(Fccl_execute_on_string): Check for memory overflow.
Use ptrdiff_t rather than EMACS_INT where ptrdiff_t will do.
Redo buffer-overflow calculations to avoid integer overflow.
(overlays_at, overlays_in, record_overlay_string, overlay_strings):
Don't update size of array until after memory allocation succeeds,
because xmalloc/xrealloc may not return.
(bidi_shelve_header_size): New constant.
(bidi_cache_ensure_space, bidi_shelve_cache): Use it.
(bidi_cache_ensure_space): Avoid integer overflow when allocating.
See http://lists.gnu.org/archive/html/emacs-devel/2011-07/msg00688.html
and the surrounding thread.
* minibuf.c (read_minibuf_noninteractive): Rewrite to use getchar
rather than fgets, and retry after EINTR. Otherwise, 'emacs
--batch -f byte-compile-file' fails on OpenBSD if an inactivity
timer goes off.
* s/openbsd.h (BROKEN_SIGIO): Define.
* unexelf.c (unexec) [__OpenBSD__]:
Don't update the .mdebug section of the Alpha COFF symbol table.
* character.c (Fchar_width, c_string_width, lisp_string_width):
* character.h (CHAR_WIDTH):
* indent.c (MULTIBYTE_BYTES_WIDTH):
Use sanitize_char_width to avoid undefined and/or bad behavior
with outlandish widths.
* character.h (sanitize_tab_width): Renamed from sanitize_width,
now that we have two such functions. All uses changed.
(sanitize_char_width): New inline function.
* character.h (sanitize_width): New inline function.
(SANE_TAB_WIDTH): New macro.
(ASCII_CHAR_WIDTH): Use it.
* indent.c (sane_tab_width): Remove. All uses replaced by
SANE_TAB_WIDTH (current_buffer).
* xdisp.c (init_iterator): Use SANE_TAB_WIDTH.
If fchown fails to set both uid and gid, try to set just gid,
as that is sometimes allowed. Adjust the file's mode to eliminate
setuid or setgid bits that are inappropriate if fchown fails.
to compare Lisp_Objects.
* src/gnutls.c (syms_of_gnutls): Rename Vgnutls_log_level to
global_gnutls_log_level, don't mistake it for a Lisp_Object.
(init_gnutls_functions, emacs_gnutls_handle_error): Fix up uses.
(scroll_bar_windows_size): Now ptrdiff_t, as we prefer signed.
(x_send_scroll_bar_event): Likewise. Check that the size does not
exceed limits imposed by XClientMessageEvent, as well as the usual
ptrdiff_t and size_t limits.
(make_lispy_movement): Use same integer type in forward decl
that is used in the definition.
(read_key_sequence, keyremap_step):
Change bufsize argument back to int, undoing my 2011-03-30 change.
We prefer signed types, and int is wide enough here.
(parse_tool_bar_item): Don't assume tool_bar_max_label_size is less
than TYPE_MAXIMUM (EMACS_INT) / 2. Don't let the label size grow
larger than STRING_BYTES_BOUND. Use ptrdiff_t for Emacs string
length, not size_t. Use ptrdiff_t for index, not int.
(keyremap_step, read_key_sequence): Redo bufsize check to avoid
possibility of integer overflow.
This works around a problem with the previous change to Fcopy_file.
Recent glibc declares fchown with __attribute__((warn_unused_result)),
and without this change, GCC might complain about discarding
fchown's return value.
* dispextern.h (struct it.stack[0].u.image.image_id)
(struct_it.image_id, struct image.id, struct image_cache.size)
(struct image_cache.used, struct image_cache.ref_count):
* gtkutil.c (update_frame_tool_bar):
* image.c (x_reference_bitmap, Fimage_size, Fimage_mask_p)
(Fimage_metadata, free_image_cache, clear_image_cache, lookup_image)
(cache_image, mark_image_cache, x_kill_gs_process, Flookup_image):
* nsmenu.m (update_frame_tool_bar):
* xdisp.c (calc_pixel_width_or_height):
* xfns.c (image_cache_refcount):
Image IDs are now ptrdiff_t, not int, to avoid arbitrary limits
on typical 64-bit hosts.
* image.c (RANGED_INTEGERP, TYPE_RANGED_INTEGERP): New macros.
(x_bitmap_pixmap, x_create_x_image_and_pixmap):
Omit unnecessary casts to int.
(parse_image_spec): Check that integers fall into 'int' range
when the callers expect that.
(image_ascent): Redo ascent calculation to avoid int overflow.
(clear_image_cache): Avoid overflow when sqrt (INT_MAX) < nimages.
(lookup_image): Remove unnecessary tests.
(xbm_image_p): Locals are now of int, not EMACS_INT,
since parse_image_check makes sure they fit into int.
(png_load, gif_load, svg_load_image):
Prefer int to unsigned where either will do.
(tiff_handler): New function, combining the cores of the
old tiff_error_handler and tiff_warning_handler. This
function is rewritten to use vsnprintf and thereby avoid
stack buffer overflows. It uses only the features of vsnprintf
that are common to both POSIX and native Microsoft.
(tiff_error_handler, tiff_warning_handler): Use it.
(tiff_load, gif_load, imagemagick_load_image):
Don't assume :index value fits in 'int'.
(gif_load): Omit unnecessary cast to double, and avoid double-rounding.
(imagemagick_load_image): Check that crop parameters fit into
the integer types that MagickCropImage accepts. Don't assume
Vimagemagick_render_type has a nonnegative value. Don't assume
size_t fits in 'long'.
(gs_load): Use printmax_t to print the widest integers possible.
Check for integer overflow when computing image height and width.
(bidi_cache_size, bidi_cache_idx, bidi_cache_last_idx)
(bidi_cache_start, bidi_cache_fetch_state, bidi_cache_search)
(bidi_cache_find_level_change, bidi_cache_ensure_space)
(bidi_cache_iterator_state, bidi_cache_find, bidi_cache_start_stack)
(bidi_find_other_level_edge):
Use ptrdiff_t instead of EMACS_INT where either will do.
This works better on 32-bit hosts configured --with-wide-int.
(bidi_cache_ensure_space): Check for size-calculation overflow.
Use % rather than repeated addition, for better worst-case speed.
Don't set bidi_cache_size until after xrealloc returns, because it
might not return.
(bidi_dump_cached_states): Use ptrdiff_t, not int, to avoid overflow.
