From f66c7cf8f794d6f7fd9ccb8794ffc519e4e89795 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 14 Jun 2011 11:57:19 -0700 Subject: Variadic C functions now count arguments with ptrdiff_t. This partly undoes my 2011-03-30 change, which replaced int with size_t. Back then I didn't know that the Emacs coding style prefers signed int. Also, in the meantime I found a few more instances where arguments were being counted with int, which may truncate counts on 64-bit machines, or EMACS_INT, which may be unnecessarily wide. * lisp.h (struct Lisp_Subr.function.aMANY) (DEFUN_ARGS_MANY, internal_condition_case_n, safe_call): Arg counts are now ptrdiff_t, not size_t. All variadic functions and their callers changed accordingly. (struct gcpro.nvars): Now size_t, not size_t. All uses changed. * bytecode.c (exec_byte_code): Check maxdepth for overflow, to avoid potential buffer overrun. Don't assume arg counts fit in 'int'. * callint.c (Fcall_interactively): Check arg count for overflow, to avoid potential buffer overrun. Use signed char, not 'int', for 'varies' array, so that we needn't bother to check its size calculation for overflow. * editfns.c (Fformat): Use ptrdiff_t, not EMACS_INT, to count args. * eval.c (apply_lambda): * fns.c (Fmapconcat): Use XFASTINT, not XINT, to get args length. (struct textprop_rec.argnum): Now ptrdiff_t, not int. All uses changed. (mapconcat): Use ptrdiff_t, not int and EMACS_INT, to count args. --- src/editfns.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'src/editfns.c') diff --git a/src/editfns.c b/src/editfns.c index 12e82c428a..9678d4da6a 100644 --- a/src/editfns.c +++ b/src/editfns.c @@ -96,7 +96,7 @@ static void general_insert_function (void (*) (const char *, EMACS_INT), void (*) (Lisp_Object, EMACS_INT, EMACS_INT, EMACS_INT, EMACS_INT, int), - int, size_t, Lisp_Object *); + int, ptrdiff_t, Lisp_Object *); static Lisp_Object subst_char_in_region_unwind (Lisp_Object); static Lisp_Object subst_char_in_region_unwind_1 (Lisp_Object); static void transpose_markers (EMACS_INT, EMACS_INT, EMACS_INT, EMACS_INT, @@ -1858,7 +1858,7 @@ Years before 1970 are not guaranteed to work. On some systems, year values as low as 1901 do work. usage: (encode-time SECOND MINUTE HOUR DAY MONTH YEAR &optional ZONE) */) - (size_t nargs, register Lisp_Object *args) + (ptrdiff_t nargs, Lisp_Object *args) { time_t value; struct tm tm; @@ -2194,9 +2194,9 @@ general_insert_function (void (*insert_func) void (*insert_from_string_func) (Lisp_Object, EMACS_INT, EMACS_INT, EMACS_INT, EMACS_INT, int), - int inherit, size_t nargs, Lisp_Object *args) + int inherit, ptrdiff_t nargs, Lisp_Object *args) { - register size_t argnum; + ptrdiff_t argnum; register Lisp_Object val; for (argnum = 0; argnum < nargs; argnum++) @@ -2258,7 +2258,7 @@ buffer; to accomplish this, apply `string-as-multibyte' to the string and insert the result. usage: (insert &rest ARGS) */) - (size_t nargs, register Lisp_Object *args) + (ptrdiff_t nargs, Lisp_Object *args) { general_insert_function (insert, insert_from_string, 0, nargs, args); return Qnil; @@ -2277,7 +2277,7 @@ If the current buffer is unibyte, multibyte strings are converted to unibyte for insertion. usage: (insert-and-inherit &rest ARGS) */) - (size_t nargs, register Lisp_Object *args) + (ptrdiff_t nargs, Lisp_Object *args) { general_insert_function (insert_and_inherit, insert_from_string, 1, nargs, args); @@ -2294,7 +2294,7 @@ If the current buffer is unibyte, multibyte strings are converted to unibyte for insertion. usage: (insert-before-markers &rest ARGS) */) - (size_t nargs, register Lisp_Object *args) + (ptrdiff_t nargs, Lisp_Object *args) { general_insert_function (insert_before_markers, insert_from_string_before_markers, 0, @@ -2313,7 +2313,7 @@ If the current buffer is unibyte, multibyte strings are converted to unibyte for insertion. usage: (insert-before-markers-and-inherit &rest ARGS) */) - (size_t nargs, register Lisp_Object *args) + (ptrdiff_t nargs, Lisp_Object *args) { general_insert_function (insert_before_markers_and_inherit, insert_from_string_before_markers, 1, @@ -3386,7 +3386,7 @@ any existing message; this lets the minibuffer contents show. See also `current-message'. usage: (message FORMAT-STRING &rest ARGS) */) - (size_t nargs, Lisp_Object *args) + (ptrdiff_t nargs, Lisp_Object *args) { if (NILP (args[0]) || (STRINGP (args[0]) @@ -3414,7 +3414,7 @@ If the first argument is nil or the empty string, clear any existing message; let the minibuffer contents show. usage: (message-box FORMAT-STRING &rest ARGS) */) - (size_t nargs, Lisp_Object *args) + (ptrdiff_t nargs, Lisp_Object *args) { if (NILP (args[0])) { @@ -3471,7 +3471,7 @@ If the first argument is nil or the empty string, clear any existing message; let the minibuffer contents show. usage: (message-or-box FORMAT-STRING &rest ARGS) */) - (size_t nargs, Lisp_Object *args) + (ptrdiff_t nargs, Lisp_Object *args) { #ifdef HAVE_MENUS if ((NILP (last_nonmenu_event) || CONSP (last_nonmenu_event)) @@ -3495,11 +3495,11 @@ First argument is the string to copy. Remaining arguments form a sequence of PROPERTY VALUE pairs for text properties to add to the result. usage: (propertize STRING &rest PROPERTIES) */) - (size_t nargs, Lisp_Object *args) + (ptrdiff_t nargs, Lisp_Object *args) { Lisp_Object properties, string; struct gcpro gcpro1, gcpro2; - size_t i; + ptrdiff_t i; /* Number of args must be odd. */ if ((nargs & 1) == 0) @@ -3584,9 +3584,9 @@ decimal point itself is omitted. For %s and %S, the precision specifier truncates the string to the given width. usage: (format STRING &rest OBJECTS) */) - (size_t nargs, register Lisp_Object *args) + (ptrdiff_t nargs, Lisp_Object *args) { - EMACS_INT n; /* The number of the next arg to substitute */ + ptrdiff_t n; /* The number of the next arg to substitute */ char initial_buffer[4000]; char *buf = initial_buffer; EMACS_INT bufsize = sizeof initial_buffer; @@ -3635,7 +3635,7 @@ usage: (format STRING &rest OBJECTS) */) /* Allocate the info and discarded tables. */ { - EMACS_INT i; + ptrdiff_t i; if ((SIZE_MAX - formatlen) / sizeof (struct info) <= nargs) memory_full (SIZE_MAX); SAFE_ALLOCA (info, struct info *, (nargs + 1) * sizeof *info + formatlen); @@ -3674,7 +3674,7 @@ usage: (format STRING &rest OBJECTS) */) while (format != end) { /* The values of N and FORMAT when the loop body is entered. */ - EMACS_INT n0 = n; + ptrdiff_t n0 = n; char *format0 = format; /* Bytes needed to represent the output of this conversion. */ -- cgit v1.2.3