diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2014-09-07 00:04:01 -0700 |
---|---|---|
committer | Paul Eggert <eggert@cs.ucla.edu> | 2014-09-07 00:04:01 -0700 |
commit | b3bf18b3b87ac8f00857b8bfc3f2c74cf0e2fb7d (patch) | |
tree | cf138164e4f8887394f52cb22da594d1713da316 /src/editfns.c | |
parent | 930fb80f9e2815e599eb1de699668d42e305fa21 (diff) | |
download | emacs-b3bf18b3b87ac8f00857b8bfc3f2c74cf0e2fb7d.tar.gz |
Use SAFE_ALLOCA etc. to avoid unbounded stack allocation.
This follows up on the recent thread in emacs-devel on alloca; see:
http://lists.gnu.org/archive/html/emacs-devel/2014-09/msg00042.html
This patch also cleans up alloca-related glitches noted while
examining the code looking for unbounded alloca.
* alloc.c (listn):
* callproc.c (init_callproc):
Rewrite to avoid need for alloca.
* buffer.c (mouse_face_overlay_overlaps)
(report_overlay_modification):
* buffer.h (GET_OVERLAYS_AT):
* coding.c (make_subsidiaries):
* doc.c (Fsnarf_documentation):
* editfns.c (Fuser_full_name):
* fileio.c (Ffile_name_directory, Fexpand_file_name)
(search_embedded_absfilename, Fsubstitute_in_file_name):
* fns.c (Fmake_hash_table):
* font.c (font_vconcat_entity_vectors, font_update_drivers):
* fontset.c (fontset_pattern_regexp, Ffontset_info):
* frame.c (Fmake_terminal_frame, x_set_frame_parameters)
(xrdb_get_resource, x_get_resource_string):
* ftfont.c (ftfont_get_charset, ftfont_check_otf, ftfont_drive_otf):
* ftxfont.c (ftxfont_draw):
* image.c (xbm_load, xpm_load, jpeg_load_body):
* keyboard.c (echo_add_key, menu_bar_items, tool_bar_items):
* keymap.c (Fdescribe_buffer_bindings, describe_map):
* lread.c (openp):
* menu.c (digest_single_submenu, find_and_call_menu_selection)
(find_and_return_menu_selection):
* print.c (PRINTFINISH):
* process.c (Fformat_network_address):
* scroll.c (do_scrolling, do_direct_scrolling, scrolling_1):
* search.c (search_buffer, Fmatch_data, Fregexp_quote):
* sound.c (wav_play, au_play):
* syntax.c (skip_chars):
* term.c (tty_menu_activate, tty_menu_show):
* textprop.c (get_char_property_and_overlay):
* window.c (Fset_window_configuration):
* xdisp.c (safe__call, next_overlay_change, vmessage)
(compute_overhangs_and_x, draw_glyphs, note_mouse_highlight):
* xfaces.c (face_at_buffer_position):
* xmenu.c (x_menu_show):
Use SAFE_ALLOCA etc. instead of plain alloca, since the
allocation size isn't bounded.
* callint.c (Fcall_interactively): Redo memory_full check
so that it can be done at compile-time on some platforms.
* coding.c (MAX_LOOKUP_MAX): New constant.
(get_translation_table): Use it.
* callproc.c (call_process): Use SAFE_NALLOCA instead of
SAFE_ALLOCA, to catch integer overflows on size calculation.
(exec_failed) [!DOS_NT]: New function.
(child_setup) [!DOS_NT]: Use it.
* editfns.c (Ftranspose_regions):
Hoist USE_SAFE_ALLOC + SAFE_FREE out of 'if'.
* editfns.c (check_translation):
Allocate larger buffers on the heap.
* eval.c (internal_lisp_condition_case):
Check for MAX_ALLOCA overflow.
* fns.c (sort_vector): Use SAFE_ALLOCA_LISP rather than Fmake_vector.
(Fbase64_encode_region, Fbase64_decode_region):
Avoid unnecessary calls to SAFE_FREE before 'error'.
* buffer.c (mouse_face_overlay_overlaps):
* editfns.c (Fget_pos_property, check_translation):
* eval.c (Ffuncall):
* font.c (font_unparse_xlfd, font_find_for_lface):
* ftfont.c (ftfont_drive_otf):
* keyboard.c (echo_add_key, read_decoded_event_from_main_queue)
(menu_bar_items, tool_bar_items):
* sound.c (Fplay_sound_internal):
* xdisp.c (load_overlay_strings, dump_glyph_row):
Use an ordinary auto buffer rather than alloca, since the
allocation size is fixed and small.
* ftfont.c: Include <c-strcase.h>.
(matching_prefix): New function.
(get_adstyle_property): Use it, to avoid need for alloca.
* keyboard.c (echo_add_key):
* keymap.c (describe_map): Use ptrdiff_t, not int.
* keyboard.c (echo_add_key): Prefer sizeof to strlen.
* keymap.c (Fdescribe_buffer_bindings): Use SBYTES, not SCHARS,
when counting bytes.
* lisp.h (xlispstrdupa): Remove, replacing with ...
(SAFE_ALLOCA_STRING): ... new macro with different API.
This fixes a portability problem, namely, alloca result
passed to another function. All uses changed.
(SAFE_ALLOCA, SAFE_ALLOCA_LISP): Check for MAX_ALLOCA,
not MAX_ALLOCA - 1.
* regex.c (REGEX_USE_SAFE_ALLOCA, REGEX_SAFE_FREE)
(REGEX_ALLOCATE): New macros.
(REGEX_REALLOCATE, REGEX_ALLOCATE_STACK, REGEX_REALLOCATE_STACK)
(REGEX_FREE_STACK, FREE_VARIABLES, re_match_2_internal):
Use them.
* xdisp.c (message3): Use SAFE_ALLOCA_STRING rather than doing it
by hand.
(decode_mode_spec_coding): Store directly into buf rather than
into an alloca temporary and copying the temporary to the buf.
Fixes: debbugs:18410
Diffstat (limited to 'src/editfns.c')
-rw-r--r-- | src/editfns.c | 54 |
1 files changed, 30 insertions, 24 deletions
diff --git a/src/editfns.c b/src/editfns.c index a906aead09a..7e9a3bf7d3c 100644 --- a/src/editfns.c +++ b/src/editfns.c @@ -376,13 +376,14 @@ at POSITION. */) set_buffer_temp (XBUFFER (object)); /* First try with room for 40 overlays. */ - noverlays = 40; - overlay_vec = alloca (noverlays * sizeof *overlay_vec); + Lisp_Object overlay_vecbuf[40]; + noverlays = ARRAYELTS (overlay_vecbuf); + overlay_vec = overlay_vecbuf; noverlays = overlays_around (posn, overlay_vec, noverlays); /* If there are more than 40, make enough space for all, and try again. */ - if (noverlays > 40) + if (ARRAYELTS (overlay_vecbuf) < noverlays) { SAFE_ALLOCA_LISP (overlay_vec, noverlays); noverlays = overlays_around (posn, overlay_vec, noverlays); @@ -1325,17 +1326,16 @@ name, or nil if there is no such user. */) /* Substitute the login name for the &, upcasing the first character. */ if (q) { - register char *r; - Lisp_Object login; - - login = Fuser_login_name (make_number (pw->pw_uid)); - r = alloca (strlen (p) + SCHARS (login) + 1); + Lisp_Object login = Fuser_login_name (make_number (pw->pw_uid)); + USE_SAFE_ALLOCA; + char *r = SAFE_ALLOCA (strlen (p) + SBYTES (login) + 1); memcpy (r, p, q - p); r[q - p] = 0; strcat (r, SSDATA (login)); r[q - p] = upcase ((unsigned char) r[q - p]); strcat (r, q + 1); full = build_string (r); + SAFE_FREE (); } #endif /* AMPERSAND_FULL_NAME */ @@ -3012,8 +3012,12 @@ static Lisp_Object check_translation (ptrdiff_t pos, ptrdiff_t pos_byte, ptrdiff_t end, Lisp_Object val) { - int buf_size = 16, buf_used = 0; - int *buf = alloca (sizeof (int) * buf_size); + int initial_buf[16]; + int *buf = initial_buf; + ptrdiff_t buf_size = ARRAYELTS (initial_buf); + int *bufalloc = 0; + ptrdiff_t buf_used = 0; + Lisp_Object result = Qnil; for (; CONSP (val); val = XCDR (val)) { @@ -3038,12 +3042,11 @@ check_translation (ptrdiff_t pos, ptrdiff_t pos_byte, ptrdiff_t end, if (buf_used == buf_size) { - int *newbuf; - - buf_size += 16; - newbuf = alloca (sizeof (int) * buf_size); - memcpy (newbuf, buf, sizeof (int) * buf_used); - buf = newbuf; + bufalloc = xpalloc (bufalloc, &buf_size, 1, -1, + sizeof *bufalloc); + if (buf == initial_buf) + memcpy (bufalloc, buf, sizeof initial_buf); + buf = bufalloc; } buf[buf_used++] = STRING_CHAR_AND_LENGTH (p, len1); pos_byte += len1; @@ -3052,10 +3055,15 @@ check_translation (ptrdiff_t pos, ptrdiff_t pos_byte, ptrdiff_t end, break; } if (i == len) - return XCAR (val); + { + result = XCAR (val); + break; + } } } - return Qnil; + + xfree (bufalloc); + return result; } @@ -4617,11 +4625,11 @@ Transposing beyond buffer boundaries is an error. */) if (tmp_interval3) set_text_properties_1 (startr1, endr2, Qnil, buf, tmp_interval3); + USE_SAFE_ALLOCA; + /* First region smaller than second. */ if (len1_byte < len2_byte) { - USE_SAFE_ALLOCA; - temp = SAFE_ALLOCA (len2_byte); /* Don't precompute these addresses. We have to compute them @@ -4633,21 +4641,19 @@ Transposing beyond buffer boundaries is an error. */) memcpy (temp, start2_addr, len2_byte); memcpy (start1_addr + len2_byte, start1_addr, len1_byte); memcpy (start1_addr, temp, len2_byte); - SAFE_FREE (); } else /* First region not smaller than second. */ { - USE_SAFE_ALLOCA; - temp = SAFE_ALLOCA (len1_byte); start1_addr = BYTE_POS_ADDR (start1_byte); start2_addr = BYTE_POS_ADDR (start2_byte); memcpy (temp, start1_addr, len1_byte); memcpy (start1_addr, start2_addr, len2_byte); memcpy (start1_addr + len2_byte, temp, len1_byte); - SAFE_FREE (); } + + SAFE_FREE (); graft_intervals_into_buffer (tmp_interval1, start1 + len2, len1, current_buffer, 0); graft_intervals_into_buffer (tmp_interval2, start1, |