aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPaul Eggert2011-07-28 16:58:05 -0700
committerPaul Eggert2011-07-28 16:58:05 -0700
commit0eb0f3187d46ec0efdfc1df38565c160c759ecb2 (patch)
tree2f87e3fc4534e20652a07cd897d3e55c5819c247 /src
parent1ffd9c92ea38e078ec6cde6277c7ce88895212df (diff)
downloademacs-0eb0f3187d46ec0efdfc1df38565c160c759ecb2.tar.gz
emacs-0eb0f3187d46ec0efdfc1df38565c160c759ecb2.zip
* gtkutil.c: Integer overflow fixes.
(get_utf8_string, xg_store_widget_in_map): Check for size-calculation overflow. (get_utf8_string): Use ptrdiff_t, not size_t, where either will do, as we prefer signed integers. (id_to_widget.max_size, id_to_widget.used) (xg_store_widget_in_map, xg_remove_widget_from_map) (xg_get_widget_from_map, xg_get_scroll_id_for_window) (xg_remove_scroll_bar, xg_update_scrollbar_pos): Use and return ptrdiff_t, not int. (xg_gtk_scroll_destroy): Don't assume ptrdiff_t fits in int. * gtkutil.h: Change prototypes to match the above.
Diffstat (limited to 'src')
-rw-r--r--src/ChangeLog13
-rw-r--r--src/gtkutil.c37
-rw-r--r--src/gtkutil.h7
3 files changed, 39 insertions, 18 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 84d7bf4cb48..b984072c6eb 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,18 @@
12011-07-28 Paul Eggert <eggert@cs.ucla.edu> 12011-07-28 Paul Eggert <eggert@cs.ucla.edu>
2 2
3 * gtkutil.c: Integer overflow fixes.
4 (get_utf8_string, xg_store_widget_in_map):
5 Check for size-calculation overflow.
6 (get_utf8_string): Use ptrdiff_t, not size_t, where either will
7 do, as we prefer signed integers.
8 (id_to_widget.max_size, id_to_widget.used)
9 (xg_store_widget_in_map, xg_remove_widget_from_map)
10 (xg_get_widget_from_map, xg_get_scroll_id_for_window)
11 (xg_remove_scroll_bar, xg_update_scrollbar_pos):
12 Use and return ptrdiff_t, not int.
13 (xg_gtk_scroll_destroy): Don't assume ptrdiff_t fits in int.
14 * gtkutil.h: Change prototypes to match the above.
15
3 * ftfont.c: Check for size overflow. 16 * ftfont.c: Check for size overflow.
4 (ftfont_get_open_type_spec, setup_otf_gstring, ftfont_shape_by_flt): 17 (ftfont_get_open_type_spec, setup_otf_gstring, ftfont_shape_by_flt):
5 Check for integer overflow in size calculations. 18 Check for integer overflow in size calculations.
diff --git a/src/gtkutil.c b/src/gtkutil.c
index 70bc18a75ff..f56e888e685 100644
--- a/src/gtkutil.c
+++ b/src/gtkutil.c
@@ -487,7 +487,8 @@ get_utf8_string (const char *str)
487 if (!utf8_str) 487 if (!utf8_str)
488 { 488 {
489 /* Probably some control characters in str. Escape them. */ 489 /* Probably some control characters in str. Escape them. */
490 size_t nr_bad = 0; 490 ptrdiff_t len;
491 ptrdiff_t nr_bad = 0;
491 gsize bytes_read; 492 gsize bytes_read;
492 gsize bytes_written; 493 gsize bytes_written;
493 unsigned char *p = (unsigned char *)str; 494 unsigned char *p = (unsigned char *)str;
@@ -511,7 +512,10 @@ get_utf8_string (const char *str)
511 } 512 }
512 if (cp) g_free (cp); 513 if (cp) g_free (cp);
513 514
514 up = utf8_str = xmalloc (strlen (str) + nr_bad * 4 + 1); 515 len = strlen (str);
516 if ((min (PTRDIFF_MAX, SIZE_MAX) - len - 1) / 4 < nr_bad)
517 memory_full (SIZE_MAX);
518 up = utf8_str = xmalloc (len + nr_bad * 4 + 1);
515 p = (unsigned char *)str; 519 p = (unsigned char *)str;
516 520
517 while (! (cp = g_locale_to_utf8 ((char *)p, -1, &bytes_read, 521 while (! (cp = g_locale_to_utf8 ((char *)p, -1, &bytes_read,
@@ -3296,8 +3300,8 @@ static int scroll_bar_width_for_theme;
3296static struct 3300static struct
3297{ 3301{
3298 GtkWidget **widgets; 3302 GtkWidget **widgets;
3299 int max_size; 3303 ptrdiff_t max_size;
3300 int used; 3304 ptrdiff_t used;
3301} id_to_widget; 3305} id_to_widget;
3302 3306
3303/* Grow this much every time we need to allocate more */ 3307/* Grow this much every time we need to allocate more */
@@ -3306,15 +3310,20 @@ static struct
3306 3310
3307/* Store the widget pointer W in id_to_widget and return the integer index. */ 3311/* Store the widget pointer W in id_to_widget and return the integer index. */
3308 3312
3309static int 3313static ptrdiff_t
3310xg_store_widget_in_map (GtkWidget *w) 3314xg_store_widget_in_map (GtkWidget *w)
3311{ 3315{
3312 int i; 3316 ptrdiff_t i;
3313 3317
3314 if (id_to_widget.max_size == id_to_widget.used) 3318 if (id_to_widget.max_size == id_to_widget.used)
3315 { 3319 {
3316 int new_size = id_to_widget.max_size + ID_TO_WIDGET_INCR; 3320 ptrdiff_t new_size;
3321 ptrdiff_t lim = min (TYPE_MAXIMUM (Window),
3322 min (PTRDIFF_MAX, SIZE_MAX) / sizeof (GtkWidget *));
3323 if (lim - ID_TO_WIDGET_INCR < id_to_widget.max_size)
3324 memory_full (SIZE_MAX);
3317 3325
3326 new_size = id_to_widget.max_size + ID_TO_WIDGET_INCR;
3318 id_to_widget.widgets = xrealloc (id_to_widget.widgets, 3327 id_to_widget.widgets = xrealloc (id_to_widget.widgets,
3319 sizeof (GtkWidget *)*new_size); 3328 sizeof (GtkWidget *)*new_size);
3320 3329
@@ -3345,7 +3354,7 @@ xg_store_widget_in_map (GtkWidget *w)
3345 Called when scroll bar is destroyed. */ 3354 Called when scroll bar is destroyed. */
3346 3355
3347static void 3356static void
3348xg_remove_widget_from_map (int idx) 3357xg_remove_widget_from_map (ptrdiff_t idx)
3349{ 3358{
3350 if (idx < id_to_widget.max_size && id_to_widget.widgets[idx] != 0) 3359 if (idx < id_to_widget.max_size && id_to_widget.widgets[idx] != 0)
3351 { 3360 {
@@ -3357,7 +3366,7 @@ xg_remove_widget_from_map (int idx)
3357/* Get the widget pointer at IDX from id_to_widget. */ 3366/* Get the widget pointer at IDX from id_to_widget. */
3358 3367
3359static GtkWidget * 3368static GtkWidget *
3360xg_get_widget_from_map (int idx) 3369xg_get_widget_from_map (ptrdiff_t idx)
3361{ 3370{
3362 if (idx < id_to_widget.max_size && id_to_widget.widgets[idx] != 0) 3371 if (idx < id_to_widget.max_size && id_to_widget.widgets[idx] != 0)
3363 return id_to_widget.widgets[idx]; 3372 return id_to_widget.widgets[idx];
@@ -3396,10 +3405,10 @@ xg_get_default_scrollbar_width (void)
3396/* Return the scrollbar id for X Window WID on display DPY. 3405/* Return the scrollbar id for X Window WID on display DPY.
3397 Return -1 if WID not in id_to_widget. */ 3406 Return -1 if WID not in id_to_widget. */
3398 3407
3399int 3408ptrdiff_t
3400xg_get_scroll_id_for_window (Display *dpy, Window wid) 3409xg_get_scroll_id_for_window (Display *dpy, Window wid)
3401{ 3410{
3402 int idx; 3411 ptrdiff_t idx;
3403 GtkWidget *w; 3412 GtkWidget *w;
3404 3413
3405 w = xg_win_to_widget (dpy, wid); 3414 w = xg_win_to_widget (dpy, wid);
@@ -3421,7 +3430,7 @@ xg_get_scroll_id_for_window (Display *dpy, Window wid)
3421static void 3430static void
3422xg_gtk_scroll_destroy (GtkWidget *widget, gpointer data) 3431xg_gtk_scroll_destroy (GtkWidget *widget, gpointer data)
3423{ 3432{
3424 int id = (intptr_t) data; 3433 intptr_t id = (intptr_t) data;
3425 xg_remove_widget_from_map (id); 3434 xg_remove_widget_from_map (id);
3426} 3435}
3427 3436
@@ -3496,7 +3505,7 @@ xg_create_scroll_bar (FRAME_PTR f,
3496/* Remove the scroll bar represented by SCROLLBAR_ID from the frame F. */ 3505/* Remove the scroll bar represented by SCROLLBAR_ID from the frame F. */
3497 3506
3498void 3507void
3499xg_remove_scroll_bar (FRAME_PTR f, int scrollbar_id) 3508xg_remove_scroll_bar (FRAME_PTR f, ptrdiff_t scrollbar_id)
3500{ 3509{
3501 GtkWidget *w = xg_get_widget_from_map (scrollbar_id); 3510 GtkWidget *w = xg_get_widget_from_map (scrollbar_id);
3502 if (w) 3511 if (w)
@@ -3515,7 +3524,7 @@ xg_remove_scroll_bar (FRAME_PTR f, int scrollbar_id)
3515 3524
3516void 3525void
3517xg_update_scrollbar_pos (FRAME_PTR f, 3526xg_update_scrollbar_pos (FRAME_PTR f,
3518 int scrollbar_id, 3527 ptrdiff_t scrollbar_id,
3519 int top, 3528 int top,
3520 int left, 3529 int left,
3521 int width, 3530 int width,
diff --git a/src/gtkutil.h b/src/gtkutil.h
index 769e56da917..2dfb3a5ed6c 100644
--- a/src/gtkutil.h
+++ b/src/gtkutil.h
@@ -114,17 +114,17 @@ extern int xg_event_is_for_menubar (FRAME_PTR f, XEvent *event);
114 114
115extern int xg_have_tear_offs (void); 115extern int xg_have_tear_offs (void);
116 116
117extern int xg_get_scroll_id_for_window (Display *dpy, Window wid); 117extern ptrdiff_t xg_get_scroll_id_for_window (Display *dpy, Window wid);
118 118
119extern void xg_create_scroll_bar (FRAME_PTR f, 119extern void xg_create_scroll_bar (FRAME_PTR f,
120 struct scroll_bar *bar, 120 struct scroll_bar *bar,
121 GCallback scroll_callback, 121 GCallback scroll_callback,
122 GCallback end_callback, 122 GCallback end_callback,
123 const char *scroll_bar_name); 123 const char *scroll_bar_name);
124extern void xg_remove_scroll_bar (FRAME_PTR f, int scrollbar_id); 124extern void xg_remove_scroll_bar (FRAME_PTR f, ptrdiff_t scrollbar_id);
125 125
126extern void xg_update_scrollbar_pos (FRAME_PTR f, 126extern void xg_update_scrollbar_pos (FRAME_PTR f,
127 int scrollbar_id, 127 ptrdiff_t scrollbar_id,
128 int top, 128 int top,
129 int left, 129 int left,
130 int width, 130 int width,
@@ -185,4 +185,3 @@ extern int xg_ignore_gtk_scrollbar;
185 185
186#endif /* USE_GTK */ 186#endif /* USE_GTK */
187#endif /* GTKUTIL_H */ 187#endif /* GTKUTIL_H */
188
generated by cgit v1.2.1 (git 2.18.0) at 2026-01-19 16:02:50 +0000