Merge: Cons<->int and similar integer overflow fixes.

author: Paul Eggert 2011-06-06 11:36:36 -0700
committer: Paul Eggert 2011-06-06 11:36:36 -0700
commit: 0c1477cd00313d6aa13c40550a0b413a01d188c6 (patch)
tree: fecfa94a4e32d8bbe5d7c62f38ccbbc030bbe4ac /src/ChangeLog
parent: d6d100dd7c48e124ca9ce4bbb761f24b8e052493 (diff)
parent: 695e5b41ac15af4bcd635606db86995900617057 (diff)
download: emacs-0c1477cd00313d6aa13c40550a0b413a01d188c6.tar.gz
emacs-0c1477cd00313d6aa13c40550a0b413a01d188c6.zip
1 files changed, 79 insertions, 0 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 44dc1939db9..08a008d0c98 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,82 @@
+2011-06-06  Paul Eggert  <eggert@cs.ucla.edu>
+        Cons<->int and similar integer overflow fixes.
+        Check for overflow when converting integer to cons and back.
+        * charset.c (Fdefine_charset_internal, Fdecode_char):
+        Use cons_to_unsigned to catch overflow.
+        (Fencode_char): Use INTEGER_TO_CONS.
+        * composite.h (LGLYPH_CODE): Use cons_to_unsigned.
+        (LGLYPH_SET_CODE): Use INTEGER_TO_CONS.
+        * data.c (long_to_cons, cons_to_long): Remove.
+        (cons_to_unsigned, cons_to_signed): New functions.
+        These signal an error for invalid or out-of-range values.
+        * dired.c (Ffile_attributes): Use INTEGER_TO_CONS.
+        * fileio.c (Fset_visited_file_modtime): Use CONS_TO_INTEGER.
+        * font.c (Ffont_variation_glyphs):
+        * fontset.c (Finternal_char_font): Use INTEGER_TO_CONS.
+        * lisp.h: Include <intprops.h>.
+        (INTEGER_TO_CONS, CONS_TO_INTEGER): New macros.
+        (cons_to_signed, cons_to_unsigned): New decls.
+        (long_to_cons, cons_to_long): Remove decls.
+        * undo.c (record_first_change): Use INTEGER_TO_CONS.
+        (Fprimitive_undo): Use CONS_TO_INTEGER.
+        * xfns.c (Fx_window_property): Likewise.
+        * xselect.c: Include <limits.h>.
+        (x_own_selection, selection_data_to_lisp_data):
+        Use INTEGER_TO_CONS.
+        (x_handle_selection_request, x_handle_selection_clear)
+        (x_get_foreign_selection, Fx_disown_selection_internal)
+        (Fx_get_atom_name, x_send_client_event): Use CONS_TO_INTEGER.
+        (lisp_data_to_selection_data): Use cons_to_unsigned.
+        (x_fill_property_data): Use cons_to_signed.
+        Report values out of range.
+        Check for buffer and string overflow more precisely.
+        * buffer.h (BUF_BYTES_MAX): New macro.
+        * lisp.h (STRING_BYTES_MAX): New macro.
+        * alloc.c (Fmake_string):
+        * character.c (string_escape_byte8):
+        * coding.c (coding_alloc_by_realloc):
+        * doprnt.c (doprnt):
+        * editfns.c (Fformat):
+        * eval.c (verror):
+        Use STRING_BYTES_MAX, not MOST_POSITIVE_FIXNUM,
+        since they may not be the same number.
+        * editfns.c (Finsert_char):
+        * fileio.c (Finsert_file_contents):
+        Likewise for BUF_BYTES_MAX.
+        * image.c: Use ptrdiff_t, not int, for sizes.
+        (slurp_file): Switch from int to ptrdiff_t.
+        All uses changed.
+        (slurp_file): Check that file size fits in both size_t (for
+        malloc) and ptrdiff_t (for sanity and safety).
+        * fileio.c (Fverify_visited_file_modtime): Avoid time overflow
+        if b->modtime has its maximal value.
+        * dired.c (Ffile_attributes): Don't assume EMACS_INT has >32 bits.
+        Don't assume time_t can fit into int.
+        * buffer.h (struct buffer.modtime): Now time_t, not int.
+        * fileio.c (Fvisited_file_modtime): No need for time_t cast now.
+        * undo.c (Fprimitive_undo): Use time_t, not int, for time_t value.
+        Minor fixes for signed vs unsigned integers.
+        * character.h (MAYBE_UNIFY_CHAR):
+        * charset.c (maybe_unify_char):
+        * keyboard.c (read_char, reorder_modifiers):
+        XINT -> XFASTINT, since the integer must be nonnegative.
+        * ftfont.c (ftfont_spec_pattern):
+        * keymap.c (access_keymap, silly_event_symbol_error):
+        XUINT -> XFASTINT, since the integer must be nonnegative.
+        (Fsingle_key_description, preferred_sequence_p): XUINT -> XINT,
+        since it makes no difference and we prefer signed.
+        * keyboard.c (record_char): Use XUINT when all the neighbors do.
+        (access_keymap): NATNUMP -> INTEGERP, since the integer must be
+        nonnegative.
 2011-06-06  Stefan Monnier  <monnier@iro.umontreal.ca>
        * window.h (Fwindow_frame): Declare.
author	Paul Eggert	2011-06-06 11:36:36 -0700
committer	Paul Eggert	2011-06-06 11:36:36 -0700
commit	0c1477cd00313d6aa13c40550a0b413a01d188c6 (patch)
tree	fecfa94a4e32d8bbe5d7c62f38ccbbc030bbe4ac /src/ChangeLog
parent	d6d100dd7c48e124ca9ce4bbb761f24b8e052493 (diff)
parent	695e5b41ac15af4bcd635606db86995900617057 (diff)
download	emacs-0c1477cd00313d6aa13c40550a0b413a01d188c6.tar.gz emacs-0c1477cd00313d6aa13c40550a0b413a01d188c6.zip

diff --git a/src/ChangeLog b/src/ChangeLog index 44dc1939db9..08a008d0c98 100644 --- a/src/ChangeLog +++ b/src/ChangeLog
@@ -1,3 +1,82 @@
		1	2011-06-06 Paul Eggert <eggert@cs.ucla.edu>
		2
		3	Cons<->int and similar integer overflow fixes.
		4
		5	Check for overflow when converting integer to cons and back.
		6	* charset.c (Fdefine_charset_internal, Fdecode_char):
		7	Use cons_to_unsigned to catch overflow.
		8	(Fencode_char): Use INTEGER_TO_CONS.
		9	* composite.h (LGLYPH_CODE): Use cons_to_unsigned.
		10	(LGLYPH_SET_CODE): Use INTEGER_TO_CONS.
		11	* data.c (long_to_cons, cons_to_long): Remove.
		12	(cons_to_unsigned, cons_to_signed): New functions.
		13	These signal an error for invalid or out-of-range values.
		14	* dired.c (Ffile_attributes): Use INTEGER_TO_CONS.
		15	* fileio.c (Fset_visited_file_modtime): Use CONS_TO_INTEGER.
		16	* font.c (Ffont_variation_glyphs):
		17	* fontset.c (Finternal_char_font): Use INTEGER_TO_CONS.
		18	* lisp.h: Include <intprops.h>.
		19	(INTEGER_TO_CONS, CONS_TO_INTEGER): New macros.
		20	(cons_to_signed, cons_to_unsigned): New decls.
		21	(long_to_cons, cons_to_long): Remove decls.
		22	* undo.c (record_first_change): Use INTEGER_TO_CONS.
		23	(Fprimitive_undo): Use CONS_TO_INTEGER.
		24	* xfns.c (Fx_window_property): Likewise.
		25	* xselect.c: Include <limits.h>.
		26	(x_own_selection, selection_data_to_lisp_data):
		27	Use INTEGER_TO_CONS.
		28	(x_handle_selection_request, x_handle_selection_clear)
		29	(x_get_foreign_selection, Fx_disown_selection_internal)
		30	(Fx_get_atom_name, x_send_client_event): Use CONS_TO_INTEGER.
		31	(lisp_data_to_selection_data): Use cons_to_unsigned.
		32	(x_fill_property_data): Use cons_to_signed.
		33	Report values out of range.
		34
		35	Check for buffer and string overflow more precisely.
		36	* buffer.h (BUF_BYTES_MAX): New macro.
		37	* lisp.h (STRING_BYTES_MAX): New macro.
		38	* alloc.c (Fmake_string):
		39	* character.c (string_escape_byte8):
		40	* coding.c (coding_alloc_by_realloc):
		41	* doprnt.c (doprnt):
		42	* editfns.c (Fformat):
		43	* eval.c (verror):
		44	Use STRING_BYTES_MAX, not MOST_POSITIVE_FIXNUM,
		45	since they may not be the same number.
		46	* editfns.c (Finsert_char):
		47	* fileio.c (Finsert_file_contents):
		48	Likewise for BUF_BYTES_MAX.
		49
		50	* image.c: Use ptrdiff_t, not int, for sizes.
		51	(slurp_file): Switch from int to ptrdiff_t.
		52	All uses changed.
		53	(slurp_file): Check that file size fits in both size_t (for
		54	malloc) and ptrdiff_t (for sanity and safety).
		55
		56	* fileio.c (Fverify_visited_file_modtime): Avoid time overflow
		57	if b->modtime has its maximal value.
		58
		59	* dired.c (Ffile_attributes): Don't assume EMACS_INT has >32 bits.
		60
		61	Don't assume time_t can fit into int.
		62	* buffer.h (struct buffer.modtime): Now time_t, not int.
		63	* fileio.c (Fvisited_file_modtime): No need for time_t cast now.
		64	* undo.c (Fprimitive_undo): Use time_t, not int, for time_t value.
		65
		66	Minor fixes for signed vs unsigned integers.
		67	* character.h (MAYBE_UNIFY_CHAR):
		68	* charset.c (maybe_unify_char):
		69	* keyboard.c (read_char, reorder_modifiers):
		70	XINT -> XFASTINT, since the integer must be nonnegative.
		71	* ftfont.c (ftfont_spec_pattern):
		72	* keymap.c (access_keymap, silly_event_symbol_error):
		73	XUINT -> XFASTINT, since the integer must be nonnegative.
		74	(Fsingle_key_description, preferred_sequence_p): XUINT -> XINT,
		75	since it makes no difference and we prefer signed.
		76	* keyboard.c (record_char): Use XUINT when all the neighbors do.
		77	(access_keymap): NATNUMP -> INTEGERP, since the integer must be
		78	nonnegative.
		79
1	2011-06-06 Stefan Monnier <monnier@iro.umontreal.ca>	80	2011-06-06 Stefan Monnier <monnier@iro.umontreal.ca>
2		81
3	* window.h (Fwindow_frame): Declare.	82	* window.h (Fwindow_frame): Declare.