3 new commits in XEmacs: https://bitbucket.org/xemacs/xemacs/commits/dfe676a17eba/ Changeset: dfe676a17eba User: kehoea Date: 2017-09-24 08:16:02+00:00 Summary: Support the full bit width of the underlying Fixnum, const-integer variables src/ChangeLog addition: 2017-09-24 Aidan Kehoe <kehoea(a)parhasard.net&gt; * symbols.c (do_symval_forwarding): * symbols.c (store_symval_forwarding): If we have bignum support, and a const-integer or built-in integer value (bit width one more than Lisp fixnums) needs bignum support to pass its value to Lisp, use that support. Affected #: 2 files diff -r d3e0eec3a5082a28cdff11a9e5629b076abd4a17 -r dfe676a17ebadf7f07b8b5afb67f38e30fc65400 src/ChangeLog --- a/src/ChangeLog +++ b/src/ChangeLog ＠＠ -1,3 +1,11 ＠＠ +2017-09-24 Aidan Kehoe <kehoea(a)parhasard.net&gt; + + * symbols.c (do_symval_forwarding): + * symbols.c (store_symval_forwarding): + If we have bignum support, and a const-integer or built-in integer + value (bit width one more than Lisp fixnums) needs bignum support + to pass its value to Lisp, use that support. + 2017-09-23 Aidan Kehoe <kehoea(a)parhasard.net&gt; * process.c (read_process_output): Have this return a Bytecount, diff -r d3e0eec3a5082a28cdff11a9e5629b076abd4a17 -r dfe676a17ebadf7f07b8b5afb67f38e30fc65400 src/symbols.c --- a/src/symbols.c +++ b/src/symbols.c ＠＠ -875,7 +875,7 ＠＠ { case SYMVAL_FIXNUM_FORWARD: case SYMVAL_CONST_FIXNUM_FORWARD: - return make_fixnum (*((Fixnum *)symbol_value_forward_forward (fwd))); + return make_integer (*((Fixnum *)symbol_value_forward_forward (fwd))); case SYMVAL_BOOLEAN_FORWARD: case SYMVAL_CONST_BOOLEAN_FORWARD: ＠＠ -1045,10 +1045,29 ＠＠ switch (XSYMBOL_VALUE_MAGIC_TYPE (ovalue)) { case SYMVAL_FIXNUM_FORWARD: - CHECK_FIXNUM (newval); + CHECK_INTEGER (newval); if (magicfun) magicfun (sym, &newval, Qnil, 0); - *((Fixnum *) symbol_value_forward_forward (fwd)) = XFIXNUM (newval); +#if HAVE_BIGNUM + if (BIGNUMP (newval)) + { + if (bignum_fits_emacs_int_p (XBIGNUM_DATA (newval))) + { + *((Fixnum *) symbol_value_forward_forward (fwd)) + = bignum_to_emacs_int (XBIGNUM_DATA (newval)); + } + else + { + args_out_of_range (sym, newval); + } + } + else +#endif + { + *((Fixnum *) symbol_value_forward_forward (fwd)) + = XFIXNUM (newval); + } + return; case SYMVAL_BOOLEAN_FORWARD: https://bitbucket.org/xemacs/xemacs/commits/0d158ce02501/ Changeset: 0d158ce02501 User: kehoea Date: 2017-09-24 09:43:32+00:00 Summary: Error when passed lengths that would overflow, #'make-vector, #'make-string src/ChangeLog addition: 2017-09-24 Aidan Kehoe <kehoea(a)parhasard.net&gt; Error when passed values that would overflow, #'make-vector, #'make-string, #'make-bit-vector * lisp.h: Make ARRAY_DIMENSION_LIMIT more realistic; provide analagous but larger STRING_BYTE_TOTAL_SIZE_LIMIT, BIT_VECTOR_TOTAL_SIZE_LIMIT. * lisp.h (struct Lisp_Vector): SIZE is now an Elemcount, not a long. * alloc.c: Provide Vstring_total_size_limit, Vbit_vector_total_size_limit. * alloc.c (make_uninit_vector): Do our size calculation with EMACS_UINT; assert we haven't overflowed. * alloc.c (Fmake_vector): Check LENGTH for range more correctly. * alloc.c (Fvector): Check NARGS for range. * alloc.c (make_bit_vector_internal): Document why we don't need to check SIZEI for range in this function. * alloc.c (make_bit_vector_from_byte_vector): Check the range here, no point creating a bit vector where the trailing elements can't be referenced from Lisp. * alloc.c (Fmake_bit_vector): Check LENGTH using BIT_VECTOR_TOTAL_SIZE_LIMIT; check that BIT is a bit before allocating anything. * alloc.c (Fbit_vector): Check NARGS for range. * alloc.c (make_uninit_string): Do the length calculation and overflow assertion check with EMACS_UINTs, so GCC doesn't eliminate the check when optimising. * alloc.c (Fmake_string): Check LENGTH for possible overflow in this function. * alloc.c (Fstring): Check NARGS for possible overflow in this function. * alloc.c (vars_of_alloc): Provide, document `string-total-size-limit', `bit-vector-total-size-limit'. * event-stream.c (Frecent_keys): Use ARRAY_DIMENSION_LIMIT correctly here. * sequence.c (concatenate): Check for overflow before allocating strings, vectors, using unsigned arithmetic so GCC doesn't optimize away signed checks. tests/ChangeLog addition: 2017-09-24 Aidan Kehoe <kehoea(a)parhasard.net&gt; * automated/lisp-tests.el: Basic checks that array-total-size-limit, bit-vector-total-size-limit, string-total-size-limit are respected. Affected #: 7 files diff -r dfe676a17ebadf7f07b8b5afb67f38e30fc65400 -r 0d158ce025013acbf1023cfb86be2fde9c495a84 src/ChangeLog --- a/src/ChangeLog +++ b/src/ChangeLog ＠＠ -1,3 +1,49 ＠＠ +2017-09-24 Aidan Kehoe <kehoea(a)parhasard.net&gt; + + Error when passed values that would overflow, #'make-vector, + #'make-string, #'make-bit-vector + * lisp.h: + Make ARRAY_DIMENSION_LIMIT more realistic; provide analagous + but larger STRING_BYTE_TOTAL_SIZE_LIMIT, + BIT_VECTOR_TOTAL_SIZE_LIMIT. + * lisp.h (struct Lisp_Vector): + SIZE is now an Elemcount, not a long. + * alloc.c: + Provide Vstring_total_size_limit, Vbit_vector_total_size_limit. + * alloc.c (make_uninit_vector): + Do our size calculation with EMACS_UINT; assert we haven't + overflowed. + * alloc.c (Fmake_vector): + Check LENGTH for range more correctly. + * alloc.c (Fvector): + Check NARGS for range. + * alloc.c (make_bit_vector_internal): + Document why we don't need to check SIZEI for range in this + function. + * alloc.c (make_bit_vector_from_byte_vector): + Check the range here, no point creating a bit vector where the + trailing elements can't be referenced from Lisp. + * alloc.c (Fmake_bit_vector): + Check LENGTH using BIT_VECTOR_TOTAL_SIZE_LIMIT; check that BIT is + a bit before allocating anything. + * alloc.c (Fbit_vector): + Check NARGS for range. + * alloc.c (make_uninit_string): + Do the length calculation and overflow assertion check with + EMACS_UINTs, so GCC doesn't eliminate the check when optimising. + * alloc.c (Fmake_string): + Check LENGTH for possible overflow in this function. + * alloc.c (Fstring): + Check NARGS for possible overflow in this function. + * alloc.c (vars_of_alloc): + Provide, document `string-total-size-limit', + `bit-vector-total-size-limit'. + * event-stream.c (Frecent_keys): + Use ARRAY_DIMENSION_LIMIT correctly here. + * sequence.c (concatenate): + Check for overflow before allocating strings, vectors, using + unsigned arithmetic so GCC doesn't optimize away signed checks. + 2017-09-24 Aidan Kehoe <kehoea(a)parhasard.net&gt; * symbols.c (do_symval_forwarding): diff -r dfe676a17ebadf7f07b8b5afb67f38e30fc65400 -r 0d158ce025013acbf1023cfb86be2fde9c495a84 src/alloc.c --- a/src/alloc.c +++ b/src/alloc.c ＠＠ -95,6 +95,7 ＠＠ #endif Fixnum Varray_dimension_limit, Varray_total_size_limit, Varray_rank_limit; +Fixnum Vstring_total_size_limit, Vbit_vector_total_size_limit; int need_to_check_c_alloca; int need_to_signal_post_gc; ＠＠ -1864,11 +1865,16 ＠＠ make_uninit_vector (Elemcount sizei) { /* no `next' field; we use lcrecords */ - Bytecount sizem = FLEXIBLE_ARRAY_STRUCT_SIZEOF (Lisp_Vector, Lisp_Object, - contents, sizei); - Lisp_Object obj = ALLOC_SIZED_LISP_OBJECT (sizem, vector); - Lisp_Vector *p = XVECTOR (obj); - + EMACS_UINT sizeui = sizei; + EMACS_UINT sizem = FLEXIBLE_ARRAY_STRUCT_SIZEOF (Lisp_Vector, Lisp_Object, + contents, sizeui); + Lisp_Object obj; + Lisp_Vector *p; + + structure_checking_assert (sizem >= sizeui); + + obj = ALLOC_SIZED_LISP_OBJECT (sizem, vector); + p = XVECTOR (obj); p->size = sizei; return obj; } ＠＠ -1891,7 +1897,10 ＠＠ */ (length, object)) { - check_integer_range (length, Qzero, make_fixnum (ARRAY_DIMENSION_LIMIT)); + check_integer_range (length, Qzero, + /* array-dimension-limit is an exclusive upper bound, + check_integer_range() does <=, adjust for this. */ + make_fixnum (ARRAY_DIMENSION_LIMIT - 1)); return make_vector (XFIXNUM (length), object); } ＠＠ -1903,7 +1912,12 ＠＠ */ (int nargs, Lisp_Object *args)) { - Lisp_Object result = make_uninit_vector (nargs); + Lisp_Object result; + check_integer_range (make_fixnum (nargs), Qzero, + /* array-dimension-limit is an exclusive upper bound, + check_integer_range() does <=, adjust for this. */ + make_fixnum (ARRAY_DIMENSION_LIMIT - 1)); + result = make_uninit_vector (nargs); memcpy (XVECTOR_DATA (result), args, sizeof (Lisp_Object) * nargs); return result; } ＠＠ -2135,6 +2149,9 ＠＠ Bytecount sizem = FLEXIBLE_ARRAY_STRUCT_SIZEOF (Lisp_Bit_Vector, unsigned long, bits, num_longs); + /* No need to do the overflow checks we do for vectors and strings, for + large values of SIZEI the number of longs is always going to be less than + SIZEI, the number of bits. */ Lisp_Object obj = ALLOC_SIZED_LISP_OBJECT (sizem, bit_vector); Lisp_Bit_Vector *p = XBIT_VECTOR (obj); ＠＠ -2169,7 +2186,12 ＠＠ make_bit_vector_from_byte_vector (unsigned char *bytevec, Elemcount length) { Elemcount i; - Lisp_Bit_Vector *p = make_bit_vector_internal (length); + Lisp_Bit_Vector *p; + + check_integer_range (make_integer (length), Qzero, + make_fixnum (BIT_VECTOR_TOTAL_SIZE_LIMIT - 1)); + + p = make_bit_vector_internal (length); for (i = 0; i < length; i++) set_bit_vector_bit (p, i, bytevec[i]); ＠＠ -2194,7 +2216,9 ＠＠ */ (length, bit)) { - check_integer_range (length, Qzero, make_fixnum (ARRAY_DIMENSION_LIMIT)); + check_integer_range (length, Qzero, + make_fixnum (BIT_VECTOR_TOTAL_SIZE_LIMIT - 1)); + CHECK_BIT (bit); return make_bit_vector (XFIXNUM (length), bit); } ＠＠ -2208,7 +2232,11 ＠＠ (int nargs, Lisp_Object *args)) { int i; - Lisp_Bit_Vector *p = make_bit_vector_internal (nargs); + Lisp_Bit_Vector *p; + + check_integer_range (make_fixnum (nargs), Qzero, + make_fixnum (BIT_VECTOR_TOTAL_SIZE_LIMIT - 1)); + p = make_bit_vector_internal (nargs); for (i = 0; i < nargs; i++) { ＠＠ -2944,10 +2972,11 ＠＠ Lisp_Object make_uninit_string (Bytecount length) { + EMACS_UINT ulength = length, fullsize = STRING_FULLSIZE (ulength); Lisp_String *s; - Bytecount fullsize = STRING_FULLSIZE (length); - - assert (length >= 0 && fullsize > 0); + + structure_checking_assert (length >= 0 && fullsize >= ulength + && ((Bytecount) fullsize) >= 0); #ifdef NEW_GC s = XSTRING (ALLOC_NORMAL_LISP_OBJECT (string)); ＠＠ -3228,43 +3257,90 ＠＠ DEFUN ("make-string", Fmake_string, 2, 2, 0, /* Return a new string consisting of LENGTH copies of CHARACTER. LENGTH must be a non-negative integer. +See the variable `string-total-size-limit' for restrictions on LENGTH. */ (length, character)) { - check_integer_range (length, Qzero, make_fixnum (ARRAY_DIMENSION_LIMIT)); + Ibyte init_str[MAX_ICHAR_LEN]; + Bytecount onelen; + Lisp_Object val; + CHECK_CHAR_COERCE_INT (character); - { - Ibyte init_str[MAX_ICHAR_LEN]; - int len = set_itext_ichar (init_str, XCHAR (character)); - Lisp_Object val = make_uninit_string (len * XFIXNUM (length)); - - if (len == 1) - { - /* Optimize the single-byte case */ - memset (XSTRING_DATA (val), XCHAR (character), XSTRING_LENGTH (val)); - XSET_STRING_ASCII_BEGIN (val, min (MAX_STRING_ASCII_BEGIN, - len * XFIXNUM (length))); - } - else - { - EMACS_INT i; - Ibyte *ptr = XSTRING_DATA (val); - - for (i = XFIXNUM (length); i; i--) - { - Ibyte *init_ptr = init_str; - switch (len) - { - case 4: *ptr++ = *init_ptr++; - case 3: *ptr++ = *init_ptr++; - case 2: *ptr++ = *init_ptr++; - case 1: *ptr++ = *init_ptr++; - } - } - } - sledgehammer_check_ascii_begin (val); - return val; - } + onelen = set_itext_ichar (init_str, XCHAR (character)); + + if (onelen == 1) + { + /* Optimize the single-byte case */ + check_integer_range (length, Qzero, + /* Exclusive upper bound, but check_integer_range() + is inclusive. */ + make_fixnum (STRING_BYTE_TOTAL_SIZE_LIMIT - 1)); + + val = make_uninit_string (XFIXNUM (length)); + memset (XSTRING_DATA (val), XCHAR (character), XSTRING_LENGTH (val)); + XSET_STRING_ASCII_BEGIN (val, min (MAX_STRING_ASCII_BEGIN, + XSTRING_LENGTH (val))); + } + else if (FIXNUMP (length) && XREALFIXNUM (length) >= 0) + { + EMACS_UINT clen = XREALFIXNUM (length); + EMACS_UINT oproduct = clen, product = clen, fsize; + EMACS_INT i; + Ibyte *ptr; + + for (i = onelen, --i; i; i--) + { + product += clen; + if (product < oproduct) + { + /* We're adding, not multiplying, because it's far harder to + detect overflow when you multiply MOST_POSITIVE_FIXNUM by six + on 32-bit platforms; you get a number greater than + MOST_POSITIVE_FIXNUM that is still less than the number you + want. */ + goto range_issue; + } + oproduct = product; + } + + if ((fsize = STRING_FULLSIZE (product)) < oproduct + || ((Bytecount) fsize < 0)) + { + goto range_issue; + } + + val = make_uninit_string ((Bytecount) product); + ptr = XSTRING_DATA (val); + + for (i = clen; i; i--) + { + Ibyte *init_ptr = init_str; + switch (onelen) + { +#if MAX_ICHAR_LEN > 6 +#error "unimplemented" +#elif MAX_ICHAR_LEN > 4 + case 6: *ptr++ = *init_ptr++; + case 5: *ptr++ = *init_ptr++; +#endif + case 4: *ptr++ = *init_ptr++; + case 3: *ptr++ = *init_ptr++; + case 2: *ptr++ = *init_ptr++; + case 1: *ptr++ = *init_ptr++; + } + } + } + else + { + range_issue: + check_integer_range (length, Qzero, + make_fixnum ((STRING_BYTE_TOTAL_SIZE_LIMIT - 1) / + onelen)); + return Qnil; + } + + sledgehammer_check_ascii_begin (val); + return val; } DEFUN ("string", Fstring, 0, MANY, 0, /* ＠＠ -3274,8 +3350,15 ＠＠ */ (int nargs, Lisp_Object *args)) { - Ibyte *storage = alloca_ibytes (nargs * MAX_ICHAR_LEN); - Ibyte *p = storage; + Ibyte *storage, *p; + + /* No need to work too hard at this overflow check, it will be very rare + that NARGS will be greater than #x10000. */ + check_integer_range (make_fixnum (nargs), Qzero, + make_fixnum ((STRING_BYTE_TOTAL_SIZE_LIMIT - 1) / + MAX_ICHAR_LEN)); + + storage = p = alloca_ibytes (nargs * MAX_ICHAR_LEN); for (; nargs; nargs--, args++) { ＠＠ -6159,11 +6242,36 ＠＠ and multi-dimensional arrays need to be implemented by the user with arrays of arrays. -Note that XEmacs may not have enough memory available to create an array -with this dimension. +This limit is a result of the bit widths used in the implementation of the +`vector' type. Note that XEmacs may not have enough memory available to create +an array with this number of elements. */); Varray_total_size_limit = ARRAY_DIMENSION_LIMIT; + DEFVAR_CONST_INT ("string-total-size-limit", &Vstring_total_size_limit /* +The exclusive upper bound on a string's length. + +This is usually significantly more than `array-total-size-limit'. +Exclusively-ASCII strings can approach this limit in terms of their character +count, but strings with significant non-ASCII content are more restricted, +since each non-ASCII character takes more byte space than does an ASCII +character. + +This limit is a result of the range limitations on arguments to `aref' and +`aset', and the amount of memory available to XEmacs is a separate question. +*/); + Vstring_total_size_limit = STRING_BYTE_TOTAL_SIZE_LIMIT; + + DEFVAR_CONST_INT ("bit-vector-total-size-limit", + &Vbit_vector_total_size_limit /* +The exclusive upper bound on a bit vector's length. + +This limit is a result of the range limitations on arguments to `aref' and +`aset'. As with any operation that allocates memory, it is possible for +`make-bit-vector' to fail if there is insufficient memory available to XEmacs. +*/); + Vbit_vector_total_size_limit = BIT_VECTOR_TOTAL_SIZE_LIMIT; + #ifdef DEBUG_XEMACS DEFVAR_INT ("debug-allocation", &debug_allocation /* If non-zero, print out information to stderr about all objects allocated. diff -r dfe676a17ebadf7f07b8b5afb67f38e30fc65400 -r 0d158ce025013acbf1023cfb86be2fde9c495a84 src/event-stream.c --- a/src/event-stream.c +++ b/src/event-stream.c ＠＠ -3801,7 +3801,10 ＠＠ else { check_integer_range (number, Qzero, - make_fixnum (ARRAY_DIMENSION_LIMIT)); + /* array-dimension-limit is an exclusive upper + bound, check_integer_range() does <=, adjust for + this. */ + make_fixnum (ARRAY_DIMENSION_LIMIT - 1)); nwanted = XFIXNUM (number); } diff -r dfe676a17ebadf7f07b8b5afb67f38e30fc65400 -r 0d158ce025013acbf1023cfb86be2fde9c495a84 src/lisp.h --- a/src/lisp.h +++ b/src/lisp.h ＠＠ -2851,7 +2851,7 ＠＠ struct Lisp_Vector { NORMAL_LISP_OBJECT_HEADER header; - long size; + Elemcount size; Lisp_Object contents[1]; }; typedef struct Lisp_Vector Lisp_Vector; ＠＠ -4412,8 +4412,26 ＠＠ void disksave_object_finalization (void); void finish_object_memory_usage_stats (void); extern int purify_flag; -#define ARRAY_DIMENSION_LIMIT MOST_POSITIVE_FIXNUM -extern Fixnum Varray_dimension_limit; + +/* ALLOC_SIZED_LISP_OBJECT() takes a signed Bytecount, and so the limitation + on the size of a vector is that number that would cause a signed Bytecount + to overflow, when plugged into FLEXIBLE_ARRAY_STRUCT_SIZEOF(). */ +#define ARRAY_DIMENSION_LIMIT ((MOST_POSITIVE_FIXNUM / sizeof (Lisp_Object)) \ + - (offsetof (Lisp_Vector, contents) \ + / sizeof (Lisp_Object)) + 1) + +/* String lengths are less restrictive, since there's no multiplication needed + in the calculation of the Bytecount. This is an exclusive bound. */ +#define STRING_BYTE_TOTAL_SIZE_LIMIT (MOST_POSITIVE_FIXNUM + 1) + +/* This could be even less restrictive than its string counterpart. We would + need to allow bignum string indices for that, which we currently reject in + #'aset, #'aref. */ +#define BIT_VECTOR_TOTAL_SIZE_LIMIT (MOST_POSITIVE_FIXNUM + 1) + +extern Fixnum Varray_dimension_limit, Vstring_total_size_limit; +extern Fixnum Vfixnum_total_size_limit; + #ifndef NEW_GC extern EMACS_INT gc_generation_number[1]; #endif /* not NEW_GC */ diff -r dfe676a17ebadf7f07b8b5afb67f38e30fc65400 -r 0d158ce025013acbf1023cfb86be2fde9c495a84 src/sequence.c --- a/src/sequence.c +++ b/src/sequence.c ＠＠ -4836,7 +4836,8 ＠＠ Lisp_Object result_type, Boolint reuse_last_listp) { Lisp_Object *lisp_staging = NULL, *lisp_cursor = NULL, result = Qnil; - Elemcount ii, jj, staging_len = 0; + Elemcount ii, jj; + EMACS_UINT staging_len = 0, olen = 0; struct gcpro gcpro1, gcpro2; /* We can GC in #'coerce, and in copy_string_extents(). Our callers don't ＠＠ -4852,7 +4853,7 ＠＠ #'byte-length)), no need for character lengths or INC_IBYTEPTR. */ if (EQ (result_type, Qstring)) { - Bytecount bstaging_len = 0; + EMACS_UINT bstaging_len = 0; Ibyte *bstaging = NULL, *cursor = NULL; struct merge_string_extents_struct *args_mse = alloca_array (struct merge_string_extents_struct, nsequences); ＠＠ -4860,6 +4861,7 ＠＠ for (ii = 0; ii < nsequences; ++ii) { + olen = bstaging_len; if (STRINGP (sequences[ii])) { bstaging_len += XSTRING_LENGTH (sequences[ii]); ＠＠ -4873,6 +4875,16 ＠＠ bstaging_len += (XFIXNUM (Flength (sequences[ii]))) * MAX_ICHAR_LEN; } + + if (bstaging_len >= STRING_BYTE_TOTAL_SIZE_LIMIT + || bstaging_len < olen) + { + invalid_argument_2 ("concatenate: length overflow", + result_type, + /* Don't pass SEQUENCES[II] to the error + handling, we don't want it printed */ + make_unsigned_integer (bstaging_len)); + } } result = make_uninit_string (bstaging_len); ＠＠ -4934,11 +4946,13 ＠＠ } } - if ((cursor - bstaging) != bstaging_len) + assert (cursor >= bstaging); + + if ((EMACS_UINT) (cursor - bstaging) != bstaging_len) { Bytecount used_len = cursor - bstaging; - text_checking_assert (used_len < bstaging_len); + text_checking_assert ((EMACS_UINT) used_len < bstaging_len); /* No-one else has a pointer to RESULT, and calling resize_string() gives crashes in temacs, its implementation isn't thoroughly ＠＠ -5030,6 +5044,7 ＠＠ for (ii = 0; ii < nsequences; ++ii) { + olen = staging_len; if (STRINGP (sequences[ii])) { /* No need to actually get the char length, since the byte length ＠＠ -5044,6 +5059,15 ＠＠ type and circularity, well-formedness. */ staging_len += (XFIXNUM (Flength (sequences[ii]))); } + + if (staging_len >= ARRAY_DIMENSION_LIMIT || staging_len < olen) + { + invalid_argument_2 ("concatenate: length overflow", + result_type, + /* Don't pass SEQUENCES[II] to the error + handling, we don't want it printed */ + make_unsigned_integer (staging_len)); + } } if (EQ (result_type, Qvector) || EQ (result_type, Qarray)) diff -r dfe676a17ebadf7f07b8b5afb67f38e30fc65400 -r 0d158ce025013acbf1023cfb86be2fde9c495a84 tests/ChangeLog --- a/tests/ChangeLog +++ b/tests/ChangeLog ＠＠ -1,3 +1,10 ＠＠ +2017-09-24 Aidan Kehoe <kehoea(a)parhasard.net&gt; + + * automated/lisp-tests.el: + Basic checks that array-total-size-limit, + bit-vector-total-size-limit, string-total-size-limit are + respected. + 2017-05-11 Aidan Kehoe <kehoea(a)parhasard.net&gt; * automated/os-tests.el: diff -r dfe676a17ebadf7f07b8b5afb67f38e30fc65400 -r 0d158ce025013acbf1023cfb86be2fde9c495a84 tests/automated/lisp-tests.el --- a/tests/automated/lisp-tests.el +++ b/tests/automated/lisp-tests.el ＠＠ -1184,6 +1184,8 ＠＠ (Assert (not (equal [1 2 3 4] [1 2 3]))) (Assert (equal (vector 1 2 3) [1 2 3])) (Assert (equal (make-vector 3 1) [1 1 1])) +(Check-Error args-out-of-range (make-vector array-total-size-limit ?a)) +(Check-Error args-out-of-range (make-vector -1 ?a)) ;;----------------------------------------------------- ;; Test bit-vector functions ＠＠ -1198,6 +1200,24 ＠＠ (Assert (equal (bit-vector 0 1 0) #*010)) (Assert (equal (make-bit-vector 3 1) #*111)) (Assert (equal (make-bit-vector 3 0) #*000)) +(Check-Error args-out-of-range (make-bit-vector bit-vector-total-size-limit 1)) +(Check-Error args-out-of-range (make-bit-vector -1 1)) +(Check-Error wrong-type-argument (make-bit-vector most-positive-fixnum -1)) + +;;----------------------------------------------------- +;; Test string functions +;;----------------------------------------------------- +(Assert (equal "abc" "abc")) +(Assert (equal "" "")) +(Assert (not (equal "abc" ""))) +(Assert (not (equal "abc" "abd"))) +(Assert (not (equal "abc" "bcd"))) +(Assert (equal (string ?a ?b ?c) "abc")) +(Assert (equal (string 1 2 3) "\x01\x02\x03")) +(Assert (equal (make-string 3 ?a) "aaa")) +(Assert (equal (make-string 3 0) "\0\0\0")) +(Check-Error args-out-of-range (make-string string-total-size-limit ?a)) +(Check-Error args-out-of-range (make-string -1 ?a)) ;;----------------------------------------------------- ;; Test buffer-local variables used as (ugh!) function parameters https://bitbucket.org/xemacs/xemacs/commits/8ac369598a2e/ Changeset: 8ac369598a2e User: kehoea Date: 2017-09-24 15:04:49+00:00 Summary: Silence compiler warnings, fix some bugs elicited by same, src/, lib-src/ src/ChangeLog addition: 2017-09-24 Aidan Kehoe <kehoea(a)parhasard.net&gt; * chartab.c (chartab_data_validate): Silence an unused-variable compiler warning here. * doprnt.c (bignum_to_string_1): Fix a bug in this function, thank you clang++4.0. * gc.c (KKCC_DO_CHECK_FREE): Avoid an unused-variable warning when not ERROR_CHECK_GC. * gccache-x.c (describe_gc_cache): Fix a bug in this function, thank you clang++4.0. * mule-charset.c (validate_charset_offset_or_size): Be a bit more idiomatic in getting an external list length, and silence a compiler warning while doing so. * redisplay.c (create_text_block): * redisplay.c (create_string_text_block): Fix the same bug in these two functions, thank you clang++4.0. * regex.c (re_compile_fastmap): * regex.c (re_search_2): * regex.c (re_match_2_internal): Silence compiler warnings in this file, both when #define EMACS and when not. * text.c (copy_buffer_text_out): Silence compiler warning here, add an assert to ensure the approach is OK. * unicode.c (free_precedence_array): * unicode.c (recalculate_unicode_precedence): Silence unused variable warnings in these two functions. lib-src/ChangeLog addition: 2017-09-24 Aidan Kehoe <kehoea(a)parhasard.net&gt; * b2m.c (main): * etags.c: * etags.c (just_read_file): * movemail.c (main): * ootags.c (just_read_file): Silence a few compiler warnings in these files. Affected #: 15 files diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 lib-src/ChangeLog --- a/lib-src/ChangeLog +++ b/lib-src/ChangeLog ＠＠ -1,3 +1,12 ＠＠ +2017-09-24 Aidan Kehoe <kehoea(a)parhasard.net&gt; + + * b2m.c (main): + * etags.c: + * etags.c (just_read_file): + * movemail.c (main): + * ootags.c (just_read_file): + Silence a few compiler warnings in these files. + 2017-03-15 Aidan Kehoe <kehoea(a)parhasard.net&gt; * make-docfile.c (scan_lisp_file): diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 lib-src/b2m.c --- a/lib-src/b2m.c +++ b/lib-src/b2m.c ＠＠ -95,7 +95,7 ＠＠ logical labels_saved, printing, header, first, last_was_blank_line; time_t ltoday; struct tm *tm; - char *labels, *p, *today; + char *labels = NULL, *p, *today; struct linebuffer data; #ifdef MSDOS diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 lib-src/etags.c --- a/lib-src/etags.c +++ b/lib-src/etags.c ＠＠ -4172,6 +4172,8 ＠＠ LOOP_ON_INPUT_LINES (inf, lb, dummy) continue; + + (void) (dummy); /* Silence compiler warning. */ }  diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 lib-src/movemail.c --- a/lib-src/movemail.c +++ b/lib-src/movemail.c ＠＠ -338,6 +338,8 ＠＠ #ifndef WIN32_NATIVE setuid (getuid ()); #endif +#else /* MAIL_USE_POP */ + (void) (poppass); /* Silence compiler warning. */ #endif /* MAIL_USE_POP */ #ifndef DISABLE_DIRECT_ACCESS diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 lib-src/ootags.c --- a/lib-src/ootags.c +++ b/lib-src/ootags.c ＠＠ -3465,6 +3465,8 ＠＠ LOOP_ON_INPUT_LINES (inf, lb, dummy) continue; + + (void)(dummy); /* Silence compiler warning. */ }  /* Fortran parsing */ diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 src/ChangeLog --- a/src/ChangeLog +++ b/src/ChangeLog ＠＠ -1,3 +1,31 ＠＠ +2017-09-24 Aidan Kehoe <kehoea(a)parhasard.net&gt; + + * chartab.c (chartab_data_validate): + Silence an unused-variable compiler warning here. + * doprnt.c (bignum_to_string_1): + Fix a bug in this function, thank you clang++4.0. + * gc.c (KKCC_DO_CHECK_FREE): + Avoid an unused-variable warning when not ERROR_CHECK_GC. + * gccache-x.c (describe_gc_cache): + Fix a bug in this function, thank you clang++4.0. + * mule-charset.c (validate_charset_offset_or_size): + Be a bit more idiomatic in getting an external list length, and + silence a compiler warning while doing so. + * redisplay.c (create_text_block): + * redisplay.c (create_string_text_block): + Fix the same bug in these two functions, thank you clang++4.0. + * regex.c (re_compile_fastmap): + * regex.c (re_search_2): + * regex.c (re_match_2_internal): + Silence compiler warnings in this file, both when #define EMACS + and when not. + * text.c (copy_buffer_text_out): + Silence compiler warning here, add an assert to ensure the + approach is OK. + * unicode.c (free_precedence_array): + * unicode.c (recalculate_unicode_precedence): + Silence unused variable warnings in these two functions. + 2017-09-24 Aidan Kehoe <kehoea(a)parhasard.net&gt; Error when passed values that would overflow, #'make-vector, diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 src/chartab.c --- a/src/chartab.c +++ b/src/chartab.c ＠＠ -1960,6 +1960,7 ＠＠ else if (CHARP (range)) continue; sferror ("Invalid range format", range); + USED (data); } return 1; diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 src/doprnt.c --- a/src/doprnt.c +++ b/src/doprnt.c ＠＠ -364,10 +364,10 ＠＠ bignum_to_string_1 (Ibyte **buf, Bytecount *size_inout, bignum bn, EMACS_UINT radix, Lisp_Object table) { - Boolint minusp, heap_allocp = size_inout < 0; - Ibyte *buf1 = *size_inout > -1 ? *buf : + Boolint minusp, heap_allocp = (*buf == NULL); + Ibyte *buf1 = heap_allocp ? ((*size_inout = 128 * MAX_ICHAR_LEN), - (*buf = xnew_array (Ibyte, *size_inout))); + (*buf = xnew_array (Ibyte, *size_inout))) : *buf; Ibyte *end = buf1 + *size_inout, *cursor = end, *this_digit = NULL; Ibyte *ftmdata = XSTRING_DATA (table); /* Since, in contrast with the fixnum code, we are repeatedly checking the diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 src/gc.c --- a/src/gc.c +++ b/src/gc.c ＠＠ -1358,7 +1358,7 ＠＠ } \ } while (0) #else -#define KKCC_DO_CHECK_FREE(obj, allow_free) DO_NOTHING +#define KKCC_DO_CHECK_FREE(obj, allow_free) (USED (allow_free)) #endif static inline void diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 src/gccache-x.c --- a/src/gccache-x.c +++ b/src/gccache-x.c ＠＠ -294,7 +294,7 ＠＠ int count = 0; struct gc_cache_cell *cell = cache->head; - if (! flags & DGCCFLAG_SUMMARY) return; + if (!(flags & DGCCFLAG_SUMMARY)) return; stderr_out ("\nsize: %d", cache->size); stderr_out ("\ncreated: %d", cache->create_count); diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 src/mule-charset.c --- a/src/mule-charset.c +++ b/src/mule-charset.c ＠＠ -589,12 +589,11 ＠＠ } else { - int len = 0; + Elemcount len = 0; Lisp_Object tem; - { - EXTERNAL_LIST_LOOP_1 (value) - len++; - } + + GET_EXTERNAL_LIST_LENGTH (value, len); + if (len < 1 || len > 2) invalid_constant_2 ("Invalid value for property (list of 1 or 2 integers)", diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 src/redisplay.c --- a/src/redisplay.c +++ b/src/redisplay.c ＠＠ -2933,7 +2933,7 ＠＠ if (!(rb->type == RUNE_CHAR && rb->object.chr.ch < 0x100 && isspace (rb->object.chr.ch)) - && !rb->type == RUNE_BLANK) + && rb->type != RUNE_BLANK) { dl->bounds.right_white = rb->xpos + rb->width; done = 1; ＠＠ -5185,7 +5185,7 ＠＠ if (!(rb->type == RUNE_CHAR && rb->object.chr.ch < 0x100 && isspace (rb->object.chr.ch)) - && !rb->type == RUNE_BLANK) + && rb->type != RUNE_BLANK) { dl->bounds.right_white = rb->xpos + rb->width; done = 1; diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 src/regex.c --- a/src/regex.c +++ b/src/regex.c ＠＠ -4368,7 +4368,6 ＠＠ case charset_mule: { int nentries; - int i; Bitbyte flags = *p++; if (flags) ＠＠ -4957,9 +4956,7 ＠＠ int depth; #endif #endif /* emacs */ -#if 1 int forward_search_p; -#endif /* Check for out-of-range STARTPOS. */ if (startpos < 0 || startpos > total_size) ＠＠ -4972,9 +4969,10 ＠＠ else if (endpos > total_size) range = total_size - startpos; -#if 1 forward_search_p = range > 0; -#endif + + (void) (forward_search_p); /* This is only used with assertions, silence the + compiler warning when they're turned off. */ /* If the search isn't to be a backwards one, don't waste time in a search for a pattern that must be anchored. */ ＠＠ -5104,9 +5102,7 ＠＠ INC_IBYTEPTR_FMT (d, fmt); range -= d - orig_d; startpos += d - orig_d; -#if 1 assert (!forward_search_p || range >= 0); -#endif } else if (range < 0) { ＠＠ -5175,9 +5171,7 ＠＠ #endif /* MULE */ INC_IBYTEPTR_FMT (d, fmt); range -= (d - old_d); -#if 1 assert (!forward_search_p || range >= 0); -#endif } } #ifdef MULE ＠＠ -5193,9 +5187,7 ＠＠ break; INC_IBYTEPTR_FMT (d, fmt); range -= (d - old_d); -#if 1 assert (!forward_search_p || range >= 0); -#endif } } #endif /* MULE */ ＠＠ -5206,9 +5198,7 ＠＠ re_char *old_d = d; INC_IBYTEPTR (d); range -= (d - old_d); -#if 1 - assert (!forward_search_p || range >= 0); -#endif + assert (!forward_search_p || range >= 0); } } ＠＠ -5288,9 +5278,7 ＠＠ (startpos >= size1 ? string2 - size1 : string1) + startpos); d_size = itext_ichar_len_fmt (d, fmt); range -= d_size; -#if 1 - assert (!forward_search_p || range >= 0); -#endif + assert (!forward_search_p || range >= 0); startpos += d_size; } else ＠＠ -5303,9 +5291,7 ＠＠ DEC_IBYTEPTR_FMT (d, fmt); d_size = itext_ichar_len_fmt (d, fmt); range += d_size; -#if 1 - assert (!forward_search_p || range >= 0); -#endif + assert (!forward_search_p || range >= 0); startpos -= d_size; } } ＠＠ -6677,6 +6663,7 ＠＠ POP_FAILURE_POINT (sdummy, pdummy, dummy_low_reg, dummy_high_reg, reg_dummy, reg_dummy, reg_info_dummy); + USED (pdummy); } /* Note fall through. */ diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 src/text.c --- a/src/text.c +++ b/src/text.c ＠＠ -2437,7 +2437,7 ＠＠ { BUFFER_TEXT_LOOP (buf, pos, len, runptr, runlen) { - Bytecount the_src_used, the_dst_used; + Bytecount the_src_used = -1, the_dst_used; the_dst_used = copy_text_between_formats (runptr, runlen, BUF_FORMAT (buf), ＠＠ -2446,7 +2446,10 ＠＠ dstobj, &the_src_used); dst_used += the_dst_used; if (src_used) - *src_used += the_src_used; + { + text_checking_assert (the_src_used >= 0); + *src_used += the_src_used; + } if (dst) { dst += the_dst_used; diff -r 0d158ce025013acbf1023cfb86be2fde9c495a84 -r 8ac369598a2ef9ce4785ffa64fc8945cce945ca5 src/unicode.c --- a/src/unicode.c +++ b/src/unicode.c ＠＠ -1771,8 +1771,9 ＠＠ /* We shouldn't be trying to free any precarray that's attached to a buffer */ { - ALIST_LOOP_3 (name, buf, Vbuffer_alist) - assert (!EQ (precarray, XBUFFER (buf)->unicode_precedence_array)); + LIST_LOOP_2 (elt, Vbuffer_alist) + assert (!EQ (precarray, + XBUFFER (XCDR (elt))->unicode_precedence_array)); } assert (!EQ (precarray, Vdefault_unicode_precedence_array)); #endif /* ERROR_CHECK_TEXT */ ＠＠ -1962,9 +1963,9 ＠＠ recalculate_unicode_precedence_1 (Vdefault_unicode_precedence_list, flags | RUP_MAKE_FULL_P); { - ALIST_LOOP_3 (name, buffer, Vbuffer_alist) + LIST_LOOP_2 (elt, Vbuffer_alist) { - struct buffer *buf = XBUFFER (buffer); + struct buffer *buf = XBUFFER (XCDR (elt)); buf->unicode_precedence_array = recalculate_unicode_precedence_1 (buf->unicode_precedence_list, flags); Repository URL: https://bitbucket.org/xemacs/xemacs/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.