diff options
| -rw-r--r-- | src/ChangeLog | 5 | ||||
| -rw-r--r-- | src/lread.c | 40 |
2 files changed, 25 insertions, 20 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index 96e6741f11f..8ec648e71cf 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -6,6 +6,11 @@ | |||
| 6 | Calculate buffer size correctly for out-of-range radices. | 6 | Calculate buffer size correctly for out-of-range radices. |
| 7 | (read1): Check for integer overflow in radices, and in | 7 | (read1): Check for integer overflow in radices, and in |
| 8 | read-circle numbers. | 8 | read-circle numbers. |
| 9 | (read_escape): Avoid int overflow. | ||
| 10 | (Fload, openp, read_buffer_size, read1) | ||
| 11 | (substitute_object_recurse, read_vector, read_list, map_obarray): | ||
| 12 | Use ptrdiff_t, not int, for sizes. | ||
| 13 | (read1): Use EMACS_INT, not int, for sizes. | ||
| 9 | 14 | ||
| 10 | * image.c (cache_image): Check for size arithmetic overflow. | 15 | * image.c (cache_image): Check for size arithmetic overflow. |
| 11 | 16 | ||
diff --git a/src/lread.c b/src/lread.c index 2f1c05c5aa1..18569df554b 100644 --- a/src/lread.c +++ b/src/lread.c | |||
| @@ -1069,9 +1069,9 @@ Return t if the file exists and loads successfully. */) | |||
| 1069 | 1069 | ||
| 1070 | /* Avoid weird lossage with null string as arg, | 1070 | /* Avoid weird lossage with null string as arg, |
| 1071 | since it would try to load a directory as a Lisp file */ | 1071 | since it would try to load a directory as a Lisp file */ |
| 1072 | if (SCHARS (file) > 0) | 1072 | if (SBYTES (file) > 0) |
| 1073 | { | 1073 | { |
| 1074 | int size = SBYTES (file); | 1074 | ptrdiff_t size = SBYTES (file); |
| 1075 | 1075 | ||
| 1076 | found = Qnil; | 1076 | found = Qnil; |
| 1077 | GCPRO2 (file, found); | 1077 | GCPRO2 (file, found); |
| @@ -1472,7 +1472,7 @@ openp (Lisp_Object path, Lisp_Object str, Lisp_Object suffixes, Lisp_Object *sto | |||
| 1472 | for (tail = NILP (suffixes) ? Fcons (empty_unibyte_string, Qnil) : suffixes; | 1472 | for (tail = NILP (suffixes) ? Fcons (empty_unibyte_string, Qnil) : suffixes; |
| 1473 | CONSP (tail); tail = XCDR (tail)) | 1473 | CONSP (tail); tail = XCDR (tail)) |
| 1474 | { | 1474 | { |
| 1475 | int lsuffix = SBYTES (XCAR (tail)); | 1475 | ptrdiff_t lsuffix = SBYTES (XCAR (tail)); |
| 1476 | Lisp_Object handler; | 1476 | Lisp_Object handler; |
| 1477 | int exists; | 1477 | int exists; |
| 1478 | 1478 | ||
| @@ -2037,7 +2037,7 @@ read0 (Lisp_Object readcharfun) | |||
| 2037 | Fmake_string (make_number (1), make_number (c))); | 2037 | Fmake_string (make_number (1), make_number (c))); |
| 2038 | } | 2038 | } |
| 2039 | 2039 | ||
| 2040 | static int read_buffer_size; | 2040 | static ptrdiff_t read_buffer_size; |
| 2041 | static char *read_buffer; | 2041 | static char *read_buffer; |
| 2042 | 2042 | ||
| 2043 | /* Read a \-escape sequence, assuming we already read the `\'. | 2043 | /* Read a \-escape sequence, assuming we already read the `\'. |
| @@ -2210,7 +2210,7 @@ read_escape (Lisp_Object readcharfun, int stringp) | |||
| 2210 | } | 2210 | } |
| 2211 | if (MAX_CHAR < i) | 2211 | if (MAX_CHAR < i) |
| 2212 | error ("Hex character out of range: \\x%x...", i); | 2212 | error ("Hex character out of range: \\x%x...", i); |
| 2213 | count++; | 2213 | count += count < 3; |
| 2214 | } | 2214 | } |
| 2215 | 2215 | ||
| 2216 | if (count < 3 && i >= 0x80) | 2216 | if (count < 3 && i >= 0x80) |
| @@ -2472,7 +2472,7 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list) | |||
| 2472 | if (c == '[') | 2472 | if (c == '[') |
| 2473 | { | 2473 | { |
| 2474 | Lisp_Object tmp; | 2474 | Lisp_Object tmp; |
| 2475 | int depth, size; | 2475 | EMACS_INT depth, size; |
| 2476 | 2476 | ||
| 2477 | tmp = read_vector (readcharfun, 0); | 2477 | tmp = read_vector (readcharfun, 0); |
| 2478 | if (!INTEGERP (AREF (tmp, 0))) | 2478 | if (!INTEGERP (AREF (tmp, 0))) |
| @@ -2498,7 +2498,7 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list) | |||
| 2498 | if (c == '"') | 2498 | if (c == '"') |
| 2499 | { | 2499 | { |
| 2500 | Lisp_Object tmp, val; | 2500 | Lisp_Object tmp, val; |
| 2501 | int size_in_chars | 2501 | EMACS_INT size_in_chars |
| 2502 | = ((XFASTINT (length) + BOOL_VECTOR_BITS_PER_CHAR - 1) | 2502 | = ((XFASTINT (length) + BOOL_VECTOR_BITS_PER_CHAR - 1) |
| 2503 | / BOOL_VECTOR_BITS_PER_CHAR); | 2503 | / BOOL_VECTOR_BITS_PER_CHAR); |
| 2504 | 2504 | ||
| @@ -2861,14 +2861,14 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list) | |||
| 2861 | a single-byte character. */ | 2861 | a single-byte character. */ |
| 2862 | int force_singlebyte = 0; | 2862 | int force_singlebyte = 0; |
| 2863 | int cancel = 0; | 2863 | int cancel = 0; |
| 2864 | int nchars = 0; | 2864 | ptrdiff_t nchars = 0; |
| 2865 | 2865 | ||
| 2866 | while ((ch = READCHAR) >= 0 | 2866 | while ((ch = READCHAR) >= 0 |
| 2867 | && ch != '\"') | 2867 | && ch != '\"') |
| 2868 | { | 2868 | { |
| 2869 | if (end - p < MAX_MULTIBYTE_LENGTH) | 2869 | if (end - p < MAX_MULTIBYTE_LENGTH) |
| 2870 | { | 2870 | { |
| 2871 | int offset = p - read_buffer; | 2871 | ptrdiff_t offset = p - read_buffer; |
| 2872 | read_buffer = (char *) xrealloc (read_buffer, | 2872 | read_buffer = (char *) xrealloc (read_buffer, |
| 2873 | read_buffer_size *= 2); | 2873 | read_buffer_size *= 2); |
| 2874 | p = read_buffer + offset; | 2874 | p = read_buffer + offset; |
| @@ -3011,7 +3011,7 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list) | |||
| 3011 | { | 3011 | { |
| 3012 | if (end - p < MAX_MULTIBYTE_LENGTH) | 3012 | if (end - p < MAX_MULTIBYTE_LENGTH) |
| 3013 | { | 3013 | { |
| 3014 | int offset = p - read_buffer; | 3014 | ptrdiff_t offset = p - read_buffer; |
| 3015 | read_buffer = (char *) xrealloc (read_buffer, | 3015 | read_buffer = (char *) xrealloc (read_buffer, |
| 3016 | read_buffer_size *= 2); | 3016 | read_buffer_size *= 2); |
| 3017 | p = read_buffer + offset; | 3017 | p = read_buffer + offset; |
| @@ -3038,7 +3038,7 @@ read1 (register Lisp_Object readcharfun, int *pch, int first_in_list) | |||
| 3038 | 3038 | ||
| 3039 | if (p == end) | 3039 | if (p == end) |
| 3040 | { | 3040 | { |
| 3041 | int offset = p - read_buffer; | 3041 | ptrdiff_t offset = p - read_buffer; |
| 3042 | read_buffer = (char *) xrealloc (read_buffer, | 3042 | read_buffer = (char *) xrealloc (read_buffer, |
| 3043 | read_buffer_size *= 2); | 3043 | read_buffer_size *= 2); |
| 3044 | p = read_buffer + offset; | 3044 | p = read_buffer + offset; |
| @@ -3150,7 +3150,7 @@ substitute_object_recurse (Lisp_Object object, Lisp_Object placeholder, Lisp_Obj | |||
| 3150 | { | 3150 | { |
| 3151 | case Lisp_Vectorlike: | 3151 | case Lisp_Vectorlike: |
| 3152 | { | 3152 | { |
| 3153 | int i, length = 0; | 3153 | ptrdiff_t i, length = 0; |
| 3154 | if (BOOL_VECTOR_P (subtree)) | 3154 | if (BOOL_VECTOR_P (subtree)) |
| 3155 | return subtree; /* No sub-objects anyway. */ | 3155 | return subtree; /* No sub-objects anyway. */ |
| 3156 | else if (CHAR_TABLE_P (subtree) || SUB_CHAR_TABLE_P (subtree) | 3156 | else if (CHAR_TABLE_P (subtree) || SUB_CHAR_TABLE_P (subtree) |
| @@ -3373,8 +3373,7 @@ string_to_number (char const *string, int base, int ignore_trailing) | |||
| 3373 | static Lisp_Object | 3373 | static Lisp_Object |
| 3374 | read_vector (Lisp_Object readcharfun, int bytecodeflag) | 3374 | read_vector (Lisp_Object readcharfun, int bytecodeflag) |
| 3375 | { | 3375 | { |
| 3376 | register int i; | 3376 | ptrdiff_t i, size; |
| 3377 | register int size; | ||
| 3378 | register Lisp_Object *ptr; | 3377 | register Lisp_Object *ptr; |
| 3379 | register Lisp_Object tem, item, vector; | 3378 | register Lisp_Object tem, item, vector; |
| 3380 | register struct Lisp_Cons *otem; | 3379 | register struct Lisp_Cons *otem; |
| @@ -3550,8 +3549,8 @@ read_list (int flag, register Lisp_Object readcharfun) | |||
| 3550 | && pos < (saved_doc_string_position | 3549 | && pos < (saved_doc_string_position |
| 3551 | + saved_doc_string_length)) | 3550 | + saved_doc_string_length)) |
| 3552 | { | 3551 | { |
| 3553 | int start = pos - saved_doc_string_position; | 3552 | ptrdiff_t start = pos - saved_doc_string_position; |
| 3554 | int from, to; | 3553 | ptrdiff_t from, to; |
| 3555 | 3554 | ||
| 3556 | /* Process quoting with ^A, | 3555 | /* Process quoting with ^A, |
| 3557 | and find the end of the string, | 3556 | and find the end of the string, |
| @@ -3582,8 +3581,9 @@ read_list (int flag, register Lisp_Object readcharfun) | |||
| 3582 | && pos < (prev_saved_doc_string_position | 3581 | && pos < (prev_saved_doc_string_position |
| 3583 | + prev_saved_doc_string_length)) | 3582 | + prev_saved_doc_string_length)) |
| 3584 | { | 3583 | { |
| 3585 | int start = pos - prev_saved_doc_string_position; | 3584 | ptrdiff_t start = |
| 3586 | int from, to; | 3585 | pos - prev_saved_doc_string_position; |
| 3586 | ptrdiff_t from, to; | ||
| 3587 | 3587 | ||
| 3588 | /* Process quoting with ^A, | 3588 | /* Process quoting with ^A, |
| 3589 | and find the end of the string, | 3589 | and find the end of the string, |
| @@ -3906,7 +3906,7 @@ hash_string (const char *ptr, size_t len) | |||
| 3906 | void | 3906 | void |
| 3907 | map_obarray (Lisp_Object obarray, void (*fn) (Lisp_Object, Lisp_Object), Lisp_Object arg) | 3907 | map_obarray (Lisp_Object obarray, void (*fn) (Lisp_Object, Lisp_Object), Lisp_Object arg) |
| 3908 | { | 3908 | { |
| 3909 | register int i; | 3909 | ptrdiff_t i; |
| 3910 | register Lisp_Object tail; | 3910 | register Lisp_Object tail; |
| 3911 | CHECK_VECTOR (obarray); | 3911 | CHECK_VECTOR (obarray); |
| 3912 | for (i = ASIZE (obarray) - 1; i >= 0; i--) | 3912 | for (i = ASIZE (obarray) - 1; i >= 0; i--) |
| @@ -4006,7 +4006,7 @@ defalias (sname, string) | |||
| 4006 | #endif /* NOTDEF */ | 4006 | #endif /* NOTDEF */ |
| 4007 | 4007 | ||
| 4008 | /* Define an "integer variable"; a symbol whose value is forwarded to a | 4008 | /* Define an "integer variable"; a symbol whose value is forwarded to a |
| 4009 | C variable of type int. Sample call (munged w "xx" to fool make-docfile): | 4009 | C variable of type EMACS_INT. Sample call (with "xx" to fool make-docfile): |
| 4010 | DEFxxVAR_INT ("emacs-priority", &emacs_priority, "Documentation"); */ | 4010 | DEFxxVAR_INT ("emacs-priority", &emacs_priority, "Documentation"); */ |
| 4011 | void | 4011 | void |
| 4012 | defvar_int (struct Lisp_Intfwd *i_fwd, | 4012 | defvar_int (struct Lisp_Intfwd *i_fwd, |