From 93005cd9dc2bab882e66ac7b81f593cd6c021e43 Mon Sep 17 00:00:00 2001 From: Stefan Monnier Date: Tue, 9 May 2023 22:30:52 -0400 Subject: with-display-message: Workaround for bug#63253 Running arbitrary ELisp code from an atimer is still dangerous, at least because the regexp engine is not-reentrant, so let's patch up the case we bumped into. There are probably many other such holes :-( * src/alloc.c (garbage_collection_inhibited): Make it non-static. * src/xdisp.c (garbage_collection_inhibited): Declare it. (set_message, clear_message): Use it as a proxy for "we're in a dangerous context like within `probably_quit`". --- src/alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/alloc.c') diff --git a/src/alloc.c b/src/alloc.c index 05a19f0b7e9..7ff2cd3b100 100644 --- a/src/alloc.c +++ b/src/alloc.c @@ -367,7 +367,7 @@ static ptrdiff_t pure_bytes_used_non_lisp; /* If positive, garbage collection is inhibited. Otherwise, zero. */ -static intptr_t garbage_collection_inhibited; +intptr_t garbage_collection_inhibited; /* The GC threshold in bytes, the last time it was calculated from gc-cons-threshold and gc-cons-percentage. */ -- cgit v1.2.1 From 0c11c2ae71fcc03d98b35384d6c70e6d7454ba90 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 14 May 2023 18:51:23 -0700 Subject: Pacify GCC 13 -Wanalyzer-out-of-bounds * src/alloc.c (NEAR_STACK_TOP): Hoist from here ... * src/thread.h: ... to here. * src/print.c (print_object): Use NEAR_STACK_TOP instead of raw buffer address. This is more natural, and pacifies GCC 13. --- src/alloc.c | 9 --------- 1 file changed, 9 deletions(-) (limited to 'src/alloc.c') diff --git a/src/alloc.c b/src/alloc.c index 6391ede8d0a..29393deeff4 100644 --- a/src/alloc.c +++ b/src/alloc.c @@ -5338,15 +5338,6 @@ typedef union #endif } stacktop_sentry; -/* Yield an address close enough to the top of the stack that the - garbage collector need not scan above it. Callers should be - declared NO_INLINE. */ -#ifdef HAVE___BUILTIN_FRAME_ADDRESS -# define NEAR_STACK_TOP(addr) ((void) (addr), __builtin_frame_address (0)) -#else -# define NEAR_STACK_TOP(addr) (addr) -#endif - /* Set *P to the address of the top of the stack. This must be a macro, not a function, so that it is executed in the caller's environment. It is not inside a do-while so that its storage -- cgit v1.2.1 From 5ef169ed701fa4f850fdca5563cdd468207d5d4f Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Wed, 17 May 2023 15:36:54 -0700 Subject: Prefer C23 ckd_* to Gnulib *_WRAPV macros C23 has added ckd_add etc. macros with functionality equivalent to the older Gnulib INT_ADD_WRAPV macros, so switch to the more-standard names. * admin/merge-gnulib (GNULIB_MODULES): Add stdckdint. This merely makes the dependency explicit, as we were already using this Gnulib module indirectly. * lib-src/etags.c, src/lisp.h: Include stdckdint.h. * lib-src/etags.c (xnmalloc, xnrealloc): * src/alloc.c (xnmalloc, xnrealloc, xpalloc, Fmake_string) (mark_memory): * src/bignum.c (emacs_mpz_pow_ui): * src/buffer.c (record_overlay_string, overlay_strings): * src/bytecode.c (exec_byte_code): * src/casefiddle.c (do_casify_multibyte_string): * src/ccl.c (ccl_driver, Fccl_execute_on_string): * src/character.c (char_width, c_string_width) (lisp_string_width, count_size_as_multibyte) (string_escape_byte8): * src/cmds.c (internal_self_insert): * src/coding.c (coding_alloc_by_realloc, produce_chars): * src/data.c (arith_driver): * src/dispnew.c (realloc_glyph_pool, init_display_interactive): * src/doprnt.c (parse_format_integer): * src/editfns.c (Freplace_buffer_contents, str2num) (styled_format): * src/emacs-module.c (module_global_reference_p) (module_make_global_ref, module_funcall): * src/eval.c (max_ensure_room): * src/fileio.c (blocks_to_bytes): * src/fns.c (Ffillarray): * src/font.c (font_intern_prop): * src/frame.c (check_frame_pixels): * src/gnutls.c (gnutls_hex_string, gnutls_symmetric_aead): * src/gtkutil.c (get_utf8_string): * src/haikuterm.c (haiku_term_init): * src/image.c (xbm_scan, image_to_emacs_colors) (image_detect_edges, png_load_body): * src/keyboard.c (Frecursion_depth): * src/keymap.c (Flookup_key, Fkey_description): * src/lisp.h (modiff_incr, SAFE_ALLOCA_LISP_EXTRA): * src/lread.c (read_bool_vector): * src/pgtkterm.c (pgtk_term_init): * src/regex-emacs.c (regex_compile): * src/term.c (encode_terminal_code): * src/termcap.c (tputs): * src/textconv.c (textconv_query): * src/timefns.c (timespec_ticks, lisp_time_hz_ticks) (Fdecode_time, check_tm_member): * src/tparam.c (tparam1): * src/w32term.c (w32_initialize_display_info): * src/xdisp.c (fill_column_indicator_column, decode_mode_spec): * src/xselect.c (selection_data_size, x_property_data_to_lisp): * src/xsmfns.c (smc_save_yourself_CB): * src/xterm.c (xm_setup_dnd_targets, x_sync_get_monotonic_time) (x_sync_current_monotonic_time, x_sync_note_frame_times) (x_display_set_last_user_time, x_term_init): Prefer the C23 stdckdint macros to their Gnulib intprops.h counterparts, since C23 is standard. --- src/alloc.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'src/alloc.c') diff --git a/src/alloc.c b/src/alloc.c index 29393deeff4..17ca5c725d0 100644 --- a/src/alloc.c +++ b/src/alloc.c @@ -863,7 +863,7 @@ xnmalloc (ptrdiff_t nitems, ptrdiff_t item_size) { eassert (0 <= nitems && 0 < item_size); ptrdiff_t nbytes; - if (INT_MULTIPLY_WRAPV (nitems, item_size, &nbytes) || SIZE_MAX < nbytes) + if (ckd_mul (&nbytes, nitems, item_size) || SIZE_MAX < nbytes) memory_full (SIZE_MAX); return xmalloc (nbytes); } @@ -877,7 +877,7 @@ xnrealloc (void *pa, ptrdiff_t nitems, ptrdiff_t item_size) { eassert (0 <= nitems && 0 < item_size); ptrdiff_t nbytes; - if (INT_MULTIPLY_WRAPV (nitems, item_size, &nbytes) || SIZE_MAX < nbytes) + if (ckd_mul (&nbytes, nitems, item_size) || SIZE_MAX < nbytes) memory_full (SIZE_MAX); return xrealloc (pa, nbytes); } @@ -924,13 +924,13 @@ xpalloc (void *pa, ptrdiff_t *nitems, ptrdiff_t nitems_incr_min, NITEMS_MAX, and what the C language can represent safely. */ ptrdiff_t n, nbytes; - if (INT_ADD_WRAPV (n0, n0 >> 1, &n)) + if (ckd_add (&n, n0, n0 >> 1)) n = PTRDIFF_MAX; if (0 <= nitems_max && nitems_max < n) n = nitems_max; ptrdiff_t adjusted_nbytes - = ((INT_MULTIPLY_WRAPV (n, item_size, &nbytes) || SIZE_MAX < nbytes) + = ((ckd_mul (&nbytes, n, item_size) || SIZE_MAX < nbytes) ? min (PTRDIFF_MAX, SIZE_MAX) : nbytes < DEFAULT_MXFAST ? DEFAULT_MXFAST : 0); if (adjusted_nbytes) @@ -942,9 +942,9 @@ xpalloc (void *pa, ptrdiff_t *nitems, ptrdiff_t nitems_incr_min, if (! pa) *nitems = 0; if (n - n0 < nitems_incr_min - && (INT_ADD_WRAPV (n0, nitems_incr_min, &n) + && (ckd_add (&n, n0, nitems_incr_min) || (0 <= nitems_max && nitems_max < n) - || INT_MULTIPLY_WRAPV (n, item_size, &nbytes))) + || ckd_mul (&nbytes, n, item_size))) memory_full (SIZE_MAX); pa = xrealloc (pa, nbytes); *nitems = n; @@ -2375,7 +2375,7 @@ a multibyte string even if INIT is an ASCII character. */) ptrdiff_t len = CHAR_STRING (c, str); EMACS_INT string_len = XFIXNUM (length); - if (INT_MULTIPLY_WRAPV (len, string_len, &nbytes)) + if (ckd_mul (&nbytes, len, string_len)) string_overflow (); val = make_clear_multibyte_string (string_len, nbytes, clearit); if (!clearit) @@ -5226,7 +5226,7 @@ mark_memory (void const *start, void const *end) a Lisp_Object might be split into registers saved into non-adjacent words and P might be the low-order word's value. */ intptr_t ip; - INT_ADD_WRAPV ((intptr_t) p, (intptr_t) lispsym, &ip); + ckd_add (&ip, (intptr_t) p, (intptr_t) lispsym); mark_maybe_pointer ((void *) ip, true); } } -- cgit v1.2.1