summaryrefslogtreecommitdiff
path: root/src/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'src/ChangeLog')
-rw-r--r--src/ChangeLog83
1 files changed, 69 insertions, 14 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index a88e2e8e3cf..b525d83e288 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,7 +1,48 @@
-2011-07-29 Paul Eggert <eggert@cs.ucla.edu>
+2011-08-05 Paul Eggert <eggert@cs.ucla.edu>
Integer and memory overflow issues.
+ * charset.c (charset_table_size)
+ (struct charset_sort_data.priority): Now ptrdiff_t.
+ (charset_compare): Don't overflow if priorities differ greatly.
+ (Fsort_charsets): Don't assume list length fits in int.
+ Check for size-calculation overflow when allocating sort data.
+ (syms_of_charset): Allocate an initial charset table that is
+ just under 64 KiB, to avoid problems with glibc malloc and mmap.
+
+ * cmds.c (internal_self_insert): Check for size-calculation overflow.
+
+ * composite.h (struct composition.glyph_len): Now int, not unsigned.
+ The actual value is always <= INT_MAX, and leaving it unsigned made
+ overflow checking harder.
+
+ * dispextern.h (struct glyph_matrix.rows_allocated)
+ (struct face_cache.size): Now ptrdiff_t, for convenience in use
+ with xpalloc. The values are still always <= INT_MAX.
+
+ * indent.c (compute_motion): Adjust to region_cache_forward sig change.
+
+ * lisp.h (xnmalloc, xnrealloc, xpalloc): New decls.
+ (SAFE_NALLOCA): New macro.
+
+ * region-cache.c (struct boundary.pos, find_cache_boundary)
+ (move_cache_gap, insert_cache_boundary, delete_cache_boundaries)
+ (set_cache_region, invalidate_region_cache)
+ (revalidate_region_cache, know_region_cache, region_cache_forward)
+ (region_cache_backward, pp_cache):
+ Use ptrdiff_t, not EMACS_INT, since either will do. This is needed
+ so that ptrdiff_t * can be passed to xpalloc.
+ (struct region_cache): Similarly, for gap_start, gap_len, cache_len,
+ beg_unchanged, end_unchanged, buffer_beg, buffer_end members.
+ (pp_cache): Don't assume cache_len fits in int.
+ * region-cache.h: Adjust extern decls to match.
+
+ * search.c (scan_buffer, Freplace_match): Use ptrdiff_t, not
+ EMACS_INT, since either will do, for xpalloc.
+
+ * alloc.c: Include verify.h, and check that int fits in ptrdiff_t.
+ (xnmalloc, xnrealloc, xpalloc): New functions.
+
* bidi.c (bidi_shelve_header_size): New constant.
(bidi_cache_ensure_space, bidi_shelve_cache): Use it.
(bidi_cache_ensure_space): Avoid integer overflow when allocating.
@@ -10,12 +51,21 @@
(overlay_strings):
Don't update size of array until after memory allocation succeeds,
because xmalloc/xrealloc may not return.
+ (struct sortstrlist.bytes): Now ptrdiff_t, as EMACS_INT doesn't help
+ now that we have proper integer overflow checking.
+ (record_overlay_string, overlay_strings): Catch overflows when
+ calculating size of overlay_str_buf.
- * callproc.c (child_setup): Don't assume strlen fits in int.
+ * callproc.c (Fcall_process): Check for size overflow when
+ calculating size of args2.
+ (child_setup): Avoid overflow by using size_t rather than ptrdiff_t.
+ Normally we prefer signed values, but sticking with ptrdiff_t would
+ require adding more-complicated checks.
* ccl.c (Fccl_execute_on_string): Check for memory overflow.
Use ptrdiff_t rather than EMACS_INT where ptrdiff_t will do.
Redo buffer-overflow calculations to avoid integer overflow.
+ Add a FIXME comment where memory seems to be over-allocated.
* character.c (Fstring): Check for size-calculation overflow.
@@ -55,7 +105,10 @@
Don't assume message length fits in int.
(Fformat): Use ptrdiff_t, not EMACS_INT, where ptrdiff_t will do.
- * emacs.c (main, sort_args): Check for size-calculation overflow.
+ * emacs.c (main): Do not reallocate argv, since there is a null at
+ the end that can be overwritten, and this way there's no need to
+ worry about size-calculation overflow.
+ (sort_args): Check for size-calculation overflow.
* eval.c (init_eval_once, grow_specpdl): Don't update size until
alloc succeeds.
@@ -119,9 +172,6 @@
* macros.c (Fstart_kbd_macro): Don't update size until alloc done.
(store_kbd_macro_char): Reorder multiplicands to avoid overflow.
- * minibuf.c (read_minibuf_noninteractive): Don't leak memory
- on memory overflow.
-
* nsterm.h (struct ns_color_table.size, struct ns_color_table.avail):
Now ptrdiff_t, not int.
* nsterm.m (ns_index_color): Use ptrdiff_t, not int, for table indexes.
@@ -161,25 +211,29 @@
Don't update size until alloc done.
Redo size calculations to avoid overflow.
Check for size calculation overflow.
+ (main) [DEBUG]: Fix typo in invoking tparam1.
* xdisp.c (store_mode_line_noprop_char, x_consider_frame_title):
Use ptrdiff_t, not int, for sizes.
(store_mode_line_noprop_char): Don't update size until alloc done.
- * xfaces.c (Finternal_make_lisp_face): Use ptrdiff_t, not int, for
- sizes. Check for size calculation overflow.
- (cache_face): Do not overflow in size calculation.
+ * xfaces.c (lface_id_to_name_size, Finternal_make_lisp_face):
+ Use ptrdiff_t, not int, for sizes.
+ (Finternal_make_lisp_face, cache_face):
+ Check for size calculation overflow.
+ (cache_face): Treat size calculation overflows as if they were
+ memory exhaustion (the usual treatment), rather than aborting.
* xfns.c (x_encode_text, x_set_name_internal)
(Fx_change_window_property): Use ptrdiff_t, not int, to count
sizes, since they can exceed INT_MAX in size. Check for size
calculation overflow.
- * xgselect.c (xg_select): Check for size calculation overflow.
+ * xgselect.c (gfds_size): Now ptrdiff_t, for convenience with xpalloc.
+ (xg_select): Check for size calculation overflow.
Don't update size until alloc done.
- * xrdb.c (magic_file_p): Plug memory leak on size overflow.
- (get_environ_db): Don't assume path length fits in int,
+ * xrdb.c (get_environ_db): Don't assume path length fits in int,
as sprintf is limited to int lengths.
* xselect.c (X_LONG_SIZE, X_USHRT_MAX, X_ULONG_MAX): New macros.
@@ -229,10 +283,11 @@
* xsmfns.c (smc_save_yourself_CB): Check for size calc overflow.
- * xterm.c (x_color_cells, handle_one_xevent, x_term_init):
- Check for size calculation overflow.
+ * xterm.c (x_color_cells, x_send_scrollbar_event, handle_one_xevent)
+ (x_term_init): Check for size calculation overflow.
(x_color_cells): Don't store size until memory allocation succeeds.
(handle_one_xevent): Use ptrdiff_t, not int, for byte counts.
+ Don't assume alloca size is less than MAX_ALLOCA.
(x_term_init): Don't assume length fits in int (sprintf is limited
to int size).
View Lorry Controller Status