merge upstream

author: Joakim Verona 2011-06-23 01:28:30 +0200
committer: Joakim Verona 2011-06-23 01:28:30 +0200
commit: c5082a753011dacef505e91f1fc30a84fa75a2eb (patch)
tree: 2c995eff276b6e9e68f54b4ebe76bf012231c86d /src/ChangeLog
parent: 787c27e81f046cfa1c457ed405551f8ca0ddb0e8 (diff)
parent: 297dde5a97c0c5c8020db72213c7f84067f1ee21 (diff)
download: emacs-c5082a753011dacef505e91f1fc30a84fa75a2eb.tar.gz
emacs-c5082a753011dacef505e91f1fc30a84fa75a2eb.zip
1 files changed, 309 insertions, 1 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 59fb2d89b24..78fca60ca28 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,311 @@
+2011-06-22  Paul Eggert  <eggert@cs.ucla.edu>
+        Fixes for GLYPH_DEBUG found by GCC 4.6.0 static checking.
+        The following patches are for when GLYPH_DEBUG && !XASSERT.
+        * dispextern.h (trace_redisplay_p, dump_glyph_string):
+        * dispnew.c (flush_stdout):
+        * xdisp.c (dump_glyph_row, dump_glyph_matrix, dump_glyph):
+        Mark as externally visible.
+        * dispnew.c (check_window_matrix_pointers): Now static.
+        * dispnew.c (window_to_frame_vpos):
+        * xfns.c (unwind_create_frame):
+        * xterm.c (x_check_font): Remove unused local.
+        * scroll.c (CHECK_BOUNDS):
+        * xfaces.c (cache_fache): Rename local to avoid shadowing.
+        * xfns.c, w32fns.c (image_cache_refcount, dpyinfo_refcount): Now static.
+        * xdisp.c (check_window_end): Now a no-op if !XASSERTS.
+        (debug_first_unchanged_at_end_vpos, debug_last_unchanged_at_beg_vpos)
+        (debug_dvpos, debug_dy, debug_delta, debug_delta_bytes, debug_end_vpos):
+        Now static.
+        (debug_method_add): Use va_list and vsprintf rather than relying
+        on undefined behavior with wrong number of arguments.
+        (dump_glyph, dump_glyph_row, Fdump_glyph_matrix):
+        Don't assume ptrdiff_t and EMACS_INT are the same width as int.
+        In this code, it's OK to assume C99 behavior for ptrdiff_t formats
+        since we're not interested in debugging glyphs with old libraries.
+        * xfaces.c (cache_face): Move debugging code earlier; this pacifies
+        GCC 4.6.0's static checking.
+2011-06-22  Paul Eggert  <eggert@cs.ucla.edu>
+        Integer overflow and signedness fixes (Bug#8873).
+        A few related buffer overrun fixes, too.
+        * font.c (font_score): Use EMACS_INT, not int, to store XINT value.
+        * dispextern.h (struct face.stipple):
+        * image.c (x_bitmap_height, x_bitmap_width, x_bitmap_pixmap)
+        (x_bitmap_mask, x_allocate_bitmap_record)
+        (x_create_bitmap_from_data, x_create_bitmap_from_file)
+        (x_destroy_bitmap, x_destroy_all_bitmaps, x_create_bitmap_mask)
+        (x_create_bitmap_from_xpm_data):
+        * nsterm.h (struct ns_display_info.bitmaps_size, .bitmaps_last):
+        * w32term.h (struct w32_display_info.icon_bitmap_id, .bitmaps_size)
+        (.bitmaps_last):
+        * xfaces.c (load_pixmap):
+        * xterm.c (x_bitmap_icon, x_wm_set_icon_pixmap):
+        * xterm.h (struct x_display_info.icon_bitmap_id, .bitmaps_size)
+        (.bitmaps_last, struct x_output.icon_bitmap):
+        Use ptrdiff_t, not int, for bitmap indexes.
+        (x_allocate_bitmap_record): Check for size overflow.
+        * dispextern.h, lisp.h: Adjust to API changes elsewhere.
+        Use ptrdiff_t, not int, for overlay counts.
+        * buffer.h (overlays_at, sort_overlays, GET_OVERLAYS_AT):
+        * editfns.c (overlays_around, get_pos_property):
+        * textprop.c (get_char_property_and_overlay):
+        * xdisp.c (next_overlay_change, note_mouse_highlight):
+        * xfaces.c (face_at_buffer_position):
+        * buffer.c (OVERLAY_COUNT_MAX): New macro.
+        (overlays_at, overlays_in, sort_overlays, Foverlays_at)
+        (Fnext_overlay_change, Fprevious_overlay_change)
+        (mouse_face_overlay_overlaps, Foverlays_in):
+        Use ptrdiff_t, not int, for sizes.
+        (overlays_at, overlays_in): Check for size-calculation overflow.
+        * xterm.c (xim_initialize, same_x_server): Strlen may not fit in int.
+        * xsmfns.c (smc_save_yourself_CB, x_session_initialize): Avoid strlen.
+        (x_session_initialize): Do not assume string length fits in int.
+        * xsettings.c (apply_xft_settings): Fix potential buffer overrun.
+        This is unlikely, but can occur if DPI is outlandish.
+        * xsettings.c (Ffont_get_system_normal_font, Ffont_get_system_font):
+        * xselect.c (Fx_get_atom_name): Avoid need for strlen.
+        * xrdb.c: Don't assume strlen fits in int; avoid some strlens.
+        * xrdb.c (magic_file_p, search_magic_path):
+        Omit last arg SUFFIX; it was always 0.  All callers changed.
+        (magic_file_p): Use ptrdiff_t, not int.  Check for size overflow.
+        * xfont.c (xfont_match): Avoid need for strlen.
+        * xfns.c: Don't assume strlen fits in int.
+        (xic_create_fontsetname, x_window): Use ptrdiff_t, not int.
+        * xdisp.c (message_log_check_duplicate): Return intmax_t,
+        not unsigned long, as we prefer signed integers.  All callers changed.
+        Detect integer overflow in repeat count.
+        (message_dolog): Don't assume print length fits in 39 bytes.
+        (display_mode_element): Don't assume strlen fits in int.
+        * termcap.c: Don't assume sizes fit in int and never overflow.
+        (struct termcap_buffer, tgetent): Use ptrdiff_t, not int, for sizes.
+        (gobble_line): Check for size-calculation overflow.
+        * minibuf.c (Fread_buffer):
+        * lread.c (intern, intern_c_string):
+        * image.c (xpm_scan) [HAVE_NS && !HAVE_XPM]:
+        Don't assume string length fits in int.
+        * keyboard.c (parse_tool_bar_item):
+        * gtkutil.c (style_changed_cb): Avoid need for strlen.
+        * font.c: Don't assume string length fits in int.
+        (font_parse_xlfd, font_parse_fcname, font_unparse_fcname):
+        Use ptrdiff_t, not int.
+        (font_intern_prop): Don't assume string length fits in int.
+        Don't assume integer property fits in fixnum.
+        * font.h (font_intern_prop): 2nd arg is now ptrdiff_t, not int.
+        * filelock.c: Fix some buffer overrun and integer overflow issues.
+        (get_boot_time): Don't assume gzip command string fits in 100 bytes.
+        Reformulate so as not to need the command string.
+        Invoke gzip -cd rather than gunzip, as it's more portable.
+        (lock_info_type, lock_file_1, lock_file):
+        Don't assume pid_t and time_t fit in unsigned long.
+        (LOCK_PID_MAX): Remove; we now use more-reliable bounds.
+        (current_lock_owner): Prefer signed type for sizes.
+        Use memcpy, not strncpy, where memcpy is what is really wanted.
+        Don't assume (via atoi) that time_t and pid_t fit in int.
+        Check for time_t and/or pid_t out of range, e.g., via a network share.
+        Don't alloca where an auto var works fine.
+        * fileio.c: Fix some integer overflow issues.
+        (file_name_as_directory, Fexpand_file_name, Fsubstitute_in_file_name):
+        Don't assume string length fits in int.
+        (directory_file_name): Don't assume string length fits in long.
+        (make_temp_name): Don't assume pid fits in int, or that its print
+        length is less than 20.
+        * data.c (Fsubr_name): Rewrite to avoid a strlen call.
+        * coding.c (make_subsidiaries): Don't assume string length fits in int.
+        * callproc.c (child_setup): Rewrite to avoid two strlen calls.
+        * process.c (Fformat_network_address): Use EMACS_INT, not EMACS_UINT.
+        We prefer signed integers, even for size calculations.
+        * emacs.c: Don't assume string length fits in 'int'.
+        (DEFINE_DUMMY_FUNCTION, sort_args): Use ptrdiff_t, not int.
+        (main): Don't invoke strlen when not needed.
+        * dbusbind.c (XD_ERROR): Don't arbitrarily truncate string.
+        (XD_DEBUG_MESSAGE): Don't waste a byte.
+        * callproc.c (getenv_internal_1, getenv_internal)
+        (Fgetenv_internal):
+        * buffer.c (init_buffer): Don't assume string length fits in 'int'.
+        * lread.c (invalid_syntax): Omit length argument.
+        All uses changed.  This doesn't fix a bug, but it simplifies the
+        code away from its former Hollerith-constant appearance, and it's
+        one less 'int' to worry about when looking at integer-overflow issues.
+        (string_to_number): Simplify 2011-04-26 change by invoking xsignal1.
+        * lisp.h (DEFUN): Remove bogus use of sizeof (struct Lisp_Subr).
+        This didn't break anything, but it didn't help either.
+        It's confusing to put a bogus integer in a place where the actual
+        value does not matter.
+        (LIST_END_P): Remove unused macro and its bogus comment.
+        (make_fixnum_or_float): Remove unnecessary cast to EMACS_INT.
+        * lisp.h (union Lisp_Object.i): EMACS_INT, not EMACS_UINT.
+        This is for consistency with the ordinary, non-USE_LISP_UNION_TYPE,
+        implementation.
+        (struct Lisp_Bool_Vector.size): EMACS_INT, not EMACS_UINT.
+        We prefer signed types, and the value cannot exceed the EMACS_INT
+        range anyway (because otherwise the length would not be representable).
+        (XSET) [USE_LISP_UNION_TYPE]: Use uintptr_t and intptr_t,
+        not EMACS_UINT and EMACS_INT, when converting pointer to integer.
+        This avoids a GCC warning when WIDE_EMACS_INT.
+        * indent.c (sane_tab_width): New function.
+        (current_column, scan_for_column, Findent_to, position_indentation)
+        (compute_motion): Use it.  This is just for clarity.
+        (Fcompute_motion): Don't assume hscroll and tab offset fit in int.
+        * image.c (xbm_image_p): Don't assume stated width, height fit in int.
+        * lisp.h (lint_assume): New macro.
+        * composite.c (composition_gstring_put_cache):
+        * ftfont.c (ftfont_shape_by_flt): Use it to pacify GCC 4.6.0.
+        * editfns.c, insdel.c:
+        Omit unnecessary forward decls, to simplify future changes.
+        * ftfont.c (ftfont_shape_by_flt): Use signed integers for lengths.
+        * font.c (Ffont_shape_gstring): Don't assume glyph len fits in 'int'.
+        * fns.c (Ffillarray): Don't assume bool vector size fits in 'int'.
+        Use much-faster test for byte-length change.
+        Don't assume string byte-length fits in 'int'.
+        Check that character arg fits in 'int'.
+        (mapcar1): Declare byte as byte, for clarity.
+        * alloc.c (Fmake_bool_vector): Avoid unnecessary multiplication.
+        * fns.c (concat): Catch string overflow earlier.
+        Do not rely on integer wraparound.
+        * dispextern.h (struct it.overlay_strings_charpos)
+        (struct it.selective): Now EMACS_INT, not int.
+        * xdisp.c (forward_to_next_line_start)
+        (back_to_previous_visible_line_start)
+        (reseat_at_next_visible_line_start, next_element_from_buffer):
+        Don't arbitrarily truncate the value of 'selective' to int.
+        * xdisp.c (init_iterator): Use XINT, not XFASTINT; it might be < 0.
+        * composite.c: Don't truncate sizes to 'int'.
+        (composition_gstring_p, composition_reseat_it)
+        (composition_adjust_point): Use EMACS_INT, not int.
+        (get_composition_id, composition_gstring_put_cache): Use EMACS_INT,
+        not EMACS_UINT, for indexes.
+        * category.h (CATEGORY_SET_P): Remove unnecessary cast to EMACS_INT.
+        * buffer.c: Include <verify.h>.
+        (struct sortvec.priority, struct sortstr.priority):
+        Now EMACS_INT, not int.
+        (compare_overlays, cmp_for_strings): Avoid subtraction overflow.
+        (struct sortstr.size, record_overlay_string)
+        (struct sortstrlist.size, struct sortlist.used):
+        Don't truncate size to int.
+        (record_overlay_string): Check for size-calculation overflow.
+        (init_buffer_once): Check at compile-time, not run-time.
+2011-06-22  Jim Meyering  <meyering@redhat.com>
+        don't leak an XBM-image-sized buffer
+        * image.c (xbm_load): Free the image buffer after using it.
+2011-06-21  Paul Eggert  <eggert@cs.ucla.edu>
+        Port to Sun C.
+        * composite.c (find_automatic_composition): Omit needless 'return 0;'
+        that Sun C diagnosed.
+        * fns.c (secure_hash): Fix pointer signedness issue.
+        * intervals.c (static_offset_intervals): New function.
+        (offset_intervals): Use it.
+2011-06-21  Leo Liu  <sdl.web@gmail.com>
+        * deps.mk (fns.o):
+        * makefile.w32-in ($(BLD)/fns.$(O)): Include sha256.h and
+        sha512.h.
+        * fns.c (secure_hash): Rename from crypto_hash_function and change
+        the first arg to accept symbols.
+        (Fsecure_hash): New primtive.
+        (syms_of_fns): New symbols.
+2011-06-20  Deniz Dogan  <deniz@dogan.se>
+        * process.c (Fset_process_buffer): Clarify return value in
+        docstring.
+2011-06-18  Chong Yidong  <cyd@stupidchicken.com>
+        * dispnew.c (add_window_display_history): Use BVAR.
+        * xdisp.c (debug_method_add): Use BVAR.
+        (check_window_end, dump_glyph_matrix, dump_glyph)
+        (dump_glyph_row, dump_glyph_string): Convert arglist to ANSI C.
+        * xfaces.c (check_lface_attrs, check_lface, dump_realized_face):
+        Likewise.
+        * xfns.c (Fx_create_frame, x_create_tip_frame): Delay image cache
+        check till after the cache is created in init_frame_faces.
+2011-06-17  Stefan Monnier  <monnier@iro.umontreal.ca>
+        * fns.c (Fsafe_length): Yet another int/Lisp_Object mixup.
+2011-06-16  Paul Eggert  <eggert@cs.ucla.edu>
+        * lisp.h: Include <limits.h>, for INT_MAX, LONG_MAX, LLONG_MAX.
+        Without this, prin1 mishandles Lisp_Misc_Save_Value printing on
+        hosts with pre-C99 libraries, because pD is wrongly defined to "t".
+        Improve buffer-overflow checking (Bug#8873).
+        * fileio.c (Finsert_file_contents):
+        * insdel.c (insert_from_buffer_1, replace_range, replace_range_2):
+        Remove the old (too-loose) buffer overflow checks.
+        They weren't needed, since make_gap checks for buffer overflow.
+        * insdel.c (make_gap_larger): Catch buffer overflows that were missed.
+        The old code merely checked for Emacs fixnum overflow, and relied
+        on undefined (wraparound) behavior.  The new code avoids undefined
+        behavior, and also checks for ptrdiff_t and/or size_t overflow.
+        * editfns.c (Finsert_char): Don't dump core with very negative counts.
+        Tune.  Don't use wider integers than needed.  Don't use alloca.
+        Use a bigger 'string' buffer.  Rewrite to avoid 'n > 0' test.
+        * insdel.c (replace_range): Fix buf overflow when insbytes < outgoing.
+        * insdel.c, lisp.h (buffer_overflow): New function.
+        (insert_from_buffer_1, replace_range, replace_range_2):
+        * insdel.c (make_gap_larger):
+        * editfns.c (Finsert_char):
+        * fileio.c (Finsert_file_contents): Use it, to normalize wording.
+        * buffer.h (BUF_BYTES_MAX): Cast to ptrdiff_t so that it's signed.
 2011-06-15  Paul Eggert  <eggert@cs.ucla.edu>
        Integer overflow and signedness fixes (Bug#8873).
@@ -1315,7 +1623,7 @@
 2011-05-18  Christoph Scholtes  <cschol2112@googlemail.com>
        * menu.c: Include limits.h (fixes the MS-Windows build broken by
-        revision 104625).
+        2011-06-18T18:49:19Z!cyd@stupidchicken.com).
 2011-05-18  Paul Eggert  <eggert@cs.ucla.edu>
author	Joakim Verona	2011-06-23 01:28:30 +0200
committer	Joakim Verona	2011-06-23 01:28:30 +0200
commit	c5082a753011dacef505e91f1fc30a84fa75a2eb (patch)
tree	2c995eff276b6e9e68f54b4ebe76bf012231c86d /src/ChangeLog
parent	787c27e81f046cfa1c457ed405551f8ca0ddb0e8 (diff)
parent	297dde5a97c0c5c8020db72213c7f84067f1ee21 (diff)
download	emacs-c5082a753011dacef505e91f1fc30a84fa75a2eb.tar.gz emacs-c5082a753011dacef505e91f1fc30a84fa75a2eb.zip

diff --git a/src/ChangeLog b/src/ChangeLog index 59fb2d89b24..78fca60ca28 100644 --- a/src/ChangeLog +++ b/src/ChangeLog
@@ -1,3 +1,311 @@
		1	2011-06-22 Paul Eggert <eggert@cs.ucla.edu>
		2
		3	Fixes for GLYPH_DEBUG found by GCC 4.6.0 static checking.
		4	The following patches are for when GLYPH_DEBUG && !XASSERT.
		5	* dispextern.h (trace_redisplay_p, dump_glyph_string):
		6	* dispnew.c (flush_stdout):
		7	* xdisp.c (dump_glyph_row, dump_glyph_matrix, dump_glyph):
		8	Mark as externally visible.
		9	* dispnew.c (check_window_matrix_pointers): Now static.
		10	* dispnew.c (window_to_frame_vpos):
		11	* xfns.c (unwind_create_frame):
		12	* xterm.c (x_check_font): Remove unused local.
		13	* scroll.c (CHECK_BOUNDS):
		14	* xfaces.c (cache_fache): Rename local to avoid shadowing.
		15	* xfns.c, w32fns.c (image_cache_refcount, dpyinfo_refcount): Now static.
		16	* xdisp.c (check_window_end): Now a no-op if !XASSERTS.
		17	(debug_first_unchanged_at_end_vpos, debug_last_unchanged_at_beg_vpos)
		18	(debug_dvpos, debug_dy, debug_delta, debug_delta_bytes, debug_end_vpos):
		19	Now static.
		20	(debug_method_add): Use va_list and vsprintf rather than relying
		21	on undefined behavior with wrong number of arguments.
		22	(dump_glyph, dump_glyph_row, Fdump_glyph_matrix):
		23	Don't assume ptrdiff_t and EMACS_INT are the same width as int.
		24	In this code, it's OK to assume C99 behavior for ptrdiff_t formats
		25	since we're not interested in debugging glyphs with old libraries.
		26	* xfaces.c (cache_face): Move debugging code earlier; this pacifies
		27	GCC 4.6.0's static checking.
		28
		29	2011-06-22 Paul Eggert <eggert@cs.ucla.edu>
		30
		31	Integer overflow and signedness fixes (Bug#8873).
		32	A few related buffer overrun fixes, too.
		33
		34	* font.c (font_score): Use EMACS_INT, not int, to store XINT value.
		35
		36	* dispextern.h (struct face.stipple):
		37	* image.c (x_bitmap_height, x_bitmap_width, x_bitmap_pixmap)
		38	(x_bitmap_mask, x_allocate_bitmap_record)
		39	(x_create_bitmap_from_data, x_create_bitmap_from_file)
		40	(x_destroy_bitmap, x_destroy_all_bitmaps, x_create_bitmap_mask)
		41	(x_create_bitmap_from_xpm_data):
		42	* nsterm.h (struct ns_display_info.bitmaps_size, .bitmaps_last):
		43	* w32term.h (struct w32_display_info.icon_bitmap_id, .bitmaps_size)
		44	(.bitmaps_last):
		45	* xfaces.c (load_pixmap):
		46	* xterm.c (x_bitmap_icon, x_wm_set_icon_pixmap):
		47	* xterm.h (struct x_display_info.icon_bitmap_id, .bitmaps_size)
		48	(.bitmaps_last, struct x_output.icon_bitmap):
		49	Use ptrdiff_t, not int, for bitmap indexes.
		50	(x_allocate_bitmap_record): Check for size overflow.
		51	* dispextern.h, lisp.h: Adjust to API changes elsewhere.
		52
		53	Use ptrdiff_t, not int, for overlay counts.
		54	* buffer.h (overlays_at, sort_overlays, GET_OVERLAYS_AT):
		55	* editfns.c (overlays_around, get_pos_property):
		56	* textprop.c (get_char_property_and_overlay):
		57	* xdisp.c (next_overlay_change, note_mouse_highlight):
		58	* xfaces.c (face_at_buffer_position):
		59	* buffer.c (OVERLAY_COUNT_MAX): New macro.
		60	(overlays_at, overlays_in, sort_overlays, Foverlays_at)
		61	(Fnext_overlay_change, Fprevious_overlay_change)
		62	(mouse_face_overlay_overlaps, Foverlays_in):
		63	Use ptrdiff_t, not int, for sizes.
		64	(overlays_at, overlays_in): Check for size-calculation overflow.
		65
		66	* xterm.c (xim_initialize, same_x_server): Strlen may not fit in int.
		67
		68	* xsmfns.c (smc_save_yourself_CB, x_session_initialize): Avoid strlen.
		69	(x_session_initialize): Do not assume string length fits in int.
		70
		71	* xsettings.c (apply_xft_settings): Fix potential buffer overrun.
		72	This is unlikely, but can occur if DPI is outlandish.
		73
		74	* xsettings.c (Ffont_get_system_normal_font, Ffont_get_system_font):
		75	* xselect.c (Fx_get_atom_name): Avoid need for strlen.
		76
		77	* xrdb.c: Don't assume strlen fits in int; avoid some strlens.
		78	* xrdb.c (magic_file_p, search_magic_path):
		79	Omit last arg SUFFIX; it was always 0. All callers changed.
		80	(magic_file_p): Use ptrdiff_t, not int. Check for size overflow.
		81
		82	* xfont.c (xfont_match): Avoid need for strlen.
		83
		84	* xfns.c: Don't assume strlen fits in int.
		85	(xic_create_fontsetname, x_window): Use ptrdiff_t, not int.
		86
		87	* xdisp.c (message_log_check_duplicate): Return intmax_t,
		88	not unsigned long, as we prefer signed integers. All callers changed.
		89	Detect integer overflow in repeat count.
		90	(message_dolog): Don't assume print length fits in 39 bytes.
		91	(display_mode_element): Don't assume strlen fits in int.
		92
		93	* termcap.c: Don't assume sizes fit in int and never overflow.
		94	(struct termcap_buffer, tgetent): Use ptrdiff_t, not int, for sizes.
		95	(gobble_line): Check for size-calculation overflow.
		96
		97	* minibuf.c (Fread_buffer):
		98	* lread.c (intern, intern_c_string):
		99	* image.c (xpm_scan) [HAVE_NS && !HAVE_XPM]:
		100	Don't assume string length fits in int.
		101
		102	* keyboard.c (parse_tool_bar_item):
		103	* gtkutil.c (style_changed_cb): Avoid need for strlen.
		104
		105	* font.c: Don't assume string length fits in int.
		106	(font_parse_xlfd, font_parse_fcname, font_unparse_fcname):
		107	Use ptrdiff_t, not int.
		108	(font_intern_prop): Don't assume string length fits in int.
		109	Don't assume integer property fits in fixnum.
		110	* font.h (font_intern_prop): 2nd arg is now ptrdiff_t, not int.
		111
		112	* filelock.c: Fix some buffer overrun and integer overflow issues.
		113	(get_boot_time): Don't assume gzip command string fits in 100 bytes.
		114	Reformulate so as not to need the command string.
		115	Invoke gzip -cd rather than gunzip, as it's more portable.
		116	(lock_info_type, lock_file_1, lock_file):
		117	Don't assume pid_t and time_t fit in unsigned long.
		118	(LOCK_PID_MAX): Remove; we now use more-reliable bounds.
		119	(current_lock_owner): Prefer signed type for sizes.
		120	Use memcpy, not strncpy, where memcpy is what is really wanted.
		121	Don't assume (via atoi) that time_t and pid_t fit in int.
		122	Check for time_t and/or pid_t out of range, e.g., via a network share.
		123	Don't alloca where an auto var works fine.
		124
		125	* fileio.c: Fix some integer overflow issues.
		126	(file_name_as_directory, Fexpand_file_name, Fsubstitute_in_file_name):
		127	Don't assume string length fits in int.
		128	(directory_file_name): Don't assume string length fits in long.
		129	(make_temp_name): Don't assume pid fits in int, or that its print
		130	length is less than 20.
		131
		132	* data.c (Fsubr_name): Rewrite to avoid a strlen call.
		133
		134	* coding.c (make_subsidiaries): Don't assume string length fits in int.
		135
		136	* callproc.c (child_setup): Rewrite to avoid two strlen calls.
		137
		138	* process.c (Fformat_network_address): Use EMACS_INT, not EMACS_UINT.
		139	We prefer signed integers, even for size calculations.
		140
		141	* emacs.c: Don't assume string length fits in 'int'.
		142	(DEFINE_DUMMY_FUNCTION, sort_args): Use ptrdiff_t, not int.
		143	(main): Don't invoke strlen when not needed.
		144
		145	* dbusbind.c (XD_ERROR): Don't arbitrarily truncate string.
		146	(XD_DEBUG_MESSAGE): Don't waste a byte.
		147
		148	* callproc.c (getenv_internal_1, getenv_internal)
		149	(Fgetenv_internal):
		150	* buffer.c (init_buffer): Don't assume string length fits in 'int'.
		151
		152	* lread.c (invalid_syntax): Omit length argument.
		153	All uses changed. This doesn't fix a bug, but it simplifies the
		154	code away from its former Hollerith-constant appearance, and it's
		155	one less 'int' to worry about when looking at integer-overflow issues.
		156	(string_to_number): Simplify 2011-04-26 change by invoking xsignal1.
		157
		158	* lisp.h (DEFUN): Remove bogus use of sizeof (struct Lisp_Subr).
		159	This didn't break anything, but it didn't help either.
		160	It's confusing to put a bogus integer in a place where the actual
		161	value does not matter.
		162	(LIST_END_P): Remove unused macro and its bogus comment.
		163	(make_fixnum_or_float): Remove unnecessary cast to EMACS_INT.
		164
		165	* lisp.h (union Lisp_Object.i): EMACS_INT, not EMACS_UINT.
		166	This is for consistency with the ordinary, non-USE_LISP_UNION_TYPE,
		167	implementation.
		168	(struct Lisp_Bool_Vector.size): EMACS_INT, not EMACS_UINT.
		169	We prefer signed types, and the value cannot exceed the EMACS_INT
		170	range anyway (because otherwise the length would not be representable).
		171	(XSET) [USE_LISP_UNION_TYPE]: Use uintptr_t and intptr_t,
		172	not EMACS_UINT and EMACS_INT, when converting pointer to integer.
		173	This avoids a GCC warning when WIDE_EMACS_INT.
		174
		175	* indent.c (sane_tab_width): New function.
		176	(current_column, scan_for_column, Findent_to, position_indentation)
		177	(compute_motion): Use it. This is just for clarity.
		178	(Fcompute_motion): Don't assume hscroll and tab offset fit in int.
		179
		180	* image.c (xbm_image_p): Don't assume stated width, height fit in int.
		181
		182	* lisp.h (lint_assume): New macro.
		183	* composite.c (composition_gstring_put_cache):
		184	* ftfont.c (ftfont_shape_by_flt): Use it to pacify GCC 4.6.0.
		185
		186	* editfns.c, insdel.c:
		187	Omit unnecessary forward decls, to simplify future changes.
		188
		189	* ftfont.c (ftfont_shape_by_flt): Use signed integers for lengths.
		190
		191	* font.c (Ffont_shape_gstring): Don't assume glyph len fits in 'int'.
		192
		193	* fns.c (Ffillarray): Don't assume bool vector size fits in 'int'.
		194	Use much-faster test for byte-length change.
		195	Don't assume string byte-length fits in 'int'.
		196	Check that character arg fits in 'int'.
		197	(mapcar1): Declare byte as byte, for clarity.
		198
		199	* alloc.c (Fmake_bool_vector): Avoid unnecessary multiplication.
		200
		201	* fns.c (concat): Catch string overflow earlier.
		202	Do not rely on integer wraparound.
		203
		204	* dispextern.h (struct it.overlay_strings_charpos)
		205	(struct it.selective): Now EMACS_INT, not int.
		206	* xdisp.c (forward_to_next_line_start)
		207	(back_to_previous_visible_line_start)
		208	(reseat_at_next_visible_line_start, next_element_from_buffer):
		209	Don't arbitrarily truncate the value of 'selective' to int.
		210
		211	* xdisp.c (init_iterator): Use XINT, not XFASTINT; it might be < 0.
		212
		213	* composite.c: Don't truncate sizes to 'int'.
		214	(composition_gstring_p, composition_reseat_it)
		215	(composition_adjust_point): Use EMACS_INT, not int.
		216	(get_composition_id, composition_gstring_put_cache): Use EMACS_INT,
		217	not EMACS_UINT, for indexes.
		218
		219	* category.h (CATEGORY_SET_P): Remove unnecessary cast to EMACS_INT.
		220
		221	* buffer.c: Include <verify.h>.
		222	(struct sortvec.priority, struct sortstr.priority):
		223	Now EMACS_INT, not int.
		224	(compare_overlays, cmp_for_strings): Avoid subtraction overflow.
		225	(struct sortstr.size, record_overlay_string)
		226	(struct sortstrlist.size, struct sortlist.used):
		227	Don't truncate size to int.
		228	(record_overlay_string): Check for size-calculation overflow.
		229	(init_buffer_once): Check at compile-time, not run-time.
		230
		231	2011-06-22 Jim Meyering <meyering@redhat.com>
		232
		233	don't leak an XBM-image-sized buffer
		234	* image.c (xbm_load): Free the image buffer after using it.
		235
		236	2011-06-21 Paul Eggert <eggert@cs.ucla.edu>
		237
		238	Port to Sun C.
		239	* composite.c (find_automatic_composition): Omit needless 'return 0;'
		240	that Sun C diagnosed.
		241	* fns.c (secure_hash): Fix pointer signedness issue.
		242	* intervals.c (static_offset_intervals): New function.
		243	(offset_intervals): Use it.
		244
		245	2011-06-21 Leo Liu <sdl.web@gmail.com>
		246
		247	* deps.mk (fns.o):
		248	* makefile.w32-in ($(BLD)/fns.$(O)): Include sha256.h and
		249	sha512.h.
		250
		251	* fns.c (secure_hash): Rename from crypto_hash_function and change
		252	the first arg to accept symbols.
		253	(Fsecure_hash): New primtive.
		254	(syms_of_fns): New symbols.
		255
		256	2011-06-20 Deniz Dogan <deniz@dogan.se>
		257
		258	* process.c (Fset_process_buffer): Clarify return value in
		259	docstring.
		260
		261	2011-06-18 Chong Yidong <cyd@stupidchicken.com>
		262
		263	* dispnew.c (add_window_display_history): Use BVAR.
		264
		265	* xdisp.c (debug_method_add): Use BVAR.
		266	(check_window_end, dump_glyph_matrix, dump_glyph)
		267	(dump_glyph_row, dump_glyph_string): Convert arglist to ANSI C.
		268
		269	* xfaces.c (check_lface_attrs, check_lface, dump_realized_face):
		270	Likewise.
		271
		272	* xfns.c (Fx_create_frame, x_create_tip_frame): Delay image cache
		273	check till after the cache is created in init_frame_faces.
		274
		275	2011-06-17 Stefan Monnier <monnier@iro.umontreal.ca>
		276
		277	* fns.c (Fsafe_length): Yet another int/Lisp_Object mixup.
		278
		279	2011-06-16 Paul Eggert <eggert@cs.ucla.edu>
		280
		281	* lisp.h: Include <limits.h>, for INT_MAX, LONG_MAX, LLONG_MAX.
		282	Without this, prin1 mishandles Lisp_Misc_Save_Value printing on
		283	hosts with pre-C99 libraries, because pD is wrongly defined to "t".
		284
		285	Improve buffer-overflow checking (Bug#8873).
		286	* fileio.c (Finsert_file_contents):
		287	* insdel.c (insert_from_buffer_1, replace_range, replace_range_2):
		288	Remove the old (too-loose) buffer overflow checks.
		289	They weren't needed, since make_gap checks for buffer overflow.
		290	* insdel.c (make_gap_larger): Catch buffer overflows that were missed.
		291	The old code merely checked for Emacs fixnum overflow, and relied
		292	on undefined (wraparound) behavior. The new code avoids undefined
		293	behavior, and also checks for ptrdiff_t and/or size_t overflow.
		294
		295	* editfns.c (Finsert_char): Don't dump core with very negative counts.
		296	Tune. Don't use wider integers than needed. Don't use alloca.
		297	Use a bigger 'string' buffer. Rewrite to avoid 'n > 0' test.
		298
		299	* insdel.c (replace_range): Fix buf overflow when insbytes < outgoing.
		300
		301	* insdel.c, lisp.h (buffer_overflow): New function.
		302	(insert_from_buffer_1, replace_range, replace_range_2):
		303	* insdel.c (make_gap_larger):
		304	* editfns.c (Finsert_char):
		305	* fileio.c (Finsert_file_contents): Use it, to normalize wording.
		306
		307	* buffer.h (BUF_BYTES_MAX): Cast to ptrdiff_t so that it's signed.
		308
1	2011-06-15 Paul Eggert <eggert@cs.ucla.edu>	309	2011-06-15 Paul Eggert <eggert@cs.ucla.edu>
2		310
3	Integer overflow and signedness fixes (Bug#8873).	311	Integer overflow and signedness fixes (Bug#8873).
@@ -1315,7 +1623,7 @@
1315	2011-05-18 Christoph Scholtes <cschol2112@googlemail.com>	1623	2011-05-18 Christoph Scholtes <cschol2112@googlemail.com>
1316		1624
1317	* menu.c: Include limits.h (fixes the MS-Windows build broken by	1625	* menu.c: Include limits.h (fixes the MS-Windows build broken by
1318	revision 104625).	1626	2011-06-18T18:49:19Z!cyd@stupidchicken.com).
1319		1627
1320	2011-05-18 Paul Eggert <eggert@cs.ucla.edu>	1628	2011-05-18 Paul Eggert <eggert@cs.ucla.edu>
1321		1629