diff options
| author | Paul Eggert | 2017-02-10 08:34:57 -0800 |
|---|---|---|
| committer | Paul Eggert | 2017-02-10 08:36:42 -0800 |
| commit | abcba32c262e575b562ec0e481e55538536f969f (patch) | |
| tree | f873cc4c0190d9e4d77439031eeade3a9a59dc34 /src | |
| parent | cef233eeb8366580f76e8324695e6f964cb160d0 (diff) | |
| download | emacs-abcba32c262e575b562ec0e481e55538536f969f.tar.gz emacs-abcba32c262e575b562ec0e481e55538536f969f.zip | |
Fix a few integer-overflow glitches
* src/composite.c (composition_compute_stop_pos, composition_reseat_it):
* src/dispextern.h (struct composition_it.rule_idx):
* src/keyboard.c (Fset__this_command_keys):
* src/xwidget.c (webkit_js_to_lisp):
Don’t assume object sizes fit in ‘int’.
* src/xwidget.c (Fxwidget_resize):
Don’t assume Emacs integers fit in ‘int’.
Diffstat (limited to 'src')
| -rw-r--r-- | src/composite.c | 89 | ||||
| -rw-r--r-- | src/dispextern.h | 2 | ||||
| -rw-r--r-- | src/keyboard.c | 2 | ||||
| -rw-r--r-- | src/xwidget.c | 12 |
4 files changed, 50 insertions, 55 deletions
diff --git a/src/composite.c b/src/composite.c index f23bb17c57a..b673c53ac83 100644 --- a/src/composite.c +++ b/src/composite.c | |||
| @@ -1012,7 +1012,7 @@ composition_compute_stop_pos (struct composition_it *cmp_it, ptrdiff_t charpos, | |||
| 1012 | val = CHAR_TABLE_REF (Vcomposition_function_table, c); | 1012 | val = CHAR_TABLE_REF (Vcomposition_function_table, c); |
| 1013 | if (! NILP (val)) | 1013 | if (! NILP (val)) |
| 1014 | { | 1014 | { |
| 1015 | for (int ridx = 0; CONSP (val); val = XCDR (val), ridx++) | 1015 | for (EMACS_INT ridx = 0; CONSP (val); val = XCDR (val), ridx++) |
| 1016 | { | 1016 | { |
| 1017 | Lisp_Object elt = XCAR (val); | 1017 | Lisp_Object elt = XCAR (val); |
| 1018 | if (VECTORP (elt) && ASIZE (elt) == 3 | 1018 | if (VECTORP (elt) && ASIZE (elt) == 3 |
| @@ -1063,54 +1063,48 @@ composition_compute_stop_pos (struct composition_it *cmp_it, ptrdiff_t charpos, | |||
| 1063 | while (char_composable_p (c)) | 1063 | while (char_composable_p (c)) |
| 1064 | { | 1064 | { |
| 1065 | val = CHAR_TABLE_REF (Vcomposition_function_table, c); | 1065 | val = CHAR_TABLE_REF (Vcomposition_function_table, c); |
| 1066 | if (! NILP (val)) | 1066 | for (EMACS_INT ridx = 0; CONSP (val); val = XCDR (val), ridx++) |
| 1067 | { | 1067 | { |
| 1068 | Lisp_Object elt; | 1068 | Lisp_Object elt = XCAR (val); |
| 1069 | int ridx, blen; | 1069 | if (VECTORP (elt) && ASIZE (elt) == 3 |
| 1070 | 1070 | && NATNUMP (AREF (elt, 1)) | |
| 1071 | for (ridx = 0; CONSP (val); val = XCDR (val), ridx++) | 1071 | && charpos - XFASTINT (AREF (elt, 1)) > endpos) |
| 1072 | { | 1072 | { |
| 1073 | elt = XCAR (val); | 1073 | ptrdiff_t back = XFASTINT (AREF (elt, 1)); |
| 1074 | if (VECTORP (elt) && ASIZE (elt) == 3 | 1074 | ptrdiff_t cpos = charpos - back, bpos; |
| 1075 | && NATNUMP (AREF (elt, 1)) | ||
| 1076 | && charpos - XFASTINT (AREF (elt, 1)) > endpos) | ||
| 1077 | { | ||
| 1078 | ptrdiff_t back = XFASTINT (AREF (elt, 1)); | ||
| 1079 | ptrdiff_t cpos = charpos - back, bpos; | ||
| 1080 | 1075 | ||
| 1081 | if (back == 0) | 1076 | if (back == 0) |
| 1082 | bpos = bytepos; | 1077 | bpos = bytepos; |
| 1083 | else | 1078 | else |
| 1084 | bpos = (NILP (string) ? CHAR_TO_BYTE (cpos) | 1079 | bpos = (NILP (string) ? CHAR_TO_BYTE (cpos) |
| 1085 | : string_char_to_byte (string, cpos)); | 1080 | : string_char_to_byte (string, cpos)); |
| 1086 | if (STRINGP (AREF (elt, 0))) | 1081 | ptrdiff_t blen |
| 1087 | blen = fast_looking_at (AREF (elt, 0), cpos, bpos, | 1082 | = (STRINGP (AREF (elt, 0)) |
| 1088 | start + 1, limit, string); | 1083 | ? fast_looking_at (AREF (elt, 0), cpos, bpos, |
| 1089 | else | 1084 | start + 1, limit, string) |
| 1090 | blen = 1; | 1085 | : 1); |
| 1091 | if (blen > 0) | 1086 | if (blen > 0) |
| 1087 | { | ||
| 1088 | /* Make CPOS point to the last character of | ||
| 1089 | match. Note that BLEN is byte-length. */ | ||
| 1090 | if (blen > 1) | ||
| 1091 | { | ||
| 1092 | bpos += blen; | ||
| 1093 | if (NILP (string)) | ||
| 1094 | cpos = BYTE_TO_CHAR (bpos) - 1; | ||
| 1095 | else | ||
| 1096 | cpos = string_byte_to_char (string, bpos) - 1; | ||
| 1097 | } | ||
| 1098 | back = cpos - (charpos - back); | ||
| 1099 | if (cmp_it->stop_pos < cpos | ||
| 1100 | || (cmp_it->stop_pos == cpos | ||
| 1101 | && cmp_it->lookback < back)) | ||
| 1092 | { | 1102 | { |
| 1093 | /* Make CPOS point to the last character of | 1103 | cmp_it->rule_idx = ridx; |
| 1094 | match. Note that BLEN is byte-length. */ | 1104 | cmp_it->stop_pos = cpos; |
| 1095 | if (blen > 1) | 1105 | cmp_it->ch = c; |
| 1096 | { | 1106 | cmp_it->lookback = back; |
| 1097 | bpos += blen; | 1107 | cmp_it->nchars = back + 1; |
| 1098 | if (NILP (string)) | ||
| 1099 | cpos = BYTE_TO_CHAR (bpos) - 1; | ||
| 1100 | else | ||
| 1101 | cpos = string_byte_to_char (string, bpos) - 1; | ||
| 1102 | } | ||
| 1103 | back = cpos - (charpos - back); | ||
| 1104 | if (cmp_it->stop_pos < cpos | ||
| 1105 | || (cmp_it->stop_pos == cpos | ||
| 1106 | && cmp_it->lookback < back)) | ||
| 1107 | { | ||
| 1108 | cmp_it->rule_idx = ridx; | ||
| 1109 | cmp_it->stop_pos = cpos; | ||
| 1110 | cmp_it->ch = c; | ||
| 1111 | cmp_it->lookback = back; | ||
| 1112 | cmp_it->nchars = back + 1; | ||
| 1113 | } | ||
| 1114 | } | 1108 | } |
| 1115 | } | 1109 | } |
| 1116 | } | 1110 | } |
| @@ -1203,10 +1197,10 @@ composition_reseat_it (struct composition_it *cmp_it, ptrdiff_t charpos, | |||
| 1203 | { | 1197 | { |
| 1204 | Lisp_Object lgstring = Qnil; | 1198 | Lisp_Object lgstring = Qnil; |
| 1205 | Lisp_Object val, elt; | 1199 | Lisp_Object val, elt; |
| 1206 | ptrdiff_t i; | ||
| 1207 | 1200 | ||
| 1208 | val = CHAR_TABLE_REF (Vcomposition_function_table, cmp_it->ch); | 1201 | val = CHAR_TABLE_REF (Vcomposition_function_table, cmp_it->ch); |
| 1209 | for (i = 0; i < cmp_it->rule_idx; i++, val = XCDR (val)); | 1202 | for (EMACS_INT i = 0; i < cmp_it->rule_idx; i++, val = XCDR (val)) |
| 1203 | continue; | ||
| 1210 | if (charpos < endpos) | 1204 | if (charpos < endpos) |
| 1211 | { | 1205 | { |
| 1212 | for (; CONSP (val); val = XCDR (val)) | 1206 | for (; CONSP (val); val = XCDR (val)) |
| @@ -1255,6 +1249,7 @@ composition_reseat_it (struct composition_it *cmp_it, ptrdiff_t charpos, | |||
| 1255 | if (NILP (LGSTRING_ID (lgstring))) | 1249 | if (NILP (LGSTRING_ID (lgstring))) |
| 1256 | lgstring = composition_gstring_put_cache (lgstring, -1); | 1250 | lgstring = composition_gstring_put_cache (lgstring, -1); |
| 1257 | cmp_it->id = XINT (LGSTRING_ID (lgstring)); | 1251 | cmp_it->id = XINT (LGSTRING_ID (lgstring)); |
| 1252 | int i; | ||
| 1258 | for (i = 0; i < LGSTRING_GLYPH_LEN (lgstring); i++) | 1253 | for (i = 0; i < LGSTRING_GLYPH_LEN (lgstring); i++) |
| 1259 | if (NILP (LGSTRING_GLYPH (lgstring, i))) | 1254 | if (NILP (LGSTRING_GLYPH (lgstring, i))) |
| 1260 | break; | 1255 | break; |
diff --git a/src/dispextern.h b/src/dispextern.h index eb71a82311c..e030618a9b7 100644 --- a/src/dispextern.h +++ b/src/dispextern.h | |||
| @@ -2215,7 +2215,7 @@ struct composition_it | |||
| 2215 | the automatic composition. Provided that ELT is an element of | 2215 | the automatic composition. Provided that ELT is an element of |
| 2216 | Vcomposition_function_table for CH, (nth ELT RULE_IDX) is the | 2216 | Vcomposition_function_table for CH, (nth ELT RULE_IDX) is the |
| 2217 | rule for the composition. */ | 2217 | rule for the composition. */ |
| 2218 | int rule_idx; | 2218 | EMACS_INT rule_idx; |
| 2219 | /* If this is an automatic composition, how many characters to look | 2219 | /* If this is an automatic composition, how many characters to look |
| 2220 | back from the position where a character triggering the | 2220 | back from the position where a character triggering the |
| 2221 | composition exists. */ | 2221 | composition exists. */ |
diff --git a/src/keyboard.c b/src/keyboard.c index 168232203fe..ed8e71fd0a7 100644 --- a/src/keyboard.c +++ b/src/keyboard.c | |||
| @@ -10020,7 +10020,7 @@ Internal use only. */) | |||
| 10020 | add_command_key (make_number ('x' | meta_modifier)); | 10020 | add_command_key (make_number ('x' | meta_modifier)); |
| 10021 | else | 10021 | else |
| 10022 | add_command_key (make_number (key0)); | 10022 | add_command_key (make_number (key0)); |
| 10023 | for (int i = 1; i < SCHARS (keys); i++) | 10023 | for (ptrdiff_t i = 1; i < SCHARS (keys); i++) |
| 10024 | add_command_key (make_number (SREF (keys, i))); | 10024 | add_command_key (make_number (SREF (keys, i))); |
| 10025 | return Qnil; | 10025 | return Qnil; |
| 10026 | } | 10026 | } |
diff --git a/src/xwidget.c b/src/xwidget.c index 4ba1617d8df..5c276b1371c 100644 --- a/src/xwidget.c +++ b/src/xwidget.c | |||
| @@ -301,13 +301,13 @@ webkit_js_to_lisp (JSContextRef context, JSValueRef value) | |||
| 301 | { | 301 | { |
| 302 | JSStringRef pname = JSStringCreateWithUTF8CString("length"); | 302 | JSStringRef pname = JSStringCreateWithUTF8CString("length"); |
| 303 | JSValueRef len = JSObjectGetProperty (context, (JSObjectRef) value, pname, NULL); | 303 | JSValueRef len = JSObjectGetProperty (context, (JSObjectRef) value, pname, NULL); |
| 304 | int n = JSValueToNumber (context, len, NULL); | 304 | EMACS_INT n = JSValueToNumber (context, len, NULL); |
| 305 | JSStringRelease(pname); | 305 | JSStringRelease(pname); |
| 306 | 306 | ||
| 307 | Lisp_Object obj; | 307 | Lisp_Object obj; |
| 308 | struct Lisp_Vector *p = allocate_vector (n); | 308 | struct Lisp_Vector *p = allocate_vector (n); |
| 309 | 309 | ||
| 310 | for (int i = 0; i < n; ++i) | 310 | for (ptrdiff_t i = 0; i < n; ++i) |
| 311 | { | 311 | { |
| 312 | p->contents[i] = | 312 | p->contents[i] = |
| 313 | webkit_js_to_lisp (context, | 313 | webkit_js_to_lisp (context, |
| @@ -323,13 +323,13 @@ webkit_js_to_lisp (JSContextRef context, JSValueRef value) | |||
| 323 | JSPropertyNameArrayRef properties = | 323 | JSPropertyNameArrayRef properties = |
| 324 | JSObjectCopyPropertyNames (context, (JSObjectRef) value); | 324 | JSObjectCopyPropertyNames (context, (JSObjectRef) value); |
| 325 | 325 | ||
| 326 | int n = JSPropertyNameArrayGetCount (properties); | 326 | ptrdiff_t n = JSPropertyNameArrayGetCount (properties); |
| 327 | Lisp_Object obj; | 327 | Lisp_Object obj; |
| 328 | 328 | ||
| 329 | /* TODO: can we use a regular list here? */ | 329 | /* TODO: can we use a regular list here? */ |
| 330 | struct Lisp_Vector *p = allocate_vector (n); | 330 | struct Lisp_Vector *p = allocate_vector (n); |
| 331 | 331 | ||
| 332 | for (int i = 0; i < n; ++i) | 332 | for (ptrdiff_t i = 0; i < n; ++i) |
| 333 | { | 333 | { |
| 334 | JSStringRef name = JSPropertyNameArrayGetNameAtIndex (properties, i); | 334 | JSStringRef name = JSPropertyNameArrayGetNameAtIndex (properties, i); |
| 335 | JSValueRef property = JSObjectGetProperty (context, | 335 | JSValueRef property = JSObjectGetProperty (context, |
| @@ -733,8 +733,8 @@ DEFUN ("xwidget-resize", Fxwidget_resize, Sxwidget_resize, 3, 3, 0, | |||
| 733 | (Lisp_Object xwidget, Lisp_Object new_width, Lisp_Object new_height) | 733 | (Lisp_Object xwidget, Lisp_Object new_width, Lisp_Object new_height) |
| 734 | { | 734 | { |
| 735 | CHECK_XWIDGET (xwidget); | 735 | CHECK_XWIDGET (xwidget); |
| 736 | CHECK_NATNUM (new_width); | 736 | CHECK_RANGED_INTEGER (new_width, 0, INT_MAX); |
| 737 | CHECK_NATNUM (new_height); | 737 | CHECK_RANGED_INTEGER (new_height, 0, INT_MAX); |
| 738 | struct xwidget *xw = XXWIDGET (xwidget); | 738 | struct xwidget *xw = XXWIDGET (xwidget); |
| 739 | int w = XFASTINT (new_width); | 739 | int w = XFASTINT (new_width); |
| 740 | int h = XFASTINT (new_height); | 740 | int h = XFASTINT (new_height); |