emacs_write: Return size_t, not ssize_t, to avoid overflow issues.

* gnutls.c, gnutls.h (emacs_gnutls_write): Return size_t, not ssize_t.
* sysdep.c, lisp.h (emacs_write): Likewise.
Without the above change, emacs_gnutls_write and emacs_write had
undefined behavior and would typically mistakenly report an error
when writing a buffer whose size exceeds SSIZE_MAX.
(emacs_read, emacs_write): Remove check for negative size, as the
Emacs source code has been audited now.
(emacs_write): Adjust to new signature, making the code look more
like that of emacs_gnutls_write.
* process.c (send_process): Adjust to the new signatures of
emacs_write and emacs_gnutls_write.  Do not attempt to store
a byte offset into an 'int'; it might overflow.

1 files changed, 13 insertions, 11 deletions

diff --git a/src/process.c b/src/process.c
index 624610069d8..2eed7b4654f 100644
--- a/src/process.c
+++ b/src/process.c
@@ -5367,6 +5367,7 @@ send_process (volatile Lisp_Object proc, const char *volatile buf,
           /* Send this batch, using one or more write calls.  */
           while (this > 0)
             {
+              size_t written = 0;
               int outfd = p->outfd;
               old_sigpipe = (void (*) (int)) signal (SIGPIPE, send_process_trap);
 #ifdef DATAGRAM_SOCKETS
@@ -5375,7 +5376,9 @@ send_process (volatile Lisp_Object proc, const char *volatile buf,
                   rv = sendto (outfd, buf, this,
                                0, datagram_address[outfd].sa,
                                datagram_address[outfd].len);
-                  if (rv < 0 && errno == EMSGSIZE)
+                  if (0 <= rv)
+                    written = rv;
+                  else if (errno == EMSGSIZE)
                     {
                       signal (SIGPIPE, old_sigpipe);
                       report_file_error ("sending datagram",
@@ -5387,12 +5390,13 @@ send_process (volatile Lisp_Object proc, const char *volatile buf,
                 {
 #ifdef HAVE_GNUTLS
                   if (XPROCESS (proc)->gnutls_p)
-                    rv = emacs_gnutls_write (outfd,
-                                             XPROCESS (proc),
-                                             buf, this);
+                    written = emacs_gnutls_write (outfd,
+                                                 XPROCESS (proc),
+                                                 buf, this);
                   else
 #endif
-                    rv = emacs_write (outfd, buf, this);
+                    written = emacs_write (outfd, buf, this);
+                  rv = (written == this ? 0 : -1);
 #ifdef ADAPTIVE_READ_BUFFERING
                   if (p->read_output_delay > 0
                       && p->adaptive_read_buffering == 1)
@@ -5419,7 +5423,7 @@ send_process (volatile Lisp_Object proc, const char *volatile buf,
                        that may allow the program
                        to finish doing output and read more.  */
                     {
-                      int offset = 0;
+                      size_t offset = 0;
 
 #ifdef BROKEN_PTY_READ_AFTER_EAGAIN
                       /* A gross hack to work around a bug in FreeBSD.
@@ -5465,16 +5469,14 @@ send_process (volatile Lisp_Object proc, const char *volatile buf,
                                                          offset);
                       else if (STRINGP (object))
                         buf = offset + SSDATA (object);
-
-                      rv = 0;
                     }
                   else
                     /* This is a real error.  */
                     report_file_error ("writing to process", Fcons (proc, Qnil));
                 }
-              buf += rv;
-              len -= rv;
-              this -= rv;
+              buf += written;
+              len -= written;
+              this -= written;
             }
         }
     }