[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] master abcba32: Fix a few integer-overflow glitches
|
From: |
Paul Eggert |
|
Subject: |
[Emacs-diffs] master abcba32: Fix a few integer-overflow glitches |
|
Date: |
Fri, 10 Feb 2017 11:36:47 -0500 (EST) |
branch: master
commit abcba32c262e575b562ec0e481e55538536f969f
Author: Paul Eggert <address@hidden>
Commit: Paul Eggert <address@hidden>
Fix a few integer-overflow glitches
* src/composite.c (composition_compute_stop_pos, composition_reseat_it):
* src/dispextern.h (struct composition_it.rule_idx):
* src/keyboard.c (Fset__this_command_keys):
* src/xwidget.c (webkit_js_to_lisp):
Don’t assume object sizes fit in ‘int’.
* src/xwidget.c (Fxwidget_resize):
Don’t assume Emacs integers fit in ‘int’.
---
src/composite.c | 89 ++++++++++++++++++++++++++------------------------------
src/dispextern.h | 2 +-
src/keyboard.c | 2 +-
src/xwidget.c | 12 ++++----
4 files changed, 50 insertions(+), 55 deletions(-)
diff --git a/src/composite.c b/src/composite.c
index f23bb17..b673c53 100644
--- a/src/composite.c
+++ b/src/composite.c
@@ -1012,7 +1012,7 @@ composition_compute_stop_pos (struct composition_it
*cmp_it, ptrdiff_t charpos,
val = CHAR_TABLE_REF (Vcomposition_function_table, c);
if (! NILP (val))
{
- for (int ridx = 0; CONSP (val); val = XCDR (val), ridx++)
+ for (EMACS_INT ridx = 0; CONSP (val); val = XCDR (val), ridx++)
{
Lisp_Object elt = XCAR (val);
if (VECTORP (elt) && ASIZE (elt) == 3
@@ -1063,54 +1063,48 @@ composition_compute_stop_pos (struct composition_it
*cmp_it, ptrdiff_t charpos,
while (char_composable_p (c))
{
val = CHAR_TABLE_REF (Vcomposition_function_table, c);
- if (! NILP (val))
+ for (EMACS_INT ridx = 0; CONSP (val); val = XCDR (val), ridx++)
{
- Lisp_Object elt;
- int ridx, blen;
-
- for (ridx = 0; CONSP (val); val = XCDR (val), ridx++)
+ Lisp_Object elt = XCAR (val);
+ if (VECTORP (elt) && ASIZE (elt) == 3
+ && NATNUMP (AREF (elt, 1))
+ && charpos - XFASTINT (AREF (elt, 1)) > endpos)
{
- elt = XCAR (val);
- if (VECTORP (elt) && ASIZE (elt) == 3
- && NATNUMP (AREF (elt, 1))
- && charpos - XFASTINT (AREF (elt, 1)) > endpos)
- {
- ptrdiff_t back = XFASTINT (AREF (elt, 1));
- ptrdiff_t cpos = charpos - back, bpos;
+ ptrdiff_t back = XFASTINT (AREF (elt, 1));
+ ptrdiff_t cpos = charpos - back, bpos;
- if (back == 0)
- bpos = bytepos;
- else
- bpos = (NILP (string) ? CHAR_TO_BYTE (cpos)
- : string_char_to_byte (string, cpos));
- if (STRINGP (AREF (elt, 0)))
- blen = fast_looking_at (AREF (elt, 0), cpos, bpos,
- start + 1, limit, string);
- else
- blen = 1;
- if (blen > 0)
+ if (back == 0)
+ bpos = bytepos;
+ else
+ bpos = (NILP (string) ? CHAR_TO_BYTE (cpos)
+ : string_char_to_byte (string, cpos));
+ ptrdiff_t blen
+ = (STRINGP (AREF (elt, 0))
+ ? fast_looking_at (AREF (elt, 0), cpos, bpos,
+ start + 1, limit, string)
+ : 1);
+ if (blen > 0)
+ {
+ /* Make CPOS point to the last character of
+ match. Note that BLEN is byte-length. */
+ if (blen > 1)
+ {
+ bpos += blen;
+ if (NILP (string))
+ cpos = BYTE_TO_CHAR (bpos) - 1;
+ else
+ cpos = string_byte_to_char (string, bpos) - 1;
+ }
+ back = cpos - (charpos - back);
+ if (cmp_it->stop_pos < cpos
+ || (cmp_it->stop_pos == cpos
+ && cmp_it->lookback < back))
{
- /* Make CPOS point to the last character of
- match. Note that BLEN is byte-length. */
- if (blen > 1)
- {
- bpos += blen;
- if (NILP (string))
- cpos = BYTE_TO_CHAR (bpos) - 1;
- else
- cpos = string_byte_to_char (string, bpos) - 1;
- }
- back = cpos - (charpos - back);
- if (cmp_it->stop_pos < cpos
- || (cmp_it->stop_pos == cpos
- && cmp_it->lookback < back))
- {
- cmp_it->rule_idx = ridx;
- cmp_it->stop_pos = cpos;
- cmp_it->ch = c;
- cmp_it->lookback = back;
- cmp_it->nchars = back + 1;
- }
+ cmp_it->rule_idx = ridx;
+ cmp_it->stop_pos = cpos;
+ cmp_it->ch = c;
+ cmp_it->lookback = back;
+ cmp_it->nchars = back + 1;
}
}
}
@@ -1203,10 +1197,10 @@ composition_reseat_it (struct composition_it *cmp_it,
ptrdiff_t charpos,
{
Lisp_Object lgstring = Qnil;
Lisp_Object val, elt;
- ptrdiff_t i;
val = CHAR_TABLE_REF (Vcomposition_function_table, cmp_it->ch);
- for (i = 0; i < cmp_it->rule_idx; i++, val = XCDR (val));
+ for (EMACS_INT i = 0; i < cmp_it->rule_idx; i++, val = XCDR (val))
+ continue;
if (charpos < endpos)
{
for (; CONSP (val); val = XCDR (val))
@@ -1255,6 +1249,7 @@ composition_reseat_it (struct composition_it *cmp_it,
ptrdiff_t charpos,
if (NILP (LGSTRING_ID (lgstring)))
lgstring = composition_gstring_put_cache (lgstring, -1);
cmp_it->id = XINT (LGSTRING_ID (lgstring));
+ int i;
for (i = 0; i < LGSTRING_GLYPH_LEN (lgstring); i++)
if (NILP (LGSTRING_GLYPH (lgstring, i)))
break;
diff --git a/src/dispextern.h b/src/dispextern.h
index eb71a82..e030618 100644
--- a/src/dispextern.h
+++ b/src/dispextern.h
@@ -2215,7 +2215,7 @@ struct composition_it
the automatic composition. Provided that ELT is an element of
Vcomposition_function_table for CH, (nth ELT RULE_IDX) is the
rule for the composition. */
- int rule_idx;
+ EMACS_INT rule_idx;
/* If this is an automatic composition, how many characters to look
back from the position where a character triggering the
composition exists. */
diff --git a/src/keyboard.c b/src/keyboard.c
index 1682322..ed8e71f 100644
--- a/src/keyboard.c
+++ b/src/keyboard.c
@@ -10020,7 +10020,7 @@ Internal use only. */)
add_command_key (make_number ('x' | meta_modifier));
else
add_command_key (make_number (key0));
- for (int i = 1; i < SCHARS (keys); i++)
+ for (ptrdiff_t i = 1; i < SCHARS (keys); i++)
add_command_key (make_number (SREF (keys, i)));
return Qnil;
}
diff --git a/src/xwidget.c b/src/xwidget.c
index 4ba1617..5c276b1 100644
--- a/src/xwidget.c
+++ b/src/xwidget.c
@@ -301,13 +301,13 @@ webkit_js_to_lisp (JSContextRef context, JSValueRef value)
{
JSStringRef pname = JSStringCreateWithUTF8CString("length");
JSValueRef len = JSObjectGetProperty (context, (JSObjectRef)
value, pname, NULL);
- int n = JSValueToNumber (context, len, NULL);
+ EMACS_INT n = JSValueToNumber (context, len, NULL);
JSStringRelease(pname);
Lisp_Object obj;
struct Lisp_Vector *p = allocate_vector (n);
- for (int i = 0; i < n; ++i)
+ for (ptrdiff_t i = 0; i < n; ++i)
{
p->contents[i] =
webkit_js_to_lisp (context,
@@ -323,13 +323,13 @@ webkit_js_to_lisp (JSContextRef context, JSValueRef value)
JSPropertyNameArrayRef properties =
JSObjectCopyPropertyNames (context, (JSObjectRef) value);
- int n = JSPropertyNameArrayGetCount (properties);
+ ptrdiff_t n = JSPropertyNameArrayGetCount (properties);
Lisp_Object obj;
/* TODO: can we use a regular list here? */
struct Lisp_Vector *p = allocate_vector (n);
- for (int i = 0; i < n; ++i)
+ for (ptrdiff_t i = 0; i < n; ++i)
{
JSStringRef name = JSPropertyNameArrayGetNameAtIndex
(properties, i);
JSValueRef property = JSObjectGetProperty (context,
@@ -733,8 +733,8 @@ DEFUN ("xwidget-resize", Fxwidget_resize, Sxwidget_resize,
3, 3, 0,
(Lisp_Object xwidget, Lisp_Object new_width, Lisp_Object new_height)
{
CHECK_XWIDGET (xwidget);
- CHECK_NATNUM (new_width);
- CHECK_NATNUM (new_height);
+ CHECK_RANGED_INTEGER (new_width, 0, INT_MAX);
+ CHECK_RANGED_INTEGER (new_height, 0, INT_MAX);
struct xwidget *xw = XXWIDGET (xwidget);
int w = XFASTINT (new_width);
int h = XFASTINT (new_height);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] master abcba32: Fix a few integer-overflow glitches,
Paul Eggert <=