Alphabetize the long ChangeLog entry.

author: Paul Eggert 2011-07-28 22:27:47 -0700
committer: Paul Eggert 2011-07-28 22:27:47 -0700
commit: 726e0ab18e84ce0df6b9dc1612bf4d92b9d1e52a (patch)
tree: ce82ed3ea2b79f602c3322985c490ddc03585823 /src
parent: 3256efcee3a7c3bf63e62666715455e834d19ea0 (diff)
download: emacs-726e0ab18e84ce0df6b9dc1612bf4d92b9d1e52a.tar.gz
emacs-726e0ab18e84ce0df6b9dc1612bf4d92b9d1e52a.zip
1 files changed, 186 insertions, 204 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index b005b461ed4..1796455e557 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,17 +1,188 @@
 2011-07-29  Paul Eggert  <eggert@cs.ucla.edu>
-        * xterm.c: Integer and memory overflow issues.
+        Integer and memory overflow issues.
-        (x_color_cells, handle_one_xevent, x_term_init):
+        * bidi.c (bidi_shelve_header_size): New constant.
+        (bidi_cache_ensure_space, bidi_shelve_cache): Use it.
+        (bidi_cache_ensure_space): Avoid integer overflow when allocating.
+        * buffer.c (overlays_at, overlays_in, record_overlay_string)
+        (overlay_strings):
+        Don't update size of array until after memory allocation succeeds,
+        because xmalloc/xrealloc may not return.
+        * callproc.c (child_setup): Don't assume strlen fits in int.
+        * ccl.c (Fccl_execute_on_string): Check for memory overflow.
+        Use ptrdiff_t rather than EMACS_INT where ptrdiff_t will do.
+        Redo buffer-overflow calculations to avoid integer overflow.
+        * character.c (Fstring): Check for size-calculation overflow.
+        * coding.c (produce_chars): Redo buffer-overflow calculations to avoid
+        unnecessary integer overflow.  Check for size overflow.
+        (encode_coding_object): Don't update size until xmalloc succeeds.
+        * composite.c (get_composition_id): Check for overflow in glyph
+        length calculations.
+        Integer and memory overflow fixes for display code.
+        * dispextern.h (struct glyph_pool.nglyphs): Now ptrdiff_t, not int.
+        * dispnew.c (adjust_glyph_matrix, realloc_glyph_pool)
+        (scrolling_window): Check for overflow in size calculations.
+        (line_draw_cost, realloc_glyph_pool, add_row_entry):
+        Don't assume glyph table len fits in int.
+        (struct row_entry.bucket, row_entry_pool_size, row_entry_idx)
+        (row_table_size): Now ptrdiff_t, not int.
+        (scrolling_window): Avoid overflow in size calculations.
+        Don't update size until allocation succeeds.
+        * fns.c (concat): Check for overflow in size calculations.
+        (next_almost_prime): Verify NEXT_ALMOST_PRIME_LIMIT.
+        * lisp.h (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros.
+        (NEXT_ALMOST_PRIME_LIMIT): New constant.
+        * doc.c (get_doc_string_buffer_size): Now ptrdiff_t, not int.
+        (get_doc_string): Check for size calculation overflow.
+        Don't update size until allocation succeeds.
+        (get_doc_string, Fsubstitute_command_keys): Use ptrdiff_t, not
+        EMACS_INT, where ptrdiff_t will do.
+        (Fsubstitute_command_keys): Check for string overflow.
+        * editfns.c (set_time_zone_rule): Don't assume environment length
+        fits in int.
+        (message_length): Now ptrdiff_t, not int.
+        (Fmessage_box): Don't update size until allocation succeeds.
+        Don't assume message length fits in int.
+        (Fformat): Use ptrdiff_t, not EMACS_INT, where ptrdiff_t will do.
+        * emacs.c (main, sort_args): Check for size-calculation overflow.
+        * eval.c (init_eval_once, grow_specpdl): Don't update size until
+        alloc succeeds.
+        (call_debugger, grow_specpdl): Redo calculations to avoid overflow.
+        * frame.c (set_menu_bar_lines, x_set_frame_parameters)
+        (x_set_scroll_bar_width, x_figure_window_size):
+        Check for integer overflow.
+        (x_set_alpha): Do not assume XINT fits in int.
+        * frame.h (struct frame): Use int, not EMACS_INT, where int works.
+        This is for the members text_lines, text_cols, total_lines, total_cols,
+        where the system imposes an 'int' limit.
+        * fringe.c (Fdefine_fringe_bitmap):
+        Don't update size until alloc works.
+        * ftfont.c (ftfont_get_open_type_spec, setup_otf_gstring)
+        (ftfont_shape_by_flt): Check for integer overflow in size calculations.
+        * gtkutil.c (get_utf8_string, xg_store_widget_in_map):
+        Check for size-calculation overflow.
+        (get_utf8_string): Use ptrdiff_t, not size_t, where either will
+        do, as we prefer signed integers.
+        (id_to_widget.max_size, id_to_widget.used)
+        (xg_store_widget_in_map, xg_remove_widget_from_map)
+        (xg_get_widget_from_map, xg_get_scroll_id_for_window)
+        (xg_remove_scroll_bar, xg_update_scrollbar_pos):
+        Use and return ptrdiff_t, not int.
+        (xg_gtk_scroll_destroy): Don't assume ptrdiff_t fits in int.
+        * gtkutil.h: Change prototypes to match the above.
+        * image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): Remove; these
+        are duplicate now that they've been promoted to lisp.h.
+        (x_allocate_bitmap_record, x_alloc_image_color)
+        (make_image_cache, cache_image, xpm_load):
+        Don't update size until alloc is done.
+        (xpm_load, lookup_rgb_color, lookup_pixel_color, x_to_xcolors)
+        (x_detect_edges):
        Check for size calculation overflow.
-        (x_color_cells): Don't store size until memory allocation succeeds.
+        (ct_colors_allocated_max): New constant.
-        (handle_one_xevent): Use ptrdiff_t, not int, for byte counts.
+        (x_to_xcolors, x_detect_edges): Reorder multiplicands to avoid
-        (x_term_init): Don't assume length fits in int (sprintf is limited
+        overflow.
-        to int size).
-        * xsmfns.c (smc_save_yourself_CB): Check for size calc overflow.
+        * keyboard.c (read_char, menu_bar_items, tool_bar_items)
+        (read_char_x_menu_prompt, read_char_minibuf_menu_width)
+        (read_char_minibuf_menu_prompt, follow_key, read_key_sequence):
+        Use ptrdiff_t, not int, to count maps.
+        (read_char_minibuf_menu_prompt): Check for overflow in size
+        calculations.  Don't update size until allocation succeeds.  Redo
+        calculations to avoid overflow.
+        * keyboard.h: Change prototypes to match the above.
+        * keymap.c (cmm_size, current_minor_maps): Use ptrdiff_t, not int,
+        to count maps.
+        (current_minor_maps): Check for size calculation overflow.
+        * keymap.h: Change prototypes to match the above.
+        * lread.c (read1, init_obarray): Don't update size until alloc done.
+        * macros.c (Fstart_kbd_macro): Don't update size until alloc done.
+        (store_kbd_macro_char): Reorder multiplicands to avoid overflow.
+        * minibuf.c (read_minibuf_noninteractive): Don't leak memory
+        on memory overflow.
+        * nsterm.h (struct ns_color_table.size, struct ns_color_table.avail):
+        Now ptrdiff_t, not int.
+        * nsterm.m (ns_index_color): Use ptrdiff_t, not int, for table indexes.
+        (ns_draw_fringe_bitmap): Rewrite to avoid overflow.
+        * process.c (Fnetwork_interface_list): Check for overflow
+        in size calculation.
+        * region-cache.c (move_cache_gap): Check for size calculation overflow.
+        * scroll.c (do_line_insertion_deletion_costs): Check for size calc
+        overflow.  Don't bother calling xmalloc when xrealloc will do.
+        * search.c (Freplace_match): Check for size calculation overflow.
+        (Fset_match_data): Don't assume list lengths fit in 'int'.
+        * sysdep.c (system_process_attributes): Use ptrdiff_t, not int,
+        for command line length.  Do not attempt to address one before the
+        beginning of an array, as that's not portable.
+        * term.c (max_frame_lines): Remove; unused.
+        (encode_terminal_src_size, encode_terminal_dst_size): Now ptrdiff_t,
+        not int.
+        (encode_terminal_code, calculate_costs): Check for size
+        calculation overflow.
+        (encode_terminal_code): Use ptrdiff_t, not int, to record glyph
+        table lengths and related sizes.  Don't update size until alloc
+        done.  Redo calculations to avoid overflow.
+        (calculate_costs): Don't bother calling xmalloc when xrealloc will do.
+        * termcap.c (tgetent): Use ptrdiff_t, not int, to record results of
+        subtracting pointers.
+        (gobble_line): Check for overflow more carefully.  Don't update size
+        until alloc done.
+        * tparam.c (tparam1): Use ptrdiff_t, not int, for sizes.
+        Don't update size until alloc done.
+        Redo size calculations to avoid overflow.
+        Check for size calculation overflow.
+        * xdisp.c (store_mode_line_noprop_char, x_consider_frame_title):
+        Use ptrdiff_t, not int, for sizes.
+        (store_mode_line_noprop_char): Don't update size until alloc done.
+        * xfaces.c (Finternal_make_lisp_face): Use ptrdiff_t, not int, for
+        sizes.  Check for size calculation overflow.
+        (cache_face): Do not overflow in size calculation.
+        * xfns.c (x_encode_text, x_set_name_internal)
+        (Fx_change_window_property): Use ptrdiff_t, not int, to count
+        sizes, since they can exceed INT_MAX in size.  Check for size
+        calculation overflow.
+        * xgselect.c (xg_select): Check for size calculation overflow.
+        Don't update size until alloc done.
+        * xrdb.c (magic_file_p): Plug memory leak on size overflow.
+        (get_environ_db): Don't assume path length fits in int,
+        as sprintf is limited to int lengths.
-        * xselect.c: Integer and memory overflow issues.
+        * xselect.c (X_LONG_SIZE, X_USHRT_MAX, X_ULONG_MAX): New macros.
-        (X_LONG_SIZE, X_USHRT_MAX, X_ULONG_MAX): New macros.
        Use them to make the following changes clearer.
        (MAX_SELECTION_QUANTUM): Make the other bounds on this value clearer.
        This change doesn't affect the value now, but it may help remind
@@ -56,203 +227,14 @@
        a wider type due to X limits.
        (x_handle_dnd_message): Use unsigned int, to avoid int overflow.
-        * xrdb.c: Integer and memory overflow issues.
+        * xsmfns.c (smc_save_yourself_CB): Check for size calc overflow.
-        (magic_file_p): Plug memory leak on size overflow.
-        (get_environ_db): Don't assume path length fits in int,
-        as sprintf is limited to int lengths.
-        * xgselect.c (xg_select): Check for size calculation overflow.
-        Don't update size until alloc done.
-        * xfns.c: Integer and memory overflow fixes.
-        (x_encode_text, x_set_name_internal, Fx_change_window_property):
-        Use ptrdiff_t, not int, to count sizes, since they can exceed
-        INT_MAX in size.  Check for size calculation overflow.
-        * xfaces.c: Integer and memory overflow fixes.
-        (Finternal_make_lisp_face): Use ptrdiff_t, not int, for sizes.
-        Check for size calculation overflow.
-        (cache_face): Do not overflow in size calculation.
-        * xdisp.c: Integer and memory overflow fixes.
-        (store_mode_line_noprop_char, x_consider_frame_title):
-        Use ptrdiff_t, not int, for sizes.
-        (store_mode_line_noprop_char): Don't update size until alloc done.
-        * tparam.c: Integer and memory overflow fixes.
-        (tparam1): Use ptrdiff_t, not int, for sizes.
-        Don't update size until alloc done.
-        Redo size calculations to avoid overflow.
-        Check for size calculation overflow.
-        * termcap.c: Integer and memory overflow issues.
-        (tgetent): Use ptrdiff_t, not int, to record results of
-        subtracting pointers.
-        (gobble_line): Check for overflow more carefully.  Don't update size
-        until alloc done.
-        * term.c: Integer and memory overflow issues.
-        (max_frame_lines): Remove; unused.
-        (encode_terminal_src_size, encode_terminal_dst_size): Now ptrdiff_t,
-        not int.
-        (encode_terminal_code, calculate_costs): Check for size
-        calculation overflow.
-        (encode_terminal_code): Use ptrdiff_t, not int, to record glyph
-        table lengths and related sizes.  Don't update size until alloc
-        done.  Redo calculations to avoid overflow.
-        (calculate_costs): Don't bother calling xmalloc when xrealloc will do.
-        * sysdep.c: Integer and memory overflow issues.
-        (system_process_attributes): Use ptrdiff_t, not int, for command
-        line length.  Do not attempt to address one before the beginning
-        of an array, as that's not portable.
-        * search.c: Integer and memory overflow fixes.
-        (Freplace_match): Check for size calculation overflow.
-        (Fset_match_data): Don't assume list lengths fit in 'int'.
-        * scroll.c: Integer and memory overflow fixes.
-        (do_line_insertion_deletion_costs): Check for size calculation overflow.
-        Don't bother calling xmalloc when xrealloc will do.
-        * region-cache.c (move_cache_gap): Check for size calculation overflow.
-        * process.c (Fnetwork_interface_list): Check for overflow
-        in size calculation.
-        * nsterm.h (struct ns_color_table.size, struct ns_color_table.avail):
-        Now ptrdiff_t, not int.
-        * nsterm.m (ns_index_color): Use ptrdiff_t, not int, for table indexes.
-        (ns_draw_fringe_bitmap): Rewrite to avoid overflow.
-        * minibuf.c (read_minibuf_noninteractive): Don't leak memory
-        on memory overflow.
-        * macros.c: Integer and memory overflow fixes.
-        (Fstart_kbd_macro): Don't update size until alloc done.
-        (store_kbd_macro_char): Reorder multiplicands to avoid overflow.
-        * lread.c (read1, init_obarray): Don't update size until alloc done.
-        * keymap.c: Integer overflow fixes.
-        (cmm_size, current_minor_maps): Use ptrdiff_t, not int, to count maps.
-        (current_minor_maps): Check for size calculation overflow.
-        * keymap.h: Change prototypes to match the above.
-        * keyboard.c: Integer and memory overflow fixes.
-        (read_char, menu_bar_items, tool_bar_items, read_char_x_menu_prompt)
-        (read_char_minibuf_menu_width, read_char_minibuf_menu_prompt)
-        (follow_key, read_key_sequence): Use ptrdiff_t, not int, to count maps.
-        (read_char_minibuf_menu_prompt): Check for overflow in size
-        calculations.  Don't update size until allocation succeeds.  Redo
-        calculations to avoid overflow.
-        * keyboard.h: Change prototypes to match the above.
-        * image.c: Integer and memory overflow fixes.
+        * xterm.c (x_color_cells, handle_one_xevent, x_term_init):
-        (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): Remove; these are duplicate
-        now that they've been promoted to lisp.h.
-        (x_allocate_bitmap_record, x_alloc_image_color)
-        (make_image_cache, cache_image, xpm_load):
-        Don't update size until alloc is done.
-        (xpm_load, lookup_rgb_color, lookup_pixel_color, x_to_xcolors)
-        (x_detect_edges):
        Check for size calculation overflow.
-        (ct_colors_allocated_max): New constant.
+        (x_color_cells): Don't store size until memory allocation succeeds.
-        (x_to_xcolors, x_detect_edges): Reorder multiplicands to avoid
+        (handle_one_xevent): Use ptrdiff_t, not int, for byte counts.
-        overflow.
+        (x_term_init): Don't assume length fits in int (sprintf is limited
+        to int size).
-2011-07-28  Paul Eggert  <eggert@cs.ucla.edu>
-        * gtkutil.c: Integer overflow fixes.
-        (get_utf8_string, xg_store_widget_in_map):
-        Check for size-calculation overflow.
-        (get_utf8_string): Use ptrdiff_t, not size_t, where either will
-        do, as we prefer signed integers.
-        (id_to_widget.max_size, id_to_widget.used)
-        (xg_store_widget_in_map, xg_remove_widget_from_map)
-        (xg_get_widget_from_map, xg_get_scroll_id_for_window)
-        (xg_remove_scroll_bar, xg_update_scrollbar_pos):
-        Use and return ptrdiff_t, not int.
-        (xg_gtk_scroll_destroy): Don't assume ptrdiff_t fits in int.
-        * gtkutil.h: Change prototypes to match the above.
-        * ftfont.c: Check for size overflow.
-        (ftfont_get_open_type_spec, setup_otf_gstring, ftfont_shape_by_flt):
-        Check for integer overflow in size calculations.
-        * fringe.c (Fdefine_fringe_bitmap): Don't update size until alloc works.
-        * frame.h (struct frame): Use int, not EMACS_INT, where int works.
-        This is for the members text_lines, text_cols, total_lines, total_cols,
-        where the system imposes an 'int' limit.
-        * frame.c: Integer overflow fixes.
-        (set_menu_bar_lines, x_set_frame_parameters, x_set_scroll_bar_width)
-        (x_figure_window_size): Check for integer overflow.
-        (x_set_alpha): Do not assume XINT fits in int.
-        * eval.c: Integer and memory overflow fixes.
-        (init_eval_once, grow_specpdl): Don't update size until alloc succeeds.
-        (call_debugger, grow_specpdl): Redo calculations to avoid overflow.
-        * emacs.c (main, sort_args): Check for size-calculation overflow.
-        * editfns.c: Integer and memory overflow fixes.
-        (set_time_zone_rule): Don't assume environment length fits in int.
-        (message_length): Now ptrdiff_t, not int.
-        (Fmessage_box): Don't update size until allocation succeeds.
-        Don't assume message length fits in int.
-        (Fformat): Use ptrdiff_t, not EMACS_INT, where ptrdiff_t will do.
-        * doc.c: Integer and memory overflow fixes.
-        (get_doc_string_buffer_size): Now ptrdiff_t, not int.
-        (get_doc_string): Check for size calculation overflow.
-        Don't update size until allocation succeeds.
-        (get_doc_string, Fsubstitute_command_keys): Use ptrdiff_t, not
-        EMACS_INT, where ptrdiff_t will do.
-        (Fsubstitute_command_keys): Check for string overflow.
-        Integer and memory overflow fixes for display code.
-        * dispextern.h (struct glyph_pool.nglyphs): Now ptrdiff_t, not int.
-        * dispnew.c (adjust_glyph_matrix, realloc_glyph_pool, scrolling_window):
-        Check for overflow in size calculations.
-        (line_draw_cost, realloc_glyph_pool, add_row_entry):
-        Don't assume glyph table len fits in int.
-        (struct row_entry.bucket, row_entry_pool_size, row_entry_idx)
-        (row_table_size): Now ptrdiff_t, not int.
-        (scrolling_window): Avoid overflow in size calculations.
-        Don't update size until allocation succeeds.
-        * fns.c (concat): Check for overflow in size calculations.
-        (next_almost_prime): Verify NEXT_ALMOST_PRIME_LIMIT.
-        * lisp.h (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros.
-        (NEXT_ALMOST_PRIME_LIMIT): New constant.
-        * composite.c: Integer overflow fixes.
-        (get_composition_id): Check for overflow in glyph length calculations.
-        * coding.c: Integer and memory overflow fixes.
-        (produce_chars): Redo buffer-overflow calculations to avoid
-        unnecessary integer overflow.  Check for size overflow.
-        (encode_coding_object): Don't update size until xmalloc succeeds.
-        * character.c (Fstring): Check for size-calculation overflow.
-        * ccl.c: Integer and memory overflow fixes.
-        (Fccl_execute_on_string): Check for memory overflow.
-        Use ptrdiff_t rather than EMACS_INT where ptrdiff_t will do.
-        Redo buffer-overflow calculations to avoid integer overflow.
-        * callproc.c (child_setup): Don't assume strlen fits in int.
-        * buffer.c: Memory overflow fixes.
-        (overlays_at, overlays_in, record_overlay_string, overlay_strings):
-        Don't update size of array until after memory allocation succeeds,
-        because xmalloc/xrealloc may not return.
-        * bidi.c: Integer overflow fix.
-        (bidi_shelve_header_size): New constant.
-        (bidi_cache_ensure_space, bidi_shelve_cache): Use it.
-        (bidi_cache_ensure_space): Avoid integer overflow when allocating.
 2011-07-19  Paul Eggert  <eggert@cs.ucla.edu>
author	Paul Eggert	2011-07-28 22:27:47 -0700
committer	Paul Eggert	2011-07-28 22:27:47 -0700
commit	726e0ab18e84ce0df6b9dc1612bf4d92b9d1e52a (patch)
tree	ce82ed3ea2b79f602c3322985c490ddc03585823 /src
parent	3256efcee3a7c3bf63e62666715455e834d19ea0 (diff)
download	emacs-726e0ab18e84ce0df6b9dc1612bf4d92b9d1e52a.tar.gz emacs-726e0ab18e84ce0df6b9dc1612bf4d92b9d1e52a.zip

diff --git a/src/ChangeLog b/src/ChangeLog index b005b461ed4..1796455e557 100644 --- a/src/ChangeLog +++ b/src/ChangeLog
@@ -1,17 +1,188 @@
1	2011-07-29 Paul Eggert <eggert@cs.ucla.edu>	1	2011-07-29 Paul Eggert <eggert@cs.ucla.edu>
2		2
3	* xterm.c: Integer and memory overflow issues.	3	Integer and memory overflow issues.
4	(x_color_cells, handle_one_xevent, x_term_init):	4
		5	* bidi.c (bidi_shelve_header_size): New constant.
		6	(bidi_cache_ensure_space, bidi_shelve_cache): Use it.
		7	(bidi_cache_ensure_space): Avoid integer overflow when allocating.
		8
		9	* buffer.c (overlays_at, overlays_in, record_overlay_string)
		10	(overlay_strings):
		11	Don't update size of array until after memory allocation succeeds,
		12	because xmalloc/xrealloc may not return.
		13
		14	* callproc.c (child_setup): Don't assume strlen fits in int.
		15
		16	* ccl.c (Fccl_execute_on_string): Check for memory overflow.
		17	Use ptrdiff_t rather than EMACS_INT where ptrdiff_t will do.
		18	Redo buffer-overflow calculations to avoid integer overflow.
		19
		20	* character.c (Fstring): Check for size-calculation overflow.
		21
		22	* coding.c (produce_chars): Redo buffer-overflow calculations to avoid
		23	unnecessary integer overflow. Check for size overflow.
		24	(encode_coding_object): Don't update size until xmalloc succeeds.
		25
		26	* composite.c (get_composition_id): Check for overflow in glyph
		27	length calculations.
		28
		29	Integer and memory overflow fixes for display code.
		30	* dispextern.h (struct glyph_pool.nglyphs): Now ptrdiff_t, not int.
		31	* dispnew.c (adjust_glyph_matrix, realloc_glyph_pool)
		32	(scrolling_window): Check for overflow in size calculations.
		33	(line_draw_cost, realloc_glyph_pool, add_row_entry):
		34	Don't assume glyph table len fits in int.
		35	(struct row_entry.bucket, row_entry_pool_size, row_entry_idx)
		36	(row_table_size): Now ptrdiff_t, not int.
		37	(scrolling_window): Avoid overflow in size calculations.
		38	Don't update size until allocation succeeds.
		39	* fns.c (concat): Check for overflow in size calculations.
		40	(next_almost_prime): Verify NEXT_ALMOST_PRIME_LIMIT.
		41	* lisp.h (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros.
		42	(NEXT_ALMOST_PRIME_LIMIT): New constant.
		43
		44	* doc.c (get_doc_string_buffer_size): Now ptrdiff_t, not int.
		45	(get_doc_string): Check for size calculation overflow.
		46	Don't update size until allocation succeeds.
		47	(get_doc_string, Fsubstitute_command_keys): Use ptrdiff_t, not
		48	EMACS_INT, where ptrdiff_t will do.
		49	(Fsubstitute_command_keys): Check for string overflow.
		50
		51	* editfns.c (set_time_zone_rule): Don't assume environment length
		52	fits in int.
		53	(message_length): Now ptrdiff_t, not int.
		54	(Fmessage_box): Don't update size until allocation succeeds.
		55	Don't assume message length fits in int.
		56	(Fformat): Use ptrdiff_t, not EMACS_INT, where ptrdiff_t will do.
		57
		58	* emacs.c (main, sort_args): Check for size-calculation overflow.
		59
		60	* eval.c (init_eval_once, grow_specpdl): Don't update size until
		61	alloc succeeds.
		62	(call_debugger, grow_specpdl): Redo calculations to avoid overflow.
		63
		64	* frame.c (set_menu_bar_lines, x_set_frame_parameters)
		65	(x_set_scroll_bar_width, x_figure_window_size):
		66	Check for integer overflow.
		67	(x_set_alpha): Do not assume XINT fits in int.
		68
		69	* frame.h (struct frame): Use int, not EMACS_INT, where int works.
		70	This is for the members text_lines, text_cols, total_lines, total_cols,
		71	where the system imposes an 'int' limit.
		72
		73	* fringe.c (Fdefine_fringe_bitmap):
		74	Don't update size until alloc works.
		75
		76	* ftfont.c (ftfont_get_open_type_spec, setup_otf_gstring)
		77	(ftfont_shape_by_flt): Check for integer overflow in size calculations.
		78
		79	* gtkutil.c (get_utf8_string, xg_store_widget_in_map):
		80	Check for size-calculation overflow.
		81	(get_utf8_string): Use ptrdiff_t, not size_t, where either will
		82	do, as we prefer signed integers.
		83	(id_to_widget.max_size, id_to_widget.used)
		84	(xg_store_widget_in_map, xg_remove_widget_from_map)
		85	(xg_get_widget_from_map, xg_get_scroll_id_for_window)
		86	(xg_remove_scroll_bar, xg_update_scrollbar_pos):
		87	Use and return ptrdiff_t, not int.
		88	(xg_gtk_scroll_destroy): Don't assume ptrdiff_t fits in int.
		89	* gtkutil.h: Change prototypes to match the above.
		90
		91	* image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): Remove; these
		92	are duplicate now that they've been promoted to lisp.h.
		93	(x_allocate_bitmap_record, x_alloc_image_color)
		94	(make_image_cache, cache_image, xpm_load):
		95	Don't update size until alloc is done.
		96	(xpm_load, lookup_rgb_color, lookup_pixel_color, x_to_xcolors)
		97	(x_detect_edges):
5	Check for size calculation overflow.	98	Check for size calculation overflow.
6	(x_color_cells): Don't store size until memory allocation succeeds.	99	(ct_colors_allocated_max): New constant.
7	(handle_one_xevent): Use ptrdiff_t, not int, for byte counts.	100	(x_to_xcolors, x_detect_edges): Reorder multiplicands to avoid
8	(x_term_init): Don't assume length fits in int (sprintf is limited	101	overflow.
9	to int size).
10		102
11	* xsmfns.c (smc_save_yourself_CB): Check for size calc overflow.	103	* keyboard.c (read_char, menu_bar_items, tool_bar_items)
		104	(read_char_x_menu_prompt, read_char_minibuf_menu_width)
		105	(read_char_minibuf_menu_prompt, follow_key, read_key_sequence):
		106	Use ptrdiff_t, not int, to count maps.
		107	(read_char_minibuf_menu_prompt): Check for overflow in size
		108	calculations. Don't update size until allocation succeeds. Redo
		109	calculations to avoid overflow.
		110	* keyboard.h: Change prototypes to match the above.
		111
		112	* keymap.c (cmm_size, current_minor_maps): Use ptrdiff_t, not int,
		113	to count maps.
		114	(current_minor_maps): Check for size calculation overflow.
		115	* keymap.h: Change prototypes to match the above.
		116
		117	* lread.c (read1, init_obarray): Don't update size until alloc done.
		118
		119	* macros.c (Fstart_kbd_macro): Don't update size until alloc done.
		120	(store_kbd_macro_char): Reorder multiplicands to avoid overflow.
		121
		122	* minibuf.c (read_minibuf_noninteractive): Don't leak memory
		123	on memory overflow.
		124
		125	* nsterm.h (struct ns_color_table.size, struct ns_color_table.avail):
		126	Now ptrdiff_t, not int.
		127	* nsterm.m (ns_index_color): Use ptrdiff_t, not int, for table indexes.
		128	(ns_draw_fringe_bitmap): Rewrite to avoid overflow.
		129
		130	* process.c (Fnetwork_interface_list): Check for overflow
		131	in size calculation.
		132
		133	* region-cache.c (move_cache_gap): Check for size calculation overflow.
		134
		135	* scroll.c (do_line_insertion_deletion_costs): Check for size calc
		136	overflow. Don't bother calling xmalloc when xrealloc will do.
		137
		138	* search.c (Freplace_match): Check for size calculation overflow.
		139	(Fset_match_data): Don't assume list lengths fit in 'int'.
		140
		141	* sysdep.c (system_process_attributes): Use ptrdiff_t, not int,
		142	for command line length. Do not attempt to address one before the
		143	beginning of an array, as that's not portable.
		144
		145	* term.c (max_frame_lines): Remove; unused.
		146	(encode_terminal_src_size, encode_terminal_dst_size): Now ptrdiff_t,
		147	not int.
		148	(encode_terminal_code, calculate_costs): Check for size
		149	calculation overflow.
		150	(encode_terminal_code): Use ptrdiff_t, not int, to record glyph
		151	table lengths and related sizes. Don't update size until alloc
		152	done. Redo calculations to avoid overflow.
		153	(calculate_costs): Don't bother calling xmalloc when xrealloc will do.
		154
		155	* termcap.c (tgetent): Use ptrdiff_t, not int, to record results of
		156	subtracting pointers.
		157	(gobble_line): Check for overflow more carefully. Don't update size
		158	until alloc done.
		159
		160	* tparam.c (tparam1): Use ptrdiff_t, not int, for sizes.
		161	Don't update size until alloc done.
		162	Redo size calculations to avoid overflow.
		163	Check for size calculation overflow.
		164
		165	* xdisp.c (store_mode_line_noprop_char, x_consider_frame_title):
		166	Use ptrdiff_t, not int, for sizes.
		167	(store_mode_line_noprop_char): Don't update size until alloc done.
		168
		169	* xfaces.c (Finternal_make_lisp_face): Use ptrdiff_t, not int, for
		170	sizes. Check for size calculation overflow.
		171	(cache_face): Do not overflow in size calculation.
		172
		173	* xfns.c (x_encode_text, x_set_name_internal)
		174	(Fx_change_window_property): Use ptrdiff_t, not int, to count
		175	sizes, since they can exceed INT_MAX in size. Check for size
		176	calculation overflow.
		177
		178	* xgselect.c (xg_select): Check for size calculation overflow.
		179	Don't update size until alloc done.
		180
		181	* xrdb.c (magic_file_p): Plug memory leak on size overflow.
		182	(get_environ_db): Don't assume path length fits in int,
		183	as sprintf is limited to int lengths.
12		184
13	* xselect.c: Integer and memory overflow issues.	185	* xselect.c (X_LONG_SIZE, X_USHRT_MAX, X_ULONG_MAX): New macros.
14	(X_LONG_SIZE, X_USHRT_MAX, X_ULONG_MAX): New macros.
15	Use them to make the following changes clearer.	186	Use them to make the following changes clearer.
16	(MAX_SELECTION_QUANTUM): Make the other bounds on this value clearer.	187	(MAX_SELECTION_QUANTUM): Make the other bounds on this value clearer.
17	This change doesn't affect the value now, but it may help remind	188	This change doesn't affect the value now, but it may help remind
@@ -56,203 +227,14 @@
56	a wider type due to X limits.	227	a wider type due to X limits.
57	(x_handle_dnd_message): Use unsigned int, to avoid int overflow.	228	(x_handle_dnd_message): Use unsigned int, to avoid int overflow.
58		229
59	* xrdb.c: Integer and memory overflow issues.	230	* xsmfns.c (smc_save_yourself_CB): Check for size calc overflow.
60	(magic_file_p): Plug memory leak on size overflow.
61	(get_environ_db): Don't assume path length fits in int,
62	as sprintf is limited to int lengths.
63
64	* xgselect.c (xg_select): Check for size calculation overflow.
65	Don't update size until alloc done.
66
67	* xfns.c: Integer and memory overflow fixes.
68	(x_encode_text, x_set_name_internal, Fx_change_window_property):
69	Use ptrdiff_t, not int, to count sizes, since they can exceed
70	INT_MAX in size. Check for size calculation overflow.
71
72	* xfaces.c: Integer and memory overflow fixes.
73	(Finternal_make_lisp_face): Use ptrdiff_t, not int, for sizes.
74	Check for size calculation overflow.
75	(cache_face): Do not overflow in size calculation.
76
77	* xdisp.c: Integer and memory overflow fixes.
78	(store_mode_line_noprop_char, x_consider_frame_title):
79	Use ptrdiff_t, not int, for sizes.
80	(store_mode_line_noprop_char): Don't update size until alloc done.
81
82	* tparam.c: Integer and memory overflow fixes.
83	(tparam1): Use ptrdiff_t, not int, for sizes.
84	Don't update size until alloc done.
85	Redo size calculations to avoid overflow.
86	Check for size calculation overflow.
87
88	* termcap.c: Integer and memory overflow issues.
89	(tgetent): Use ptrdiff_t, not int, to record results of
90	subtracting pointers.
91	(gobble_line): Check for overflow more carefully. Don't update size
92	until alloc done.
93
94	* term.c: Integer and memory overflow issues.
95	(max_frame_lines): Remove; unused.
96	(encode_terminal_src_size, encode_terminal_dst_size): Now ptrdiff_t,
97	not int.
98	(encode_terminal_code, calculate_costs): Check for size
99	calculation overflow.
100	(encode_terminal_code): Use ptrdiff_t, not int, to record glyph
101	table lengths and related sizes. Don't update size until alloc
102	done. Redo calculations to avoid overflow.
103	(calculate_costs): Don't bother calling xmalloc when xrealloc will do.
104
105	* sysdep.c: Integer and memory overflow issues.
106	(system_process_attributes): Use ptrdiff_t, not int, for command
107	line length. Do not attempt to address one before the beginning
108	of an array, as that's not portable.
109
110	* search.c: Integer and memory overflow fixes.
111	(Freplace_match): Check for size calculation overflow.
112	(Fset_match_data): Don't assume list lengths fit in 'int'.
113
114	* scroll.c: Integer and memory overflow fixes.
115	(do_line_insertion_deletion_costs): Check for size calculation overflow.
116	Don't bother calling xmalloc when xrealloc will do.
117
118	* region-cache.c (move_cache_gap): Check for size calculation overflow.
119
120	* process.c (Fnetwork_interface_list): Check for overflow
121	in size calculation.
122
123	* nsterm.h (struct ns_color_table.size, struct ns_color_table.avail):
124	Now ptrdiff_t, not int.
125	* nsterm.m (ns_index_color): Use ptrdiff_t, not int, for table indexes.
126	(ns_draw_fringe_bitmap): Rewrite to avoid overflow.
127
128	* minibuf.c (read_minibuf_noninteractive): Don't leak memory
129	on memory overflow.
130
131	* macros.c: Integer and memory overflow fixes.
132	(Fstart_kbd_macro): Don't update size until alloc done.
133	(store_kbd_macro_char): Reorder multiplicands to avoid overflow.
134
135	* lread.c (read1, init_obarray): Don't update size until alloc done.
136
137	* keymap.c: Integer overflow fixes.
138	(cmm_size, current_minor_maps): Use ptrdiff_t, not int, to count maps.
139	(current_minor_maps): Check for size calculation overflow.
140	* keymap.h: Change prototypes to match the above.
141
142	* keyboard.c: Integer and memory overflow fixes.
143	(read_char, menu_bar_items, tool_bar_items, read_char_x_menu_prompt)
144	(read_char_minibuf_menu_width, read_char_minibuf_menu_prompt)
145	(follow_key, read_key_sequence): Use ptrdiff_t, not int, to count maps.
146	(read_char_minibuf_menu_prompt): Check for overflow in size
147	calculations. Don't update size until allocation succeeds. Redo
148	calculations to avoid overflow.
149	* keyboard.h: Change prototypes to match the above.
150		231
151	* image.c: Integer and memory overflow fixes.	232	* xterm.c (x_color_cells, handle_one_xevent, x_term_init):
152	(RANGED_INTEGERP, TYPE_RANGED_INTEGERP): Remove; these are duplicate
153	now that they've been promoted to lisp.h.
154	(x_allocate_bitmap_record, x_alloc_image_color)
155	(make_image_cache, cache_image, xpm_load):
156	Don't update size until alloc is done.
157	(xpm_load, lookup_rgb_color, lookup_pixel_color, x_to_xcolors)
158	(x_detect_edges):
159	Check for size calculation overflow.	233	Check for size calculation overflow.
160	(ct_colors_allocated_max): New constant.	234	(x_color_cells): Don't store size until memory allocation succeeds.
161	(x_to_xcolors, x_detect_edges): Reorder multiplicands to avoid	235	(handle_one_xevent): Use ptrdiff_t, not int, for byte counts.
162	overflow.	236	(x_term_init): Don't assume length fits in int (sprintf is limited
163		237	to int size).
164	2011-07-28 Paul Eggert <eggert@cs.ucla.edu>
165
166	* gtkutil.c: Integer overflow fixes.
167	(get_utf8_string, xg_store_widget_in_map):
168	Check for size-calculation overflow.
169	(get_utf8_string): Use ptrdiff_t, not size_t, where either will
170	do, as we prefer signed integers.
171	(id_to_widget.max_size, id_to_widget.used)
172	(xg_store_widget_in_map, xg_remove_widget_from_map)
173	(xg_get_widget_from_map, xg_get_scroll_id_for_window)
174	(xg_remove_scroll_bar, xg_update_scrollbar_pos):
175	Use and return ptrdiff_t, not int.
176	(xg_gtk_scroll_destroy): Don't assume ptrdiff_t fits in int.
177	* gtkutil.h: Change prototypes to match the above.
178
179	* ftfont.c: Check for size overflow.
180	(ftfont_get_open_type_spec, setup_otf_gstring, ftfont_shape_by_flt):
181	Check for integer overflow in size calculations.
182
183	* fringe.c (Fdefine_fringe_bitmap): Don't update size until alloc works.
184
185	* frame.h (struct frame): Use int, not EMACS_INT, where int works.
186	This is for the members text_lines, text_cols, total_lines, total_cols,
187	where the system imposes an 'int' limit.
188
189	* frame.c: Integer overflow fixes.
190	(set_menu_bar_lines, x_set_frame_parameters, x_set_scroll_bar_width)
191	(x_figure_window_size): Check for integer overflow.
192	(x_set_alpha): Do not assume XINT fits in int.
193
194	* eval.c: Integer and memory overflow fixes.
195	(init_eval_once, grow_specpdl): Don't update size until alloc succeeds.
196	(call_debugger, grow_specpdl): Redo calculations to avoid overflow.
197
198	* emacs.c (main, sort_args): Check for size-calculation overflow.
199
200	* editfns.c: Integer and memory overflow fixes.
201	(set_time_zone_rule): Don't assume environment length fits in int.
202	(message_length): Now ptrdiff_t, not int.
203	(Fmessage_box): Don't update size until allocation succeeds.
204	Don't assume message length fits in int.
205	(Fformat): Use ptrdiff_t, not EMACS_INT, where ptrdiff_t will do.
206
207	* doc.c: Integer and memory overflow fixes.
208	(get_doc_string_buffer_size): Now ptrdiff_t, not int.
209	(get_doc_string): Check for size calculation overflow.
210	Don't update size until allocation succeeds.
211	(get_doc_string, Fsubstitute_command_keys): Use ptrdiff_t, not
212	EMACS_INT, where ptrdiff_t will do.
213	(Fsubstitute_command_keys): Check for string overflow.
214
215	Integer and memory overflow fixes for display code.
216	* dispextern.h (struct glyph_pool.nglyphs): Now ptrdiff_t, not int.
217	* dispnew.c (adjust_glyph_matrix, realloc_glyph_pool, scrolling_window):
218	Check for overflow in size calculations.
219	(line_draw_cost, realloc_glyph_pool, add_row_entry):
220	Don't assume glyph table len fits in int.
221	(struct row_entry.bucket, row_entry_pool_size, row_entry_idx)
222	(row_table_size): Now ptrdiff_t, not int.
223	(scrolling_window): Avoid overflow in size calculations.
224	Don't update size until allocation succeeds.
225	* fns.c (concat): Check for overflow in size calculations.
226	(next_almost_prime): Verify NEXT_ALMOST_PRIME_LIMIT.
227	* lisp.h (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros.
228	(NEXT_ALMOST_PRIME_LIMIT): New constant.
229
230	* composite.c: Integer overflow fixes.
231	(get_composition_id): Check for overflow in glyph length calculations.
232
233	* coding.c: Integer and memory overflow fixes.
234	(produce_chars): Redo buffer-overflow calculations to avoid
235	unnecessary integer overflow. Check for size overflow.
236	(encode_coding_object): Don't update size until xmalloc succeeds.
237
238	* character.c (Fstring): Check for size-calculation overflow.
239
240	* ccl.c: Integer and memory overflow fixes.
241	(Fccl_execute_on_string): Check for memory overflow.
242	Use ptrdiff_t rather than EMACS_INT where ptrdiff_t will do.
243	Redo buffer-overflow calculations to avoid integer overflow.
244
245	* callproc.c (child_setup): Don't assume strlen fits in int.
246
247	* buffer.c: Memory overflow fixes.
248	(overlays_at, overlays_in, record_overlay_string, overlay_strings):
249	Don't update size of array until after memory allocation succeeds,
250	because xmalloc/xrealloc may not return.
251
252	* bidi.c: Integer overflow fix.
253	(bidi_shelve_header_size): New constant.
254	(bidi_cache_ensure_space, bidi_shelve_cache): Use it.
255	(bidi_cache_ensure_space): Avoid integer overflow when allocating.
256		238
257	2011-07-19 Paul Eggert <eggert@cs.ucla.edu>	239	2011-07-19 Paul Eggert <eggert@cs.ucla.edu>
258		240