diff options
| author | Paul Eggert | 2013-12-03 13:37:41 -0800 |
|---|---|---|
| committer | Paul Eggert | 2013-12-03 13:37:41 -0800 |
| commit | 2654ac09ccc5da6e2fe99e60291d4c6013958c3e (patch) | |
| tree | 68546ecbd8f180b14df3b85071a440397c6904a7 /src | |
| parent | 0b254a38fa0c852d1f7297e31b811f0d2962c81d (diff) | |
| download | emacs-2654ac09ccc5da6e2fe99e60291d4c6013958c3e.tar.gz emacs-2654ac09ccc5da6e2fe99e60291d4c6013958c3e.zip | |
Minor integer overflow fixes.
* window.c (Fset_window_new_pixel): Don't let new_pixel go negative.
This improves on the previous fix to this function.
(window_resize_check): When summing up pixel counts, don't rely on
undefined behavior if the sum overflows.
Fixes: debbugs:16033
Diffstat (limited to 'src')
| -rw-r--r-- | src/ChangeLog | 8 | ||||
| -rw-r--r-- | src/window.c | 22 |
2 files changed, 20 insertions, 10 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index bdd111f5083..44039f83d8b 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -1,3 +1,11 @@ | |||
| 1 | 2013-12-03 Paul Eggert <eggert@cs.ucla.edu> | ||
| 2 | |||
| 3 | Minor integer overflow fixes (Bug#16033). | ||
| 4 | * window.c (Fset_window_new_pixel): Don't let new_pixel go negative. | ||
| 5 | This improves on the previous fix to this function. | ||
| 6 | (window_resize_check): When summing up pixel counts, don't rely on | ||
| 7 | undefined behavior if the sum overflows. | ||
| 8 | |||
| 1 | 2013-12-03 Martin Rudalics <rudalics@gmx.at> | 9 | 2013-12-03 Martin Rudalics <rudalics@gmx.at> |
| 2 | 10 | ||
| 3 | * window.c (Fset_window_new_pixel): Don't choke at negative | 11 | * window.c (Fset_window_new_pixel): Don't choke at negative |
diff --git a/src/window.c b/src/window.c index 1ef2b4a0e38..b7d4502e3ec 100644 --- a/src/window.c +++ b/src/window.c | |||
| @@ -3646,10 +3646,8 @@ Note: This function does not operate on any child windows of WINDOW. */) | |||
| 3646 | (Lisp_Object window, Lisp_Object size, Lisp_Object add) | 3646 | (Lisp_Object window, Lisp_Object size, Lisp_Object add) |
| 3647 | { | 3647 | { |
| 3648 | struct window *w = decode_valid_window (window); | 3648 | struct window *w = decode_valid_window (window); |
| 3649 | EMACS_INT size_min = (max (INT_MIN, MOST_NEGATIVE_FIXNUM) | 3649 | EMACS_INT size_min = NILP (add) ? 0 : - XINT (w->new_pixel); |
| 3650 | + (NILP (add) ? 0 : XINT (w->new_pixel))); | 3650 | EMACS_INT size_max = size_min + min (INT_MAX, MOST_POSITIVE_FIXNUM); |
| 3651 | EMACS_INT size_max = (min (INT_MAX, MOST_POSITIVE_FIXNUM) | ||
| 3652 | - (NILP (add) ? 0 : XINT (w->new_pixel))); | ||
| 3653 | 3651 | ||
| 3654 | CHECK_RANGED_INTEGER (size, size_min, size_max); | 3652 | CHECK_RANGED_INTEGER (size, size_min, size_max); |
| 3655 | if (NILP (add)) | 3653 | if (NILP (add)) |
| @@ -3729,18 +3727,20 @@ window_resize_check (struct window *w, bool horflag) | |||
| 3729 | /* The sum of the heights of the child windows of W must equal | 3727 | /* The sum of the heights of the child windows of W must equal |
| 3730 | W's height. */ | 3728 | W's height. */ |
| 3731 | { | 3729 | { |
| 3732 | int sum_of_pixels = 0; | 3730 | int remaining_pixels = XINT (w->new_pixel); |
| 3733 | 3731 | ||
| 3734 | while (c) | 3732 | while (c) |
| 3735 | { | 3733 | { |
| 3736 | if (!window_resize_check (c, horflag)) | 3734 | if (!window_resize_check (c, horflag)) |
| 3737 | return 0; | 3735 | return 0; |
| 3738 | 3736 | ||
| 3739 | sum_of_pixels = sum_of_pixels + XINT (c->new_pixel); | 3737 | remaining_pixels -= XINT (c->new_pixel); |
| 3738 | if (remaining_pixels < 0) | ||
| 3739 | return 0; | ||
| 3740 | c = NILP (c->next) ? 0 : XWINDOW (c->next); | 3740 | c = NILP (c->next) ? 0 : XWINDOW (c->next); |
| 3741 | } | 3741 | } |
| 3742 | 3742 | ||
| 3743 | return (sum_of_pixels == XINT (w->new_pixel)); | 3743 | return remaining_pixels == 0; |
| 3744 | } | 3744 | } |
| 3745 | } | 3745 | } |
| 3746 | else if (WINDOW_HORIZONTAL_COMBINATION_P (w)) | 3746 | else if (WINDOW_HORIZONTAL_COMBINATION_P (w)) |
| @@ -3751,18 +3751,20 @@ window_resize_check (struct window *w, bool horflag) | |||
| 3751 | /* The sum of the widths of the child windows of W must equal W's | 3751 | /* The sum of the widths of the child windows of W must equal W's |
| 3752 | width. */ | 3752 | width. */ |
| 3753 | { | 3753 | { |
| 3754 | int sum_of_pixels = 0; | 3754 | int remaining_pixels = XINT (w->new_pixel); |
| 3755 | 3755 | ||
| 3756 | while (c) | 3756 | while (c) |
| 3757 | { | 3757 | { |
| 3758 | if (!window_resize_check (c, horflag)) | 3758 | if (!window_resize_check (c, horflag)) |
| 3759 | return 0; | 3759 | return 0; |
| 3760 | 3760 | ||
| 3761 | sum_of_pixels = sum_of_pixels + XINT (c->new_pixel); | 3761 | remaining_pixels -= XINT (c->new_pixel); |
| 3762 | if (remaining_pixels < 0) | ||
| 3763 | return 0; | ||
| 3762 | c = NILP (c->next) ? 0 : XWINDOW (c->next); | 3764 | c = NILP (c->next) ? 0 : XWINDOW (c->next); |
| 3763 | } | 3765 | } |
| 3764 | 3766 | ||
| 3765 | return (sum_of_pixels == XINT (w->new_pixel)); | 3767 | return remaining_pixels == 0; |
| 3766 | } | 3768 | } |
| 3767 | else | 3769 | else |
| 3768 | /* All child windows of W must have the same height as W. */ | 3770 | /* All child windows of W must have the same height as W. */ |