From ca9ce8f2cb9d3d70c4e7d9dc9299ea4d5d71dfbc Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Thu, 28 Jul 2011 14:31:33 -0700 Subject: Integer and memory overflow fixes for display code. * dispextern.h (struct glyph_pool.nglyphs): Now ptrdiff_t, not int. * dispnew.c (adjust_glyph_matrix, realloc_glyph_pool, scrolling_window): Check for overflow in size calculations. (line_draw_cost, realloc_glyph_pool, add_row_entry): Don't assume glyph table len fits in int. (struct row_entry.bucket, row_entry_pool_size, row_entry_idx) (row_table_size): Now ptrdiff_t, not int. (scrolling_window): Avoid overflow in size calculations. Don't update size until allocation succeeds. * fns.c (concat): Check for overflow in size calculations. (next_almost_prime): Verify NEXT_ALMOST_PRIME_LIMIT. * lisp.h (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros. (NEXT_ALMOST_PRIME_LIMIT): New constant. --- src/ChangeLog | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'src/ChangeLog') diff --git a/src/ChangeLog b/src/ChangeLog index 78b3b97b2d7..d7d32e90089 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,20 @@ 2011-07-28 Paul Eggert + Integer and memory overflow fixes for display code. + * dispextern.h (struct glyph_pool.nglyphs): Now ptrdiff_t, not int. + * dispnew.c (adjust_glyph_matrix, realloc_glyph_pool, scrolling_window): + Check for overflow in size calculations. + (line_draw_cost, realloc_glyph_pool, add_row_entry): + Don't assume glyph table len fits in int. + (struct row_entry.bucket, row_entry_pool_size, row_entry_idx) + (row_table_size): Now ptrdiff_t, not int. + (scrolling_window): Avoid overflow in size calculations. + Don't update size until allocation succeeds. + * fns.c (concat): Check for overflow in size calculations. + (next_almost_prime): Verify NEXT_ALMOST_PRIME_LIMIT. + * lisp.h (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros. + (NEXT_ALMOST_PRIME_LIMIT): New constant. + * composite.c: Integer overflow fixes. (get_composition_id): Check for overflow in glyph length calculations. -- cgit v1.2.1