aboutsummaryrefslogtreecommitdiffstats
path: root/src/ChangeLog
diff options
context:
space:
mode:
authorJoakim Verona2011-06-23 01:28:30 +0200
committerJoakim Verona2011-06-23 01:28:30 +0200
commitc5082a753011dacef505e91f1fc30a84fa75a2eb (patch)
tree2c995eff276b6e9e68f54b4ebe76bf012231c86d /src/ChangeLog
parent787c27e81f046cfa1c457ed405551f8ca0ddb0e8 (diff)
parent297dde5a97c0c5c8020db72213c7f84067f1ee21 (diff)
downloademacs-c5082a753011dacef505e91f1fc30a84fa75a2eb.tar.gz
emacs-c5082a753011dacef505e91f1fc30a84fa75a2eb.zip
merge upstream
Diffstat (limited to 'src/ChangeLog')
-rw-r--r--src/ChangeLog310
1 files changed, 309 insertions, 1 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 59fb2d89b24..78fca60ca28 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,311 @@
12011-06-22 Paul Eggert <eggert@cs.ucla.edu>
2
3 Fixes for GLYPH_DEBUG found by GCC 4.6.0 static checking.
4 The following patches are for when GLYPH_DEBUG && !XASSERT.
5 * dispextern.h (trace_redisplay_p, dump_glyph_string):
6 * dispnew.c (flush_stdout):
7 * xdisp.c (dump_glyph_row, dump_glyph_matrix, dump_glyph):
8 Mark as externally visible.
9 * dispnew.c (check_window_matrix_pointers): Now static.
10 * dispnew.c (window_to_frame_vpos):
11 * xfns.c (unwind_create_frame):
12 * xterm.c (x_check_font): Remove unused local.
13 * scroll.c (CHECK_BOUNDS):
14 * xfaces.c (cache_fache): Rename local to avoid shadowing.
15 * xfns.c, w32fns.c (image_cache_refcount, dpyinfo_refcount): Now static.
16 * xdisp.c (check_window_end): Now a no-op if !XASSERTS.
17 (debug_first_unchanged_at_end_vpos, debug_last_unchanged_at_beg_vpos)
18 (debug_dvpos, debug_dy, debug_delta, debug_delta_bytes, debug_end_vpos):
19 Now static.
20 (debug_method_add): Use va_list and vsprintf rather than relying
21 on undefined behavior with wrong number of arguments.
22 (dump_glyph, dump_glyph_row, Fdump_glyph_matrix):
23 Don't assume ptrdiff_t and EMACS_INT are the same width as int.
24 In this code, it's OK to assume C99 behavior for ptrdiff_t formats
25 since we're not interested in debugging glyphs with old libraries.
26 * xfaces.c (cache_face): Move debugging code earlier; this pacifies
27 GCC 4.6.0's static checking.
28
292011-06-22 Paul Eggert <eggert@cs.ucla.edu>
30
31 Integer overflow and signedness fixes (Bug#8873).
32 A few related buffer overrun fixes, too.
33
34 * font.c (font_score): Use EMACS_INT, not int, to store XINT value.
35
36 * dispextern.h (struct face.stipple):
37 * image.c (x_bitmap_height, x_bitmap_width, x_bitmap_pixmap)
38 (x_bitmap_mask, x_allocate_bitmap_record)
39 (x_create_bitmap_from_data, x_create_bitmap_from_file)
40 (x_destroy_bitmap, x_destroy_all_bitmaps, x_create_bitmap_mask)
41 (x_create_bitmap_from_xpm_data):
42 * nsterm.h (struct ns_display_info.bitmaps_size, .bitmaps_last):
43 * w32term.h (struct w32_display_info.icon_bitmap_id, .bitmaps_size)
44 (.bitmaps_last):
45 * xfaces.c (load_pixmap):
46 * xterm.c (x_bitmap_icon, x_wm_set_icon_pixmap):
47 * xterm.h (struct x_display_info.icon_bitmap_id, .bitmaps_size)
48 (.bitmaps_last, struct x_output.icon_bitmap):
49 Use ptrdiff_t, not int, for bitmap indexes.
50 (x_allocate_bitmap_record): Check for size overflow.
51 * dispextern.h, lisp.h: Adjust to API changes elsewhere.
52
53 Use ptrdiff_t, not int, for overlay counts.
54 * buffer.h (overlays_at, sort_overlays, GET_OVERLAYS_AT):
55 * editfns.c (overlays_around, get_pos_property):
56 * textprop.c (get_char_property_and_overlay):
57 * xdisp.c (next_overlay_change, note_mouse_highlight):
58 * xfaces.c (face_at_buffer_position):
59 * buffer.c (OVERLAY_COUNT_MAX): New macro.
60 (overlays_at, overlays_in, sort_overlays, Foverlays_at)
61 (Fnext_overlay_change, Fprevious_overlay_change)
62 (mouse_face_overlay_overlaps, Foverlays_in):
63 Use ptrdiff_t, not int, for sizes.
64 (overlays_at, overlays_in): Check for size-calculation overflow.
65
66 * xterm.c (xim_initialize, same_x_server): Strlen may not fit in int.
67
68 * xsmfns.c (smc_save_yourself_CB, x_session_initialize): Avoid strlen.
69 (x_session_initialize): Do not assume string length fits in int.
70
71 * xsettings.c (apply_xft_settings): Fix potential buffer overrun.
72 This is unlikely, but can occur if DPI is outlandish.
73
74 * xsettings.c (Ffont_get_system_normal_font, Ffont_get_system_font):
75 * xselect.c (Fx_get_atom_name): Avoid need for strlen.
76
77 * xrdb.c: Don't assume strlen fits in int; avoid some strlens.
78 * xrdb.c (magic_file_p, search_magic_path):
79 Omit last arg SUFFIX; it was always 0. All callers changed.
80 (magic_file_p): Use ptrdiff_t, not int. Check for size overflow.
81
82 * xfont.c (xfont_match): Avoid need for strlen.
83
84 * xfns.c: Don't assume strlen fits in int.
85 (xic_create_fontsetname, x_window): Use ptrdiff_t, not int.
86
87 * xdisp.c (message_log_check_duplicate): Return intmax_t,
88 not unsigned long, as we prefer signed integers. All callers changed.
89 Detect integer overflow in repeat count.
90 (message_dolog): Don't assume print length fits in 39 bytes.
91 (display_mode_element): Don't assume strlen fits in int.
92
93 * termcap.c: Don't assume sizes fit in int and never overflow.
94 (struct termcap_buffer, tgetent): Use ptrdiff_t, not int, for sizes.
95 (gobble_line): Check for size-calculation overflow.
96
97 * minibuf.c (Fread_buffer):
98 * lread.c (intern, intern_c_string):
99 * image.c (xpm_scan) [HAVE_NS && !HAVE_XPM]:
100 Don't assume string length fits in int.
101
102 * keyboard.c (parse_tool_bar_item):
103 * gtkutil.c (style_changed_cb): Avoid need for strlen.
104
105 * font.c: Don't assume string length fits in int.
106 (font_parse_xlfd, font_parse_fcname, font_unparse_fcname):
107 Use ptrdiff_t, not int.
108 (font_intern_prop): Don't assume string length fits in int.
109 Don't assume integer property fits in fixnum.
110 * font.h (font_intern_prop): 2nd arg is now ptrdiff_t, not int.
111
112 * filelock.c: Fix some buffer overrun and integer overflow issues.
113 (get_boot_time): Don't assume gzip command string fits in 100 bytes.
114 Reformulate so as not to need the command string.
115 Invoke gzip -cd rather than gunzip, as it's more portable.
116 (lock_info_type, lock_file_1, lock_file):
117 Don't assume pid_t and time_t fit in unsigned long.
118 (LOCK_PID_MAX): Remove; we now use more-reliable bounds.
119 (current_lock_owner): Prefer signed type for sizes.
120 Use memcpy, not strncpy, where memcpy is what is really wanted.
121 Don't assume (via atoi) that time_t and pid_t fit in int.
122 Check for time_t and/or pid_t out of range, e.g., via a network share.
123 Don't alloca where an auto var works fine.
124
125 * fileio.c: Fix some integer overflow issues.
126 (file_name_as_directory, Fexpand_file_name, Fsubstitute_in_file_name):
127 Don't assume string length fits in int.
128 (directory_file_name): Don't assume string length fits in long.
129 (make_temp_name): Don't assume pid fits in int, or that its print
130 length is less than 20.
131
132 * data.c (Fsubr_name): Rewrite to avoid a strlen call.
133
134 * coding.c (make_subsidiaries): Don't assume string length fits in int.
135
136 * callproc.c (child_setup): Rewrite to avoid two strlen calls.
137
138 * process.c (Fformat_network_address): Use EMACS_INT, not EMACS_UINT.
139 We prefer signed integers, even for size calculations.
140
141 * emacs.c: Don't assume string length fits in 'int'.
142 (DEFINE_DUMMY_FUNCTION, sort_args): Use ptrdiff_t, not int.
143 (main): Don't invoke strlen when not needed.
144
145 * dbusbind.c (XD_ERROR): Don't arbitrarily truncate string.
146 (XD_DEBUG_MESSAGE): Don't waste a byte.
147
148 * callproc.c (getenv_internal_1, getenv_internal)
149 (Fgetenv_internal):
150 * buffer.c (init_buffer): Don't assume string length fits in 'int'.
151
152 * lread.c (invalid_syntax): Omit length argument.
153 All uses changed. This doesn't fix a bug, but it simplifies the
154 code away from its former Hollerith-constant appearance, and it's
155 one less 'int' to worry about when looking at integer-overflow issues.
156 (string_to_number): Simplify 2011-04-26 change by invoking xsignal1.
157
158 * lisp.h (DEFUN): Remove bogus use of sizeof (struct Lisp_Subr).
159 This didn't break anything, but it didn't help either.
160 It's confusing to put a bogus integer in a place where the actual
161 value does not matter.
162 (LIST_END_P): Remove unused macro and its bogus comment.
163 (make_fixnum_or_float): Remove unnecessary cast to EMACS_INT.
164
165 * lisp.h (union Lisp_Object.i): EMACS_INT, not EMACS_UINT.
166 This is for consistency with the ordinary, non-USE_LISP_UNION_TYPE,
167 implementation.
168 (struct Lisp_Bool_Vector.size): EMACS_INT, not EMACS_UINT.
169 We prefer signed types, and the value cannot exceed the EMACS_INT
170 range anyway (because otherwise the length would not be representable).
171 (XSET) [USE_LISP_UNION_TYPE]: Use uintptr_t and intptr_t,
172 not EMACS_UINT and EMACS_INT, when converting pointer to integer.
173 This avoids a GCC warning when WIDE_EMACS_INT.
174
175 * indent.c (sane_tab_width): New function.
176 (current_column, scan_for_column, Findent_to, position_indentation)
177 (compute_motion): Use it. This is just for clarity.
178 (Fcompute_motion): Don't assume hscroll and tab offset fit in int.
179
180 * image.c (xbm_image_p): Don't assume stated width, height fit in int.
181
182 * lisp.h (lint_assume): New macro.
183 * composite.c (composition_gstring_put_cache):
184 * ftfont.c (ftfont_shape_by_flt): Use it to pacify GCC 4.6.0.
185
186 * editfns.c, insdel.c:
187 Omit unnecessary forward decls, to simplify future changes.
188
189 * ftfont.c (ftfont_shape_by_flt): Use signed integers for lengths.
190
191 * font.c (Ffont_shape_gstring): Don't assume glyph len fits in 'int'.
192
193 * fns.c (Ffillarray): Don't assume bool vector size fits in 'int'.
194 Use much-faster test for byte-length change.
195 Don't assume string byte-length fits in 'int'.
196 Check that character arg fits in 'int'.
197 (mapcar1): Declare byte as byte, for clarity.
198
199 * alloc.c (Fmake_bool_vector): Avoid unnecessary multiplication.
200
201 * fns.c (concat): Catch string overflow earlier.
202 Do not rely on integer wraparound.
203
204 * dispextern.h (struct it.overlay_strings_charpos)
205 (struct it.selective): Now EMACS_INT, not int.
206 * xdisp.c (forward_to_next_line_start)
207 (back_to_previous_visible_line_start)
208 (reseat_at_next_visible_line_start, next_element_from_buffer):
209 Don't arbitrarily truncate the value of 'selective' to int.
210
211 * xdisp.c (init_iterator): Use XINT, not XFASTINT; it might be < 0.
212
213 * composite.c: Don't truncate sizes to 'int'.
214 (composition_gstring_p, composition_reseat_it)
215 (composition_adjust_point): Use EMACS_INT, not int.
216 (get_composition_id, composition_gstring_put_cache): Use EMACS_INT,
217 not EMACS_UINT, for indexes.
218
219 * category.h (CATEGORY_SET_P): Remove unnecessary cast to EMACS_INT.
220
221 * buffer.c: Include <verify.h>.
222 (struct sortvec.priority, struct sortstr.priority):
223 Now EMACS_INT, not int.
224 (compare_overlays, cmp_for_strings): Avoid subtraction overflow.
225 (struct sortstr.size, record_overlay_string)
226 (struct sortstrlist.size, struct sortlist.used):
227 Don't truncate size to int.
228 (record_overlay_string): Check for size-calculation overflow.
229 (init_buffer_once): Check at compile-time, not run-time.
230
2312011-06-22 Jim Meyering <meyering@redhat.com>
232
233 don't leak an XBM-image-sized buffer
234 * image.c (xbm_load): Free the image buffer after using it.
235
2362011-06-21 Paul Eggert <eggert@cs.ucla.edu>
237
238 Port to Sun C.
239 * composite.c (find_automatic_composition): Omit needless 'return 0;'
240 that Sun C diagnosed.
241 * fns.c (secure_hash): Fix pointer signedness issue.
242 * intervals.c (static_offset_intervals): New function.
243 (offset_intervals): Use it.
244
2452011-06-21 Leo Liu <sdl.web@gmail.com>
246
247 * deps.mk (fns.o):
248 * makefile.w32-in ($(BLD)/fns.$(O)): Include sha256.h and
249 sha512.h.
250
251 * fns.c (secure_hash): Rename from crypto_hash_function and change
252 the first arg to accept symbols.
253 (Fsecure_hash): New primtive.
254 (syms_of_fns): New symbols.
255
2562011-06-20 Deniz Dogan <deniz@dogan.se>
257
258 * process.c (Fset_process_buffer): Clarify return value in
259 docstring.
260
2612011-06-18 Chong Yidong <cyd@stupidchicken.com>
262
263 * dispnew.c (add_window_display_history): Use BVAR.
264
265 * xdisp.c (debug_method_add): Use BVAR.
266 (check_window_end, dump_glyph_matrix, dump_glyph)
267 (dump_glyph_row, dump_glyph_string): Convert arglist to ANSI C.
268
269 * xfaces.c (check_lface_attrs, check_lface, dump_realized_face):
270 Likewise.
271
272 * xfns.c (Fx_create_frame, x_create_tip_frame): Delay image cache
273 check till after the cache is created in init_frame_faces.
274
2752011-06-17 Stefan Monnier <monnier@iro.umontreal.ca>
276
277 * fns.c (Fsafe_length): Yet another int/Lisp_Object mixup.
278
2792011-06-16 Paul Eggert <eggert@cs.ucla.edu>
280
281 * lisp.h: Include <limits.h>, for INT_MAX, LONG_MAX, LLONG_MAX.
282 Without this, prin1 mishandles Lisp_Misc_Save_Value printing on
283 hosts with pre-C99 libraries, because pD is wrongly defined to "t".
284
285 Improve buffer-overflow checking (Bug#8873).
286 * fileio.c (Finsert_file_contents):
287 * insdel.c (insert_from_buffer_1, replace_range, replace_range_2):
288 Remove the old (too-loose) buffer overflow checks.
289 They weren't needed, since make_gap checks for buffer overflow.
290 * insdel.c (make_gap_larger): Catch buffer overflows that were missed.
291 The old code merely checked for Emacs fixnum overflow, and relied
292 on undefined (wraparound) behavior. The new code avoids undefined
293 behavior, and also checks for ptrdiff_t and/or size_t overflow.
294
295 * editfns.c (Finsert_char): Don't dump core with very negative counts.
296 Tune. Don't use wider integers than needed. Don't use alloca.
297 Use a bigger 'string' buffer. Rewrite to avoid 'n > 0' test.
298
299 * insdel.c (replace_range): Fix buf overflow when insbytes < outgoing.
300
301 * insdel.c, lisp.h (buffer_overflow): New function.
302 (insert_from_buffer_1, replace_range, replace_range_2):
303 * insdel.c (make_gap_larger):
304 * editfns.c (Finsert_char):
305 * fileio.c (Finsert_file_contents): Use it, to normalize wording.
306
307 * buffer.h (BUF_BYTES_MAX): Cast to ptrdiff_t so that it's signed.
308
12011-06-15 Paul Eggert <eggert@cs.ucla.edu> 3092011-06-15 Paul Eggert <eggert@cs.ucla.edu>
2 310
3 Integer overflow and signedness fixes (Bug#8873). 311 Integer overflow and signedness fixes (Bug#8873).
@@ -1315,7 +1623,7 @@
13152011-05-18 Christoph Scholtes <cschol2112@googlemail.com> 16232011-05-18 Christoph Scholtes <cschol2112@googlemail.com>
1316 1624
1317 * menu.c: Include limits.h (fixes the MS-Windows build broken by 1625 * menu.c: Include limits.h (fixes the MS-Windows build broken by
1318 revision 104625). 1626 2011-06-18T18:49:19Z!cyd@stupidchicken.com).
1319 1627
13202011-05-18 Paul Eggert <eggert@cs.ucla.edu> 16282011-05-18 Paul Eggert <eggert@cs.ucla.edu>
1321 1629