diff options
| author | Paul Eggert | 2011-06-14 11:57:19 -0700 |
|---|---|---|
| committer | Paul Eggert | 2011-06-14 11:57:19 -0700 |
| commit | f66c7cf8f794d6f7fd9ccb8794ffc519e4e89795 (patch) | |
| tree | 0de26b21c827049c7fa2485204ecf0e2d632b849 /src/callint.c | |
| parent | a1759b76246a21c7c07dc2ee00b8db792715104c (diff) | |
| download | emacs-f66c7cf8f794d6f7fd9ccb8794ffc519e4e89795.tar.gz emacs-f66c7cf8f794d6f7fd9ccb8794ffc519e4e89795.zip | |
Variadic C functions now count arguments with ptrdiff_t.
This partly undoes my 2011-03-30 change, which replaced int with size_t.
Back then I didn't know that the Emacs coding style prefers signed int.
Also, in the meantime I found a few more instances where arguments
were being counted with int, which may truncate counts on 64-bit
machines, or EMACS_INT, which may be unnecessarily wide.
* lisp.h (struct Lisp_Subr.function.aMANY)
(DEFUN_ARGS_MANY, internal_condition_case_n, safe_call):
Arg counts are now ptrdiff_t, not size_t.
All variadic functions and their callers changed accordingly.
(struct gcpro.nvars): Now size_t, not size_t. All uses changed.
* bytecode.c (exec_byte_code): Check maxdepth for overflow,
to avoid potential buffer overrun. Don't assume arg counts fit in 'int'.
* callint.c (Fcall_interactively): Check arg count for overflow,
to avoid potential buffer overrun. Use signed char, not 'int',
for 'varies' array, so that we needn't bother to check its size
calculation for overflow.
* editfns.c (Fformat): Use ptrdiff_t, not EMACS_INT, to count args.
* eval.c (apply_lambda):
* fns.c (Fmapconcat): Use XFASTINT, not XINT, to get args length.
(struct textprop_rec.argnum): Now ptrdiff_t, not int. All uses changed.
(mapconcat): Use ptrdiff_t, not int and EMACS_INT, to count args.
Diffstat (limited to 'src/callint.c')
| -rw-r--r-- | src/callint.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/callint.c b/src/callint.c index 29bb7ccc409..dc5e6a4c37a 100644 --- a/src/callint.c +++ b/src/callint.c | |||
| @@ -269,10 +269,9 @@ invoke it. If KEYS is omitted or nil, the return value of | |||
| 269 | /* If varies[i] > 0, the i'th argument shouldn't just have its value | 269 | /* If varies[i] > 0, the i'th argument shouldn't just have its value |
| 270 | in this call quoted in the command history. It should be | 270 | in this call quoted in the command history. It should be |
| 271 | recorded as a call to the function named callint_argfuns[varies[i]]. */ | 271 | recorded as a call to the function named callint_argfuns[varies[i]]. */ |
| 272 | int *varies; | 272 | signed char *varies; |
| 273 | 273 | ||
| 274 | register size_t i; | 274 | ptrdiff_t i, nargs; |
| 275 | size_t nargs; | ||
| 276 | int foo; | 275 | int foo; |
| 277 | char prompt1[100]; | 276 | char prompt1[100]; |
| 278 | char *tem1; | 277 | char *tem1; |
| @@ -465,9 +464,14 @@ invoke it. If KEYS is omitted or nil, the return value of | |||
| 465 | break; | 464 | break; |
| 466 | } | 465 | } |
| 467 | 466 | ||
| 467 | if (min (MOST_POSITIVE_FIXNUM, | ||
| 468 | min (PTRDIFF_MAX, SIZE_MAX) / sizeof (Lisp_Object)) | ||
| 469 | < nargs) | ||
| 470 | memory_full (SIZE_MAX); | ||
| 471 | |||
| 468 | args = (Lisp_Object *) alloca (nargs * sizeof (Lisp_Object)); | 472 | args = (Lisp_Object *) alloca (nargs * sizeof (Lisp_Object)); |
| 469 | visargs = (Lisp_Object *) alloca (nargs * sizeof (Lisp_Object)); | 473 | visargs = (Lisp_Object *) alloca (nargs * sizeof (Lisp_Object)); |
| 470 | varies = (int *) alloca (nargs * sizeof (int)); | 474 | varies = (signed char *) alloca (nargs); |
| 471 | 475 | ||
| 472 | for (i = 0; i < nargs; i++) | 476 | for (i = 0; i < nargs; i++) |
| 473 | { | 477 | { |