From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#37795: 26.1; Fixnum overflow on dpyinfo->last_user_time Date: Fri, 18 Oct 2019 13:33:06 -0700 Organization: UCLA Computer Science Department Message-ID: <1d2e2e5b-150e-c634-aba1-a23d9c0ca313@cs.ucla.edu> References: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------177E41661F6468CF04B80F85" Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="4449"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 Cc: 37795-done@debbugs.gnu.org To: Stefan Monnier Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Oct 18 22:34:19 2019 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iLYx0-00010T-Ks for geb-bug-gnu-emacs@m.gmane.org; Fri, 18 Oct 2019 22:34:18 +0200 Original-Received: from localhost ([::1]:45878 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iLYwz-000332-4w for geb-bug-gnu-emacs@m.gmane.org; Fri, 18 Oct 2019 16:34:17 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:49287) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iLYwn-00030o-RR for bug-gnu-emacs@gnu.org; Fri, 18 Oct 2019 16:34:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iLYwl-0002dR-0Q for bug-gnu-emacs@gnu.org; Fri, 18 Oct 2019 16:34:05 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:42796) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iLYwk-0002ci-OB for bug-gnu-emacs@gnu.org; Fri, 18 Oct 2019 16:34:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1iLYwk-0000tt-J0 for bug-gnu-emacs@gnu.org; Fri, 18 Oct 2019 16:34:02 -0400 In-Reply-To: Resent-From: Paul Eggert Original-Sender: "Debbugs-submit" Resent-To: bug-gnu-emacs@gnu.org Resent-Date: Fri, 18 Oct 2019 20:34:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 37795 X-GNU-PR-Package: emacs Mail-Followup-To: 37795@debbugs.gnu.org, eggert@cs.ucla.edu, monnier@iro.umontreal.ca Original-Received: via spool by 37795-done@debbugs.gnu.org id=D37795.15714307973385 (code D ref 37795); Fri, 18 Oct 2019 20:34:02 +0000 Original-Received: (at 37795-done) by debbugs.gnu.org; 18 Oct 2019 20:33:17 +0000 Original-Received: from localhost ([127.0.0.1]:51617 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iLYw0-0000sW-UW for submit@debbugs.gnu.org; Fri, 18 Oct 2019 16:33:17 -0400 Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:38854) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iLYvy-0000sI-Ps for 37795-done@debbugs.gnu.org; Fri, 18 Oct 2019 16:33:16 -0400 Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 5449E1606B0; Fri, 18 Oct 2019 13:33:08 -0700 (PDT) Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id FjkoMqoXHG88; Fri, 18 Oct 2019 13:33:07 -0700 (PDT) Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 518911606A8; Fri, 18 Oct 2019 13:33:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id RnQ6EYefGl7X; Fri, 18 Oct 2019 13:33:07 -0700 (PDT) Original-Received: from Penguin.CS.UCLA.EDU (Penguin.CS.UCLA.EDU [131.179.64.200]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 2F6F11606AC; Fri, 18 Oct 2019 13:33:07 -0700 (PDT) Content-Language: en-US X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:169682 Archived-At: This is a multi-part message in MIME format. --------------177E41661F6468CF04B80F85 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Thanks for reporting that. I installed the attached patches, which are along the lines that you suggested. They also fix a similar bug in xterm.c's x_ewmh_activate_frame. > I also see other places where we do: > > selection_data = list4 (selection_name, selection_value, > INT_TO_INTEGER (timestamp), frame); > > so maybe we should be using `INT_TO_INTEGER` rather than `make_int`? Yes for Time values, since Time might be (usually is?) unsigned and might exceed INTMAX_MAX. However, list1i etc. accept signed integers so make_int is fine for them. Changing list1i etc. to use intmax_t and make_int is a small performance hit in some cases, but is probably worth it given the reliability implications of ignoring integer overflow. > AFAICT the exact value of those timestamps doesn't really matter, Some Emacs code subtracts Time values and assumes wraparound overflow, so if we shoehorn them into fixnums we would need to take that into account. Probably better to leave things be. --------------177E41661F6468CF04B80F85 Content-Type: text/x-patch; charset=UTF-8; name="0001-Fix-integer-overflow-bug-in-Time-conversion.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0001-Fix-integer-overflow-bug-in-Time-conversion.patch" >From a7478d4768081efe8abc787e250acfd231b738d2 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 18 Oct 2019 13:07:49 -0700 Subject: [PATCH 1/2] Fix integer-overflow bug in Time conversion Problem reported by Stefan Monnier (Bug#37795). * src/keyboard.c (make_lispy_position) (make_scroll_bar_position, make_lispy_event): * src/xterm.c (x_ewmh_activate_frame): Use INT_TO_INTEGER to convert Time to a Lisp integer, since the value might not be a fixnum. --- src/keyboard.c | 6 +++--- src/xterm.c | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/keyboard.c b/src/keyboard.c index d67d18a801..db583ec530 100644 --- a/src/keyboard.c +++ b/src/keyboard.c @@ -5242,7 +5242,7 @@ make_lispy_position (struct frame *f, Lisp_Object x, Lisp_Object y, Fcons (posn, Fcons (Fcons (make_fixnum (xret), make_fixnum (yret)), - Fcons (make_fixnum (t), + Fcons (INT_TO_INTEGER (t), extra_info)))); } @@ -5267,7 +5267,7 @@ toolkit_menubar_in_use (struct frame *f) make_scroll_bar_position (struct input_event *ev, Lisp_Object type) { return list5 (ev->frame_or_window, type, Fcons (ev->x, ev->y), - make_fixnum (ev->timestamp), + INT_TO_INTEGER (ev->timestamp), builtin_lisp_symbol (scroll_bar_parts[ev->part])); } @@ -5579,7 +5579,7 @@ make_lispy_event (struct input_event *event) position = list4 (event->frame_or_window, Qmenu_bar, Fcons (event->x, event->y), - make_fixnum (event->timestamp)); + INT_TO_INTEGER (event->timestamp)); return list2 (item, position); } diff --git a/src/xterm.c b/src/xterm.c index 5d8b1482a6..045589534f 100644 --- a/src/xterm.c +++ b/src/xterm.c @@ -11589,7 +11589,8 @@ x_ewmh_activate_frame (struct frame *f) x_send_client_event (frame, make_fixnum (0), frame, dpyinfo->Xatom_net_active_window, make_fixnum (32), - list2i (1, dpyinfo->last_user_time)); + list2 (make_fixnum (1), + INT_TO_INTEGER (dpyinfo->last_user_time))); } } -- 2.21.0 --------------177E41661F6468CF04B80F85 Content-Type: text/x-patch; charset=UTF-8; name="0002-Generalize-list1i-etc.-to-all-signed-integer-types.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0002-Generalize-list1i-etc.-to-all-signed-integer-types.patc"; filename*1="h" >From c963f6b7bd4cfffd98894ea05220a6fb80abfb3e Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 18 Oct 2019 13:21:11 -0700 Subject: [PATCH 2/2] Generalize list1i etc. to all signed integer types * src/lisp.h (list1i, list2i, list3i, list4i): Accept intmax_t instead of EMACS_INT, and use make_int instead of make_fixnum. This should help avoid integer-overflow problems akin to the Time bug (Bug#37795). --- src/lisp.h | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/src/lisp.h b/src/lisp.h index fe20add2d7..04fa1d64ea 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -3862,28 +3862,27 @@ #define pure_list(...) \ /* Build a frequently used 1/2/3/4-integer lists. */ INLINE Lisp_Object -list1i (EMACS_INT x) +list1i (intmax_t a) { - return list1 (make_fixnum (x)); + return list1 (make_int (a)); } INLINE Lisp_Object -list2i (EMACS_INT x, EMACS_INT y) +list2i (intmax_t a, intmax_t b) { - return list2 (make_fixnum (x), make_fixnum (y)); + return list2 (make_int (a), make_int (b)); } INLINE Lisp_Object -list3i (EMACS_INT x, EMACS_INT y, EMACS_INT w) +list3i (intmax_t a, intmax_t b, intmax_t c) { - return list3 (make_fixnum (x), make_fixnum (y), make_fixnum (w)); + return list3 (make_int (a), make_int (b), make_int (c)); } INLINE Lisp_Object -list4i (EMACS_INT x, EMACS_INT y, EMACS_INT w, EMACS_INT h) +list4i (intmax_t a, intmax_t b, intmax_t c, intmax_t d) { - return list4 (make_fixnum (x), make_fixnum (y), - make_fixnum (w), make_fixnum (h)); + return list4 (make_int (a), make_int (b), make_int (c), make_int (d)); } extern Lisp_Object make_uninit_bool_vector (EMACS_INT); -- 2.21.0 --------------177E41661F6468CF04B80F85--