GNU bug report logs - #8664
* keyboard.c (make_lispy_event): Fix problem in integer overflow.

Previous Next

Package: emacs;

Reported by: Paul Eggert <eggert <at> cs.ucla.edu>

Date: Thu, 12 May 2011 19:59:02 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#8664: closed (* keyboard.c (make_lispy_event): Fix problem in
 integer overflow.)
Date: Wed, 18 May 2011 01:34:01 +0000

[Message part 1 (text/plain, inline)]
Your message dated Tue, 17 May 2011 18:33:25 -0700
with message-id <4DD321E5.2020202 <at> cs.ucla.edu>
and subject line committed fix into trunk
has caused the GNU bug report #8664,
regarding * keyboard.c (make_lispy_event): Fix problem in integer overflow.
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
8664: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=8664
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: bug-gnu-emacs <at> gnu.org
Subject: * keyboard.c (make_lispy_event): Fix problem in integer overflow.
Date: Thu, 12 May 2011 12:58:14 -0700

Here's a patch for a potential problem with integer overflow
on 64-bit hosts that I plan to install after some more testing.
The problem is a bit more severe if EMACS_INT is 64-bit on
a 32-bit host, and I found it by inspection.

* keyboard.c (make_lispy_event): Fix problem in integer overflow.
Don't assume that the difference between two unsigned long values
can fit into an integer.  At this point, we know button_down_time
<= event->timestamp, so the difference must be nonnegative, so
there's no need to cast the result if double-click-time is
nonnegative, as it should be; check that it's nonnegative, just in
case.  This bug is triggered when events are more than 2**31 ms
apart (about 25 days).
=== modified file 'src/keyboard.c'
--- src/keyboard.c	2011-04-28 19:35:20 +0000
+++ src/keyboard.c	2011-05-12 19:33:15 +0000
@@ -5556,9 +5556,9 @@
 		       && (eabs (XINT (event->y) - last_mouse_y) <= fuzz)
 		       && button_down_time != 0
 		       && (EQ (Vdouble_click_time, Qt)
-			   || (INTEGERP (Vdouble_click_time)
-			       && ((int)(event->timestamp - button_down_time)
-				   < XINT (Vdouble_click_time)))));
+			   || (NATNUMP (Vdouble_click_time)
+			       && (event->timestamp - button_down_time
+				   < XFASTINT (Vdouble_click_time)))));
 	}

 	last_mouse_button = button;
@@ -5742,9 +5742,9 @@
 		       && (eabs (XINT (event->y) - last_mouse_y) <= fuzz)
 		       && button_down_time != 0
 		       && (EQ (Vdouble_click_time, Qt)
-			   || (INTEGERP (Vdouble_click_time)
-			       && ((int)(event->timestamp - button_down_time)
-				   < XINT (Vdouble_click_time)))));
+			   || (NATNUMP (Vdouble_click_time)
+			       && (event->timestamp - button_down_time
+				   < XFASTINT (Vdouble_click_time)))));
 	  if (is_double)
 	    {
 	      double_click_count++;




[Message part 3 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: 8675-done <at> debbugs.gnu.org, 8664-done <at> debbugs.gnu.org
Subject: committed fix into trunk
Date: Tue, 17 May 2011 18:33:25 -0700

Bzr 104265,which I just committed into the trunk,
should contain the fix discussed above, so I'm
marking this as "done".  As requested I separated
the gnulib merge into a separate commit, bzr 104264.
This bug report was last modified 14 years and 69 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.