diff options
| author | Paul Eggert | 2011-07-16 17:34:43 -0700 |
|---|---|---|
| committer | Paul Eggert | 2011-07-16 17:34:43 -0700 |
| commit | 134643946085b24a695d73b3d8f7af5aa23602aa (patch) | |
| tree | db15254a5f9e9f173e4c379dfb27d9a38431b677 /src/ChangeLog | |
| parent | 39e378da07fe365c6442dc95b937539eb31fe8ef (diff) | |
| download | emacs-134643946085b24a695d73b3d8f7af5aa23602aa.tar.gz emacs-134643946085b24a695d73b3d8f7af5aa23602aa.zip | |
Overflow, signedness and related fixes for images.
* dispextern.h (struct it.stack[0].u.image.image_id)
(struct_it.image_id, struct image.id, struct image_cache.size)
(struct image_cache.used, struct image_cache.ref_count):
* gtkutil.c (update_frame_tool_bar):
* image.c (x_reference_bitmap, Fimage_size, Fimage_mask_p)
(Fimage_metadata, free_image_cache, clear_image_cache, lookup_image)
(cache_image, mark_image_cache, x_kill_gs_process, Flookup_image):
* nsmenu.m (update_frame_tool_bar):
* xdisp.c (calc_pixel_width_or_height):
* xfns.c (image_cache_refcount):
Image IDs are now ptrdiff_t, not int, to avoid arbitrary limits
on typical 64-bit hosts.
* image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros.
(x_bitmap_pixmap, x_create_x_image_and_pixmap):
Omit unnecessary casts to int.
(parse_image_spec): Check that integers fall into 'int' range
when the callers expect that.
(image_ascent): Redo ascent calculation to avoid int overflow.
(clear_image_cache): Avoid overflow when sqrt (INT_MAX) < nimages.
(lookup_image): Remove unnecessary tests.
(xbm_image_p): Locals are now of int, not EMACS_INT,
since parse_image_check makes sure they fit into int.
(png_load, gif_load, svg_load_image):
Prefer int to unsigned where either will do.
(tiff_handler): New function, combining the cores of the
old tiff_error_handler and tiff_warning_handler. This
function is rewritten to use vsnprintf and thereby avoid
stack buffer overflows. It uses only the features of vsnprintf
that are common to both POSIX and native Microsoft.
(tiff_error_handler, tiff_warning_handler): Use it.
(tiff_load, gif_load, imagemagick_load_image):
Don't assume :index value fits in 'int'.
(gif_load): Omit unnecessary cast to double, and avoid double-rounding.
(imagemagick_load_image): Check that crop parameters fit into
the integer types that MagickCropImage accepts. Don't assume
Vimagemagick_render_type has a nonnegative value. Don't assume
size_t fits in 'long'.
(gs_load): Use printmax_t to print the widest integers possible.
Check for integer overflow when computing image height and width.
Diffstat (limited to 'src/ChangeLog')
| -rw-r--r-- | src/ChangeLog | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index c19786fb72c..680e67e05f7 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -1,3 +1,48 @@ | |||
| 1 | 2011-07-16 Paul Eggert <eggert@cs.ucla.edu> | ||
| 2 | |||
| 3 | Overflow, signedness and related fixes for images. | ||
| 4 | |||
| 5 | * dispextern.h (struct it.stack[0].u.image.image_id) | ||
| 6 | (struct_it.image_id, struct image.id, struct image_cache.size) | ||
| 7 | (struct image_cache.used, struct image_cache.ref_count): | ||
| 8 | * gtkutil.c (update_frame_tool_bar): | ||
| 9 | * image.c (x_reference_bitmap, Fimage_size, Fimage_mask_p) | ||
| 10 | (Fimage_metadata, free_image_cache, clear_image_cache, lookup_image) | ||
| 11 | (cache_image, mark_image_cache, x_kill_gs_process, Flookup_image): | ||
| 12 | * nsmenu.m (update_frame_tool_bar): | ||
| 13 | * xdisp.c (calc_pixel_width_or_height): | ||
| 14 | * xfns.c (image_cache_refcount): | ||
| 15 | Image IDs are now ptrdiff_t, not int, to avoid arbitrary limits | ||
| 16 | on typical 64-bit hosts. | ||
| 17 | |||
| 18 | * image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros. | ||
| 19 | (x_bitmap_pixmap, x_create_x_image_and_pixmap): | ||
| 20 | Omit unnecessary casts to int. | ||
| 21 | (parse_image_spec): Check that integers fall into 'int' range | ||
| 22 | when the callers expect that. | ||
| 23 | (image_ascent): Redo ascent calculation to avoid int overflow. | ||
| 24 | (clear_image_cache): Avoid overflow when sqrt (INT_MAX) < nimages. | ||
| 25 | (lookup_image): Remove unnecessary tests. | ||
| 26 | (xbm_image_p): Locals are now of int, not EMACS_INT, | ||
| 27 | since parse_image_check makes sure they fit into int. | ||
| 28 | (png_load, gif_load, svg_load_image): | ||
| 29 | Prefer int to unsigned where either will do. | ||
| 30 | (tiff_handler): New function, combining the cores of the | ||
| 31 | old tiff_error_handler and tiff_warning_handler. This | ||
| 32 | function is rewritten to use vsnprintf and thereby avoid | ||
| 33 | stack buffer overflows. It uses only the features of vsnprintf | ||
| 34 | that are common to both POSIX and native Microsoft. | ||
| 35 | (tiff_error_handler, tiff_warning_handler): Use it. | ||
| 36 | (tiff_load, gif_load, imagemagick_load_image): | ||
| 37 | Don't assume :index value fits in 'int'. | ||
| 38 | (gif_load): Omit unnecessary cast to double, and avoid double-rounding. | ||
| 39 | (imagemagick_load_image): Check that crop parameters fit into | ||
| 40 | the integer types that MagickCropImage accepts. Don't assume | ||
| 41 | Vimagemagick_render_type has a nonnegative value. Don't assume | ||
| 42 | size_t fits in 'long'. | ||
| 43 | (gs_load): Use printmax_t to print the widest integers possible. | ||
| 44 | Check for integer overflow when computing image height and width. | ||
| 45 | |||
| 1 | 2011-07-14 Paul Eggert <eggert@cs.ucla.edu> | 46 | 2011-07-14 Paul Eggert <eggert@cs.ucla.edu> |
| 2 | 47 | ||
| 3 | Integer signedness and overflow and related fixes. (Bug#9079) | 48 | Integer signedness and overflow and related fixes. (Bug#9079) |