GNU bug report logs - #8664
* keyboard.c (make_lispy_event): Fix problem in integer overflow.

Previous Next

Package: emacs;

Reported by: Paul Eggert <eggert <at> cs.ucla.edu>

Date: Thu, 12 May 2011 19:59:02 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#8664: closed (* keyboard.c (make_lispy_event): Fix problem in
 integer overflow.)
Date: Wed, 18 May 2011 01:34:01 +0000

[Message part 1 (text/plain, inline)]
Your message dated Tue, 17 May 2011 18:33:25 -0700
with message-id <4DD321E5.2020202 <at> cs.ucla.edu>
and subject line committed fix into trunk
has caused the GNU bug report #8664,
regarding * keyboard.c (make_lispy_event): Fix problem in integer overflow.
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
8664: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=8664
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: bug-gnu-emacs <at> gnu.org
Subject: * keyboard.c (make_lispy_event): Fix problem in integer overflow.
Date: Thu, 12 May 2011 12:58:14 -0700

Here's a patch for a potential problem with integer overflow
on 64-bit hosts that I plan to install after some more testing.
The problem is a bit more severe if EMACS_INT is 64-bit on
a 32-bit host, and I found it by inspection.

* keyboard.c (make_lispy_event): Fix problem in integer overflow.
Don't assume that the difference between two unsigned long values
can fit into an integer.  At this point, we know button_down_time
<= event->timestamp, so the difference must be nonnegative, so
there's no need to cast the result if double-click-time is
nonnegative, as it should be; check that it's nonnegative, just in
case.  This bug is triggered when events are more than 2**31 ms
apart (about 25 days).
=== modified file 'src/keyboard.c'
--- src/keyboard.c	2011-04-28 19:35:20 +0000
+++ src/keyboard.c	2011-05-12 19:33:15 +0000
@@ -5556,9 +5556,9 @@
 		       && (eabs (XINT (event->y) - last_mouse_y) <= fuzz)
 		       && button_down_time != 0
 		       && (EQ (Vdouble_click_time, Qt)
-			   || (INTEGERP (Vdouble_click_time)
-			       && ((int)(event->timestamp - button_down_time)
-				   < XINT (Vdouble_click_time)))));
+			   || (NATNUMP (Vdouble_click_time)
+			       && (event->timestamp - button_down_time
+				   < XFASTINT (Vdouble_click_time)))));
 	}

 	last_mouse_button = button;
@@ -5742,9 +5742,9 @@
 		       && (eabs (XINT (event->y) - last_mouse_y) <= fuzz)
 		       && button_down_time != 0
 		       && (EQ (Vdouble_click_time, Qt)
-			   || (INTEGERP (Vdouble_click_time)
-			       && ((int)(event->timestamp - button_down_time)
-				   < XINT (Vdouble_click_time)))));
+			   || (NATNUMP (Vdouble_click_time)
+			       && (event->timestamp - button_down_time
+				   < XFASTINT (Vdouble_click_time)))));
 	  if (is_double)
 	    {
 	      double_click_count++;




[Message part 3 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: 8675-done <at> debbugs.gnu.org, 8664-done <at> debbugs.gnu.org
Subject: committed fix into trunk
Date: Tue, 17 May 2011 18:33:25 -0700

Bzr 104265,which I just committed into the trunk,
should contain the fix discussed above, so I'm
marking this as "done".  As requested I separated
the gnulib merge into a separate commit, bzr 104264.
This bug report was last modified 14 years and 7 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.