diff options
| author | Paul Eggert | 2011-07-28 14:49:16 -0700 |
|---|---|---|
| committer | Paul Eggert | 2011-07-28 14:49:16 -0700 |
| commit | b8898fdae2fd08ca3406c47a18de3465dd1a4a39 (patch) | |
| tree | 51e2fb645dc4c1612396919f90aacde3beb0118b /src | |
| parent | 98e8eae1372c6656c82ec0f9600128a2ecb522cc (diff) | |
| download | emacs-b8898fdae2fd08ca3406c47a18de3465dd1a4a39.tar.gz emacs-b8898fdae2fd08ca3406c47a18de3465dd1a4a39.zip | |
* frame.c: Integer overflow fixes.
(set_menu_bar_lines, x_set_frame_parameters, x_set_scroll_bar_width)
(x_figure_window_size): Check for integer overflow.
(x_set_alpha): Do not assume XINT fits in int.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ChangeLog | 5 | ||||
| -rw-r--r-- | src/frame.c | 38 |
2 files changed, 25 insertions, 18 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index 7a7c8c14407..c46eec626bd 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -1,5 +1,10 @@ | |||
| 1 | 2011-07-28 Paul Eggert <eggert@cs.ucla.edu> | 1 | 2011-07-28 Paul Eggert <eggert@cs.ucla.edu> |
| 2 | 2 | ||
| 3 | * frame.c: Integer overflow fixes. | ||
| 4 | (set_menu_bar_lines, x_set_frame_parameters, x_set_scroll_bar_width) | ||
| 5 | (x_figure_window_size): Check for integer overflow. | ||
| 6 | (x_set_alpha): Do not assume XINT fits in int. | ||
| 7 | |||
| 3 | * eval.c: Integer and memory overflow fixes. | 8 | * eval.c: Integer and memory overflow fixes. |
| 4 | (init_eval_once, grow_specpdl): Don't update size until alloc succeeds. | 9 | (init_eval_once, grow_specpdl): Don't update size until alloc succeeds. |
| 5 | (call_debugger, grow_specpdl): Redo calculations to avoid overflow. | 10 | (call_debugger, grow_specpdl): Redo calculations to avoid overflow. |
diff --git a/src/frame.c b/src/frame.c index 635996ca424..ca3ca49577c 100644 --- a/src/frame.c +++ b/src/frame.c | |||
| @@ -160,7 +160,7 @@ set_menu_bar_lines (struct frame *f, Lisp_Object value, Lisp_Object oldval) | |||
| 160 | if (FRAME_MINIBUF_ONLY_P (f)) | 160 | if (FRAME_MINIBUF_ONLY_P (f)) |
| 161 | return; | 161 | return; |
| 162 | 162 | ||
| 163 | if (INTEGERP (value)) | 163 | if (TYPE_RANGED_INTEGERP (int, value)) |
| 164 | nlines = XINT (value); | 164 | nlines = XINT (value); |
| 165 | else | 165 | else |
| 166 | nlines = 0; | 166 | nlines = 0; |
| @@ -2994,7 +2994,7 @@ x_set_frame_parameters (FRAME_PTR f, Lisp_Object alist) | |||
| 2994 | f->size_hint_flags &= ~ (XNegative | YNegative); | 2994 | f->size_hint_flags &= ~ (XNegative | YNegative); |
| 2995 | if (EQ (left, Qminus)) | 2995 | if (EQ (left, Qminus)) |
| 2996 | f->size_hint_flags |= XNegative; | 2996 | f->size_hint_flags |= XNegative; |
| 2997 | else if (INTEGERP (left)) | 2997 | else if (TYPE_RANGED_INTEGERP (int, left)) |
| 2998 | { | 2998 | { |
| 2999 | leftpos = XINT (left); | 2999 | leftpos = XINT (left); |
| 3000 | if (leftpos < 0) | 3000 | if (leftpos < 0) |
| @@ -3002,21 +3002,21 @@ x_set_frame_parameters (FRAME_PTR f, Lisp_Object alist) | |||
| 3002 | } | 3002 | } |
| 3003 | else if (CONSP (left) && EQ (XCAR (left), Qminus) | 3003 | else if (CONSP (left) && EQ (XCAR (left), Qminus) |
| 3004 | && CONSP (XCDR (left)) | 3004 | && CONSP (XCDR (left)) |
| 3005 | && INTEGERP (XCAR (XCDR (left)))) | 3005 | && RANGED_INTEGERP (-INT_MAX, XCAR (XCDR (left)), INT_MAX)) |
| 3006 | { | 3006 | { |
| 3007 | leftpos = - XINT (XCAR (XCDR (left))); | 3007 | leftpos = - XINT (XCAR (XCDR (left))); |
| 3008 | f->size_hint_flags |= XNegative; | 3008 | f->size_hint_flags |= XNegative; |
| 3009 | } | 3009 | } |
| 3010 | else if (CONSP (left) && EQ (XCAR (left), Qplus) | 3010 | else if (CONSP (left) && EQ (XCAR (left), Qplus) |
| 3011 | && CONSP (XCDR (left)) | 3011 | && CONSP (XCDR (left)) |
| 3012 | && INTEGERP (XCAR (XCDR (left)))) | 3012 | && TYPE_RANGED_INTEGERP (int, XCAR (XCDR (left)))) |
| 3013 | { | 3013 | { |
| 3014 | leftpos = XINT (XCAR (XCDR (left))); | 3014 | leftpos = XINT (XCAR (XCDR (left))); |
| 3015 | } | 3015 | } |
| 3016 | 3016 | ||
| 3017 | if (EQ (top, Qminus)) | 3017 | if (EQ (top, Qminus)) |
| 3018 | f->size_hint_flags |= YNegative; | 3018 | f->size_hint_flags |= YNegative; |
| 3019 | else if (INTEGERP (top)) | 3019 | else if (TYPE_RANGED_INTEGERP (int, top)) |
| 3020 | { | 3020 | { |
| 3021 | toppos = XINT (top); | 3021 | toppos = XINT (top); |
| 3022 | if (toppos < 0) | 3022 | if (toppos < 0) |
| @@ -3024,14 +3024,14 @@ x_set_frame_parameters (FRAME_PTR f, Lisp_Object alist) | |||
| 3024 | } | 3024 | } |
| 3025 | else if (CONSP (top) && EQ (XCAR (top), Qminus) | 3025 | else if (CONSP (top) && EQ (XCAR (top), Qminus) |
| 3026 | && CONSP (XCDR (top)) | 3026 | && CONSP (XCDR (top)) |
| 3027 | && INTEGERP (XCAR (XCDR (top)))) | 3027 | && RANGED_INTEGERP (-INT_MAX, XCAR (XCDR (top)), INT_MAX)) |
| 3028 | { | 3028 | { |
| 3029 | toppos = - XINT (XCAR (XCDR (top))); | 3029 | toppos = - XINT (XCAR (XCDR (top))); |
| 3030 | f->size_hint_flags |= YNegative; | 3030 | f->size_hint_flags |= YNegative; |
| 3031 | } | 3031 | } |
| 3032 | else if (CONSP (top) && EQ (XCAR (top), Qplus) | 3032 | else if (CONSP (top) && EQ (XCAR (top), Qplus) |
| 3033 | && CONSP (XCDR (top)) | 3033 | && CONSP (XCDR (top)) |
| 3034 | && INTEGERP (XCAR (XCDR (top)))) | 3034 | && TYPE_RANGED_INTEGERP (int, XCAR (XCDR (top)))) |
| 3035 | { | 3035 | { |
| 3036 | toppos = XINT (XCAR (XCDR (top))); | 3036 | toppos = XINT (XCAR (XCDR (top))); |
| 3037 | } | 3037 | } |
| @@ -3483,7 +3483,7 @@ x_set_scroll_bar_width (struct frame *f, Lisp_Object arg, Lisp_Object oldval) | |||
| 3483 | x_set_window_size (f, 0, FRAME_COLS (f), FRAME_LINES (f)); | 3483 | x_set_window_size (f, 0, FRAME_COLS (f), FRAME_LINES (f)); |
| 3484 | do_pending_window_change (0); | 3484 | do_pending_window_change (0); |
| 3485 | } | 3485 | } |
| 3486 | else if (INTEGERP (arg) && XINT (arg) > 0 | 3486 | else if (RANGED_INTEGERP (1, arg, INT_MAX) |
| 3487 | && XFASTINT (arg) != FRAME_CONFIG_SCROLL_BAR_WIDTH (f)) | 3487 | && XFASTINT (arg) != FRAME_CONFIG_SCROLL_BAR_WIDTH (f)) |
| 3488 | { | 3488 | { |
| 3489 | if (XFASTINT (arg) <= 2 * VERTICAL_SCROLL_BAR_WIDTH_TRIM) | 3489 | if (XFASTINT (arg) <= 2 * VERTICAL_SCROLL_BAR_WIDTH_TRIM) |
| @@ -3522,7 +3522,7 @@ x_set_alpha (struct frame *f, Lisp_Object arg, Lisp_Object oldval) | |||
| 3522 | { | 3522 | { |
| 3523 | double alpha = 1.0; | 3523 | double alpha = 1.0; |
| 3524 | double newval[2]; | 3524 | double newval[2]; |
| 3525 | int i, ialpha; | 3525 | int i; |
| 3526 | Lisp_Object item; | 3526 | Lisp_Object item; |
| 3527 | 3527 | ||
| 3528 | for (i = 0; i < 2; i++) | 3528 | for (i = 0; i < 2; i++) |
| @@ -3546,7 +3546,7 @@ x_set_alpha (struct frame *f, Lisp_Object arg, Lisp_Object oldval) | |||
| 3546 | } | 3546 | } |
| 3547 | else if (INTEGERP (item)) | 3547 | else if (INTEGERP (item)) |
| 3548 | { | 3548 | { |
| 3549 | ialpha = XINT (item); | 3549 | EMACS_INT ialpha = XINT (item); |
| 3550 | if (ialpha < 0 || 100 < ialpha) | 3550 | if (ialpha < 0 || 100 < ialpha) |
| 3551 | args_out_of_range (make_number (0), make_number (100)); | 3551 | args_out_of_range (make_number (0), make_number (100)); |
| 3552 | else | 3552 | else |
| @@ -4033,11 +4033,15 @@ x_figure_window_size (struct frame *f, Lisp_Object parms, int toolbar_p) | |||
| 4033 | if (!EQ (tem0, Qunbound)) | 4033 | if (!EQ (tem0, Qunbound)) |
| 4034 | { | 4034 | { |
| 4035 | CHECK_NUMBER (tem0); | 4035 | CHECK_NUMBER (tem0); |
| 4036 | if (! (0 <= XINT (tem0) && XINT (tem0) <= INT_MAX)) | ||
| 4037 | xsignal1 (Qargs_out_of_range, tem0); | ||
| 4036 | FRAME_LINES (f) = XINT (tem0); | 4038 | FRAME_LINES (f) = XINT (tem0); |
| 4037 | } | 4039 | } |
| 4038 | if (!EQ (tem1, Qunbound)) | 4040 | if (!EQ (tem1, Qunbound)) |
| 4039 | { | 4041 | { |
| 4040 | CHECK_NUMBER (tem1); | 4042 | CHECK_NUMBER (tem1); |
| 4043 | if (! (0 <= XINT (tem1) && XINT (tem1) <= INT_MAX)) | ||
| 4044 | xsignal1 (Qargs_out_of_range, tem1); | ||
| 4041 | SET_FRAME_COLS (f, XINT (tem1)); | 4045 | SET_FRAME_COLS (f, XINT (tem1)); |
| 4042 | } | 4046 | } |
| 4043 | if (!NILP (tem2) && !EQ (tem2, Qunbound)) | 4047 | if (!NILP (tem2) && !EQ (tem2, Qunbound)) |
| @@ -4068,12 +4072,10 @@ x_figure_window_size (struct frame *f, Lisp_Object parms, int toolbar_p) | |||
| 4068 | ? tool_bar_button_relief | 4072 | ? tool_bar_button_relief |
| 4069 | : DEFAULT_TOOL_BAR_BUTTON_RELIEF); | 4073 | : DEFAULT_TOOL_BAR_BUTTON_RELIEF); |
| 4070 | 4074 | ||
| 4071 | if (INTEGERP (Vtool_bar_button_margin) | 4075 | if (RANGED_INTEGERP (1, Vtool_bar_button_margin, INT_MAX)) |
| 4072 | && XINT (Vtool_bar_button_margin) > 0) | ||
| 4073 | margin = XFASTINT (Vtool_bar_button_margin); | 4076 | margin = XFASTINT (Vtool_bar_button_margin); |
| 4074 | else if (CONSP (Vtool_bar_button_margin) | 4077 | else if (CONSP (Vtool_bar_button_margin) |
| 4075 | && INTEGERP (XCDR (Vtool_bar_button_margin)) | 4078 | && RANGED_INTEGERP (1, XCDR (Vtool_bar_button_margin), INT_MAX)) |
| 4076 | && XINT (XCDR (Vtool_bar_button_margin)) > 0) | ||
| 4077 | margin = XFASTINT (XCDR (Vtool_bar_button_margin)); | 4079 | margin = XFASTINT (XCDR (Vtool_bar_button_margin)); |
| 4078 | else | 4080 | else |
| 4079 | margin = 0; | 4081 | margin = 0; |
| @@ -4099,14 +4101,14 @@ x_figure_window_size (struct frame *f, Lisp_Object parms, int toolbar_p) | |||
| 4099 | } | 4101 | } |
| 4100 | else if (CONSP (tem0) && EQ (XCAR (tem0), Qminus) | 4102 | else if (CONSP (tem0) && EQ (XCAR (tem0), Qminus) |
| 4101 | && CONSP (XCDR (tem0)) | 4103 | && CONSP (XCDR (tem0)) |
| 4102 | && INTEGERP (XCAR (XCDR (tem0)))) | 4104 | && RANGED_INTEGERP (-INT_MAX, XCAR (XCDR (tem0)), INT_MAX)) |
| 4103 | { | 4105 | { |
| 4104 | f->top_pos = - XINT (XCAR (XCDR (tem0))); | 4106 | f->top_pos = - XINT (XCAR (XCDR (tem0))); |
| 4105 | window_prompting |= YNegative; | 4107 | window_prompting |= YNegative; |
| 4106 | } | 4108 | } |
| 4107 | else if (CONSP (tem0) && EQ (XCAR (tem0), Qplus) | 4109 | else if (CONSP (tem0) && EQ (XCAR (tem0), Qplus) |
| 4108 | && CONSP (XCDR (tem0)) | 4110 | && CONSP (XCDR (tem0)) |
| 4109 | && INTEGERP (XCAR (XCDR (tem0)))) | 4111 | && TYPE_RANGED_INTEGERP (int, XCAR (XCDR (tem0)))) |
| 4110 | { | 4112 | { |
| 4111 | f->top_pos = XINT (XCAR (XCDR (tem0))); | 4113 | f->top_pos = XINT (XCAR (XCDR (tem0))); |
| 4112 | } | 4114 | } |
| @@ -4127,14 +4129,14 @@ x_figure_window_size (struct frame *f, Lisp_Object parms, int toolbar_p) | |||
| 4127 | } | 4129 | } |
| 4128 | else if (CONSP (tem1) && EQ (XCAR (tem1), Qminus) | 4130 | else if (CONSP (tem1) && EQ (XCAR (tem1), Qminus) |
| 4129 | && CONSP (XCDR (tem1)) | 4131 | && CONSP (XCDR (tem1)) |
| 4130 | && INTEGERP (XCAR (XCDR (tem1)))) | 4132 | && RANGED_INTEGERP (-INT_MAX, XCAR (XCDR (tem1)), INT_MAX)) |
| 4131 | { | 4133 | { |
| 4132 | f->left_pos = - XINT (XCAR (XCDR (tem1))); | 4134 | f->left_pos = - XINT (XCAR (XCDR (tem1))); |
| 4133 | window_prompting |= XNegative; | 4135 | window_prompting |= XNegative; |
| 4134 | } | 4136 | } |
| 4135 | else if (CONSP (tem1) && EQ (XCAR (tem1), Qplus) | 4137 | else if (CONSP (tem1) && EQ (XCAR (tem1), Qplus) |
| 4136 | && CONSP (XCDR (tem1)) | 4138 | && CONSP (XCDR (tem1)) |
| 4137 | && INTEGERP (XCAR (XCDR (tem1)))) | 4139 | && TYPE_RANGED_INTEGERP (int, XCAR (XCDR (tem1)))) |
| 4138 | { | 4140 | { |
| 4139 | f->left_pos = XINT (XCAR (XCDR (tem1))); | 4141 | f->left_pos = XINT (XCAR (XCDR (tem1))); |
| 4140 | } | 4142 | } |