diff options
| author | Paul Eggert | 2011-07-28 16:58:05 -0700 |
|---|---|---|
| committer | Paul Eggert | 2011-07-28 16:58:05 -0700 |
| commit | 0eb0f3187d46ec0efdfc1df38565c160c759ecb2 (patch) | |
| tree | 2f87e3fc4534e20652a07cd897d3e55c5819c247 /src/gtkutil.c | |
| parent | 1ffd9c92ea38e078ec6cde6277c7ce88895212df (diff) | |
| download | emacs-0eb0f3187d46ec0efdfc1df38565c160c759ecb2.tar.gz emacs-0eb0f3187d46ec0efdfc1df38565c160c759ecb2.zip | |
* gtkutil.c: Integer overflow fixes.
(get_utf8_string, xg_store_widget_in_map):
Check for size-calculation overflow.
(get_utf8_string): Use ptrdiff_t, not size_t, where either will
do, as we prefer signed integers.
(id_to_widget.max_size, id_to_widget.used)
(xg_store_widget_in_map, xg_remove_widget_from_map)
(xg_get_widget_from_map, xg_get_scroll_id_for_window)
(xg_remove_scroll_bar, xg_update_scrollbar_pos):
Use and return ptrdiff_t, not int.
(xg_gtk_scroll_destroy): Don't assume ptrdiff_t fits in int.
* gtkutil.h: Change prototypes to match the above.
Diffstat (limited to 'src/gtkutil.c')
| -rw-r--r-- | src/gtkutil.c | 37 |
1 files changed, 23 insertions, 14 deletions
diff --git a/src/gtkutil.c b/src/gtkutil.c index 70bc18a75ff..f56e888e685 100644 --- a/src/gtkutil.c +++ b/src/gtkutil.c | |||
| @@ -487,7 +487,8 @@ get_utf8_string (const char *str) | |||
| 487 | if (!utf8_str) | 487 | if (!utf8_str) |
| 488 | { | 488 | { |
| 489 | /* Probably some control characters in str. Escape them. */ | 489 | /* Probably some control characters in str. Escape them. */ |
| 490 | size_t nr_bad = 0; | 490 | ptrdiff_t len; |
| 491 | ptrdiff_t nr_bad = 0; | ||
| 491 | gsize bytes_read; | 492 | gsize bytes_read; |
| 492 | gsize bytes_written; | 493 | gsize bytes_written; |
| 493 | unsigned char *p = (unsigned char *)str; | 494 | unsigned char *p = (unsigned char *)str; |
| @@ -511,7 +512,10 @@ get_utf8_string (const char *str) | |||
| 511 | } | 512 | } |
| 512 | if (cp) g_free (cp); | 513 | if (cp) g_free (cp); |
| 513 | 514 | ||
| 514 | up = utf8_str = xmalloc (strlen (str) + nr_bad * 4 + 1); | 515 | len = strlen (str); |
| 516 | if ((min (PTRDIFF_MAX, SIZE_MAX) - len - 1) / 4 < nr_bad) | ||
| 517 | memory_full (SIZE_MAX); | ||
| 518 | up = utf8_str = xmalloc (len + nr_bad * 4 + 1); | ||
| 515 | p = (unsigned char *)str; | 519 | p = (unsigned char *)str; |
| 516 | 520 | ||
| 517 | while (! (cp = g_locale_to_utf8 ((char *)p, -1, &bytes_read, | 521 | while (! (cp = g_locale_to_utf8 ((char *)p, -1, &bytes_read, |
| @@ -3296,8 +3300,8 @@ static int scroll_bar_width_for_theme; | |||
| 3296 | static struct | 3300 | static struct |
| 3297 | { | 3301 | { |
| 3298 | GtkWidget **widgets; | 3302 | GtkWidget **widgets; |
| 3299 | int max_size; | 3303 | ptrdiff_t max_size; |
| 3300 | int used; | 3304 | ptrdiff_t used; |
| 3301 | } id_to_widget; | 3305 | } id_to_widget; |
| 3302 | 3306 | ||
| 3303 | /* Grow this much every time we need to allocate more */ | 3307 | /* Grow this much every time we need to allocate more */ |
| @@ -3306,15 +3310,20 @@ static struct | |||
| 3306 | 3310 | ||
| 3307 | /* Store the widget pointer W in id_to_widget and return the integer index. */ | 3311 | /* Store the widget pointer W in id_to_widget and return the integer index. */ |
| 3308 | 3312 | ||
| 3309 | static int | 3313 | static ptrdiff_t |
| 3310 | xg_store_widget_in_map (GtkWidget *w) | 3314 | xg_store_widget_in_map (GtkWidget *w) |
| 3311 | { | 3315 | { |
| 3312 | int i; | 3316 | ptrdiff_t i; |
| 3313 | 3317 | ||
| 3314 | if (id_to_widget.max_size == id_to_widget.used) | 3318 | if (id_to_widget.max_size == id_to_widget.used) |
| 3315 | { | 3319 | { |
| 3316 | int new_size = id_to_widget.max_size + ID_TO_WIDGET_INCR; | 3320 | ptrdiff_t new_size; |
| 3321 | ptrdiff_t lim = min (TYPE_MAXIMUM (Window), | ||
| 3322 | min (PTRDIFF_MAX, SIZE_MAX) / sizeof (GtkWidget *)); | ||
| 3323 | if (lim - ID_TO_WIDGET_INCR < id_to_widget.max_size) | ||
| 3324 | memory_full (SIZE_MAX); | ||
| 3317 | 3325 | ||
| 3326 | new_size = id_to_widget.max_size + ID_TO_WIDGET_INCR; | ||
| 3318 | id_to_widget.widgets = xrealloc (id_to_widget.widgets, | 3327 | id_to_widget.widgets = xrealloc (id_to_widget.widgets, |
| 3319 | sizeof (GtkWidget *)*new_size); | 3328 | sizeof (GtkWidget *)*new_size); |
| 3320 | 3329 | ||
| @@ -3345,7 +3354,7 @@ xg_store_widget_in_map (GtkWidget *w) | |||
| 3345 | Called when scroll bar is destroyed. */ | 3354 | Called when scroll bar is destroyed. */ |
| 3346 | 3355 | ||
| 3347 | static void | 3356 | static void |
| 3348 | xg_remove_widget_from_map (int idx) | 3357 | xg_remove_widget_from_map (ptrdiff_t idx) |
| 3349 | { | 3358 | { |
| 3350 | if (idx < id_to_widget.max_size && id_to_widget.widgets[idx] != 0) | 3359 | if (idx < id_to_widget.max_size && id_to_widget.widgets[idx] != 0) |
| 3351 | { | 3360 | { |
| @@ -3357,7 +3366,7 @@ xg_remove_widget_from_map (int idx) | |||
| 3357 | /* Get the widget pointer at IDX from id_to_widget. */ | 3366 | /* Get the widget pointer at IDX from id_to_widget. */ |
| 3358 | 3367 | ||
| 3359 | static GtkWidget * | 3368 | static GtkWidget * |
| 3360 | xg_get_widget_from_map (int idx) | 3369 | xg_get_widget_from_map (ptrdiff_t idx) |
| 3361 | { | 3370 | { |
| 3362 | if (idx < id_to_widget.max_size && id_to_widget.widgets[idx] != 0) | 3371 | if (idx < id_to_widget.max_size && id_to_widget.widgets[idx] != 0) |
| 3363 | return id_to_widget.widgets[idx]; | 3372 | return id_to_widget.widgets[idx]; |
| @@ -3396,10 +3405,10 @@ xg_get_default_scrollbar_width (void) | |||
| 3396 | /* Return the scrollbar id for X Window WID on display DPY. | 3405 | /* Return the scrollbar id for X Window WID on display DPY. |
| 3397 | Return -1 if WID not in id_to_widget. */ | 3406 | Return -1 if WID not in id_to_widget. */ |
| 3398 | 3407 | ||
| 3399 | int | 3408 | ptrdiff_t |
| 3400 | xg_get_scroll_id_for_window (Display *dpy, Window wid) | 3409 | xg_get_scroll_id_for_window (Display *dpy, Window wid) |
| 3401 | { | 3410 | { |
| 3402 | int idx; | 3411 | ptrdiff_t idx; |
| 3403 | GtkWidget *w; | 3412 | GtkWidget *w; |
| 3404 | 3413 | ||
| 3405 | w = xg_win_to_widget (dpy, wid); | 3414 | w = xg_win_to_widget (dpy, wid); |
| @@ -3421,7 +3430,7 @@ xg_get_scroll_id_for_window (Display *dpy, Window wid) | |||
| 3421 | static void | 3430 | static void |
| 3422 | xg_gtk_scroll_destroy (GtkWidget *widget, gpointer data) | 3431 | xg_gtk_scroll_destroy (GtkWidget *widget, gpointer data) |
| 3423 | { | 3432 | { |
| 3424 | int id = (intptr_t) data; | 3433 | intptr_t id = (intptr_t) data; |
| 3425 | xg_remove_widget_from_map (id); | 3434 | xg_remove_widget_from_map (id); |
| 3426 | } | 3435 | } |
| 3427 | 3436 | ||
| @@ -3496,7 +3505,7 @@ xg_create_scroll_bar (FRAME_PTR f, | |||
| 3496 | /* Remove the scroll bar represented by SCROLLBAR_ID from the frame F. */ | 3505 | /* Remove the scroll bar represented by SCROLLBAR_ID from the frame F. */ |
| 3497 | 3506 | ||
| 3498 | void | 3507 | void |
| 3499 | xg_remove_scroll_bar (FRAME_PTR f, int scrollbar_id) | 3508 | xg_remove_scroll_bar (FRAME_PTR f, ptrdiff_t scrollbar_id) |
| 3500 | { | 3509 | { |
| 3501 | GtkWidget *w = xg_get_widget_from_map (scrollbar_id); | 3510 | GtkWidget *w = xg_get_widget_from_map (scrollbar_id); |
| 3502 | if (w) | 3511 | if (w) |
| @@ -3515,7 +3524,7 @@ xg_remove_scroll_bar (FRAME_PTR f, int scrollbar_id) | |||
| 3515 | 3524 | ||
| 3516 | void | 3525 | void |
| 3517 | xg_update_scrollbar_pos (FRAME_PTR f, | 3526 | xg_update_scrollbar_pos (FRAME_PTR f, |
| 3518 | int scrollbar_id, | 3527 | ptrdiff_t scrollbar_id, |
| 3519 | int top, | 3528 | int top, |
| 3520 | int left, | 3529 | int left, |
| 3521 | int width, | 3530 | int width, |