time.tv_nsec / 1000))
6973 ? 0 : t); 6969 ? 0 : t);
6974} 6970}
6975 6971
@@ -6990,8 +6986,7 @@ x_sync_note_frame_times (struct x_display_info *dpyinfo,
6990 time = x_sync_get_monotonic_time (dpyinfo, low | (high << 32)); 6986 time = x_sync_get_monotonic_time (dpyinfo, low | (high << 32));
6991 6987
6992 if (!time || !output->temp_frame_time 6988 if (!time || !output->temp_frame_time
6993 || INT_SUBTRACT_WRAPV (time, output->temp_frame_time, 6989 || ckd_sub (&output->last_frame_time, time, output->temp_frame_time))
6994 &output->last_frame_time))
6995 output->last_frame_time = 0; 6990 output->last_frame_time = 0;
6996 6991
6997#ifdef FRAME_DEBUG 6992#ifdef FRAME_DEBUG
@@ -7967,7 +7962,7 @@ x_display_set_last_user_time (struct x_display_info *dpyinfo, Time time,
7967 7962
7968 dpyinfo->server_time_monotonic_p 7963 dpyinfo->server_time_monotonic_p
7969 = (monotonic_time != 0 7964 = (monotonic_time != 0
7970 && !INT_SUBTRACT_WRAPV (time, monotonic_ms, &diff_ms) 7965 && !ckd_sub (&diff_ms, time, monotonic_ms)
7971 && -500 < diff_ms && diff_ms < 500); 7966 && -500 < diff_ms && diff_ms < 500);
7972 7967
7973 if (!dpyinfo->server_time_monotonic_p) 7968 if (!dpyinfo->server_time_monotonic_p)
@@ -7976,10 +7971,9 @@ x_display_set_last_user_time (struct x_display_info *dpyinfo, Time time,
7976 time to estimate the monotonic time on the X server. */ 7971 time to estimate the monotonic time on the X server. */
7977 7972
7978 if (!monotonic_time 7973 if (!monotonic_time
7979 || INT_MULTIPLY_WRAPV (time, 1000, &dpyinfo->server_time_offset) 7974 || ckd_mul (&dpyinfo->server_time_offset, time, 1000)
7980 || INT_SUBTRACT_WRAPV (dpyinfo->server_time_offset, 7975 || ckd_sub (&dpyinfo->server_time_offset,
7981 monotonic_time, 7976 dpyinfo->server_time_offset, monotonic_time))
7982 &dpyinfo->server_time_offset))
7983 dpyinfo->server_time_offset = 0; 7977 dpyinfo->server_time_offset = 0;
7984 7978
7985 /* If the server time is reasonably close to the monotonic 7979 /* If the server time is reasonably close to the monotonic
@@ -7988,18 +7982,18 @@ x_display_set_last_user_time (struct x_display_info *dpyinfo, Time time,
7988 actual time in ms. */ 7982 actual time in ms. */
7989 7983
7990 monotonic_ms = monotonic_ms & 0xffffffff; 7984 monotonic_ms = monotonic_ms & 0xffffffff;
7991 if (!INT_SUBTRACT_WRAPV (time, monotonic_ms, &diff_ms) 7985 if (!ckd_sub (&diff_ms, time, monotonic_ms)
7992 && -500 < diff_ms && diff_ms < 500) 7986 && -500 < diff_ms && diff_ms < 500)
7993 { 7987 {
7994 /* The server timestamp overflowed. Make the time 7988 /* The server timestamp overflowed. Make the time
7995 offset exactly how much it overflowed by. */ 7989 offset exactly how much it overflowed by. */
7996 7990
7997 if (INT_SUBTRACT_WRAPV (monotonic_time / 1000, monotonic_ms, 7991 if (ckd_sub (&dpyinfo->server_time_offset,
7998 &dpyinfo->server_time_offset) 7992 monotonic_time / 1000, monotonic_ms)
7999 || INT_MULTIPLY_WRAPV (dpyinfo->server_time_offset, 7993 || ckd_mul (&dpyinfo->server_time_offset,
8000 1000, &dpyinfo->server_time_offset) 7994 dpyinfo->server_time_offset, 1000)
8001 || INT_SUBTRACT_WRAPV (0, dpyinfo->server_time_offset, 7995 || ckd_sub (&dpyinfo->server_time_offset,
8002 &dpyinfo->server_time_offset)) 7996 0, dpyinfo->server_time_offset))
8003 dpyinfo->server_time_offset = 0; 7997 dpyinfo->server_time_offset = 0;
8004 } 7998 }
8005 } 7999 }
@@ -30199,7 +30193,7 @@ x_term_init (Lisp_Object display_name, char *xrm_option, char *resource_name)
30199 { 30193 {
30200 static char const at[] = " at "; 30194 static char const at[] = " at ";
30201 ptrdiff_t nbytes = sizeof (title) + sizeof (at); 30195 ptrdiff_t nbytes = sizeof (title) + sizeof (at);
30202 if (INT_ADD_WRAPV (nbytes, SBYTES (system_name), &nbytes)) 30196 if (ckd_add (&nbytes, nbytes, SBYTES (system_name)))
30203 memory_full (SIZE_MAX); 30197 memory_full (SIZE_MAX);
30204 dpyinfo->x_id_name = xmalloc (nbytes); 30198 dpyinfo->x_id_name = xmalloc (nbytes);
30205 sprintf (dpyinfo->x_id_name, "%s%s%s", title, at, SDATA (system_name)); 30199 sprintf (dpyinfo->x_id_name, "%s%s%s", title, at, SDATA (system_name));
generated by cgit v1.2.1 (git 2.18.0) at 2026-01-12 12:04:44 +0000