Consistently use validate_subarray to verify substring.

* fns.c (validate_substring): Not static any more.  Adjust to
use ptrdiff_t, not EMACS_INT, becase string and vector limits
can't exceed ptrdiff_t even if EMACS_INT is wider.
* lisp.h (validate_subarray): Add prototype.
* coding.c (Fundecodable_char_position):
* composite.c (Fcomposition_get_gstring, Fcompose_string_internal):
Use validate_subarray.  Adjust comment to mention substring.

5 files changed, 41 insertions, 47 deletions

diff --git a/src/ChangeLog b/src/ChangeLog
index fc47fbc8978..24b8e711420 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,16 @@
 2014-06-25  Dmitry Antipov  <dmantipov@yandex.ru>
 
+	Consistently use validate_subarray to verify substring.
+	* fns.c (validate_substring): Not static any more.  Adjust to
+	use ptrdiff_t, not EMACS_INT, becase string and vector limits
+	can't exceed ptrdiff_t even if EMACS_INT is wider.
+	* lisp.h (validate_subarray): Add prototype.
+	* coding.c (Fundecodable_char_position):
+	* composite.c (Fcomposition_get_gstring, Fcompose_string_internal):
+	Use validate_subarray.  Adjust comment to mention substring.
+
+2014-06-25  Dmitry Antipov  <dmantipov@yandex.ru>
+
 	Do not allow out-of-range character position in Fcompare_strings.
 	* fns.c (validate_subarray): Add prototype.
 	(Fcompare_substring): Use validate_subarray to check ranges.
diff --git a/src/coding.c b/src/coding.c
index 16dc37a3f20..79f116fc618 100644
--- a/src/coding.c
+++ b/src/coding.c
@@ -9091,8 +9091,7 @@ DEFUN ("find-coding-systems-region-internal",
 
 DEFUN ("unencodable-char-position", Funencodable_char_position,
        Sunencodable_char_position, 3, 5, 0,
-       doc: /*
-Return position of first un-encodable character in a region.
+       doc: /* Return position of first un-encodable character in a region.
 START and END specify the region and CODING-SYSTEM specifies the
 encoding to check.  Return nil if CODING-SYSTEM does encode the region.
 
@@ -9102,8 +9101,9 @@ list of positions.
 
 If optional 5th argument STRING is non-nil, it is a string to search
 for un-encodable characters.  In that case, START and END are indexes
-to the string.  */)
-  (Lisp_Object start, Lisp_Object end, Lisp_Object coding_system, Lisp_Object count, Lisp_Object string)
+to the string and treated as in `substring'.  */)
+  (Lisp_Object start, Lisp_Object end, Lisp_Object coding_system,
+   Lisp_Object count, Lisp_Object string)
 {
   EMACS_INT n;
   struct coding_system coding;
@@ -9140,12 +9140,7 @@ to the string.  */)
   else
     {
       CHECK_STRING (string);
-      CHECK_NATNUM (start);
-      CHECK_NATNUM (end);
-      if (! (XINT (start) <= XINT (end) && XINT (end) <= SCHARS (string)))
-	args_out_of_range_3 (string, start, end);
-      from = XINT (start);
-      to = XINT (end);
+      validate_subarray (string, start, end, SCHARS (string), &from, &to);
       if (! STRING_MULTIBYTE (string))
 	return Qnil;
       p = SDATA (string) + string_char_to_byte (string, from);
diff --git a/src/composite.c b/src/composite.c
index 5e14ad037a6..66a20759ec6 100644
--- a/src/composite.c
+++ b/src/composite.c
@@ -1684,9 +1684,10 @@ Otherwise (for terminal display), FONT-OBJECT must be a terminal ID, a
 frame, or nil for the selected frame's terminal device.
 
 If the optional 4th argument STRING is not nil, it is a string
-containing the target characters between indices FROM and TO.
-Otherwise FROM and TO are character positions in current buffer;
-they can be in either order, and can be integers or markers.
+containing the target characters between indices FROM and TO,
+which are treated as in `substring'.  Otherwise FROM and TO are
+character positions in current buffer; they can be in either order,
+and can be integers or markers.
 
 A glyph-string is a vector containing information about how to display
 a specific character sequence.  The format is:
@@ -1742,15 +1743,10 @@ should be ignored.  */)
     }
   else
     {
-      CHECK_NATNUM (from);
-      CHECK_NATNUM (to);
       CHECK_STRING (string);
+      validate_subarray (string, from, to, SCHARS (string), &frompos, &topos);
       if (! STRING_MULTIBYTE (string))
 	error ("Attempt to shape unibyte text");
-      if (! (XINT (from) <= XINT (to) && XINT (to) <= SCHARS (string)))
-	args_out_of_range_3 (string, from, to);
-      frompos = XFASTINT (from);
-      topos = XFASTINT (to);
       frombyte = string_char_to_byte (string, frompos);
     }
 
@@ -1795,21 +1791,18 @@ DEFUN ("compose-string-internal", Fcompose_string_internal,
        Scompose_string_internal, 3, 5, 0,
        doc: /* Internal use only.
 
-Compose text between indices START and END of STRING.
-Optional 4th and 5th arguments are COMPONENTS and MODIFICATION-FUNC
+Compose text between indices START and END of STRING, where
+START and END are treated as in `substring'.  Optional 4th
+and 5th arguments are COMPONENTS and MODIFICATION-FUNC
 for the composition.  See `compose-string' for more details.  */)
-  (Lisp_Object string, Lisp_Object start, Lisp_Object end, Lisp_Object components, Lisp_Object modification_func)
+  (Lisp_Object string, Lisp_Object start, Lisp_Object end,
+   Lisp_Object components, Lisp_Object modification_func)
 {
-  CHECK_STRING (string);
-  CHECK_NUMBER (start);
-  CHECK_NUMBER (end);
+  ptrdiff_t from, to;
 
-  if (XINT (start) < 0 ||
-      XINT (start) > XINT (end)
-      || XINT (end) > SCHARS (string))
-    args_out_of_range (start, end);
-
-  compose_text (XINT (start), XINT (end), components, modification_func, string);
+  CHECK_STRING (string);
+  validate_subarray (string, start, end, SCHARS (string), &from, &to);
+  compose_text (from, to, components, modification_func, string);
   return string;
 }
 
diff --git a/src/fns.c b/src/fns.c
index 85e9f482fc1..9bc854a9c79 100644
--- a/src/fns.c
+++ b/src/fns.c
@@ -50,8 +50,6 @@ static Lisp_Object Qcodeset, Qdays, Qmonths, Qpaper;
 static Lisp_Object Qmd5, Qsha1, Qsha224, Qsha256, Qsha384, Qsha512;
 
 static bool internal_equal (Lisp_Object, Lisp_Object, int, bool, Lisp_Object);
-static void validate_subarray (Lisp_Object, Lisp_Object, Lisp_Object,
-			       ptrdiff_t, EMACS_INT *, EMACS_INT *);
 
 DEFUN ("identity", Fidentity, Sidentity, 1, 1, 0,
        doc: /* Return the argument unchanged.  */)
@@ -250,8 +248,7 @@ If string STR1 is greater, the value is a positive number N;
   (Lisp_Object str1, Lisp_Object start1, Lisp_Object end1, Lisp_Object str2,
    Lisp_Object start2, Lisp_Object end2, Lisp_Object ignore_case)
 {
-  EMACS_INT from1, to1, from2, to2;
-  ptrdiff_t i1, i1_byte, i2, i2_byte;
+  ptrdiff_t from1, to1, from2, to2, i1, i1_byte, i2, i2_byte;
 
   CHECK_STRING (str1);
   CHECK_STRING (str2);
@@ -1114,9 +1111,9 @@ Elements of ALIST that are not conses are also shared.  */)
    Count negative values backwards from the end.
    Set *IFROM and *ITO to the two indexes used.  */
 
-static void
+void
 validate_subarray (Lisp_Object array, Lisp_Object from, Lisp_Object to,
-		   ptrdiff_t size, EMACS_INT *ifrom, EMACS_INT *ito)
+		   ptrdiff_t size, ptrdiff_t *ifrom, ptrdiff_t *ito)
 {
   EMACS_INT f, t;
 
@@ -1165,8 +1162,7 @@ With one argument, just copy STRING (with properties, if any).  */)
   (Lisp_Object string, Lisp_Object from, Lisp_Object to)
 {
   Lisp_Object res;
-  ptrdiff_t size;
-  EMACS_INT ifrom, ito;
+  ptrdiff_t size, ifrom, ito;
 
   if (STRINGP (string))
     size = SCHARS (string);
@@ -1206,9 +1202,7 @@ If FROM or TO is negative, it counts from the end.
 With one argument, just copy STRING without its properties.  */)
   (Lisp_Object string, register Lisp_Object from, Lisp_Object to)
 {
-  ptrdiff_t size;
-  EMACS_INT from_char, to_char;
-  ptrdiff_t from_byte, to_byte;
+  ptrdiff_t from_char, to_char, from_byte, to_byte, size;
 
   CHECK_STRING (string);
 
@@ -4637,12 +4631,12 @@ returns nil, then (funcall TEST x1 x2) also returns nil.  */)
 /* ALGORITHM is a symbol: md5, sha1, sha224 and so on. */
 
 static Lisp_Object
-secure_hash (Lisp_Object algorithm, Lisp_Object object, Lisp_Object start, Lisp_Object end, Lisp_Object coding_system, Lisp_Object noerror, Lisp_Object binary)
+secure_hash (Lisp_Object algorithm, Lisp_Object object, Lisp_Object start,
+	     Lisp_Object end, Lisp_Object coding_system, Lisp_Object noerror,
+	     Lisp_Object binary)
 {
   int i;
-  ptrdiff_t size;
-  EMACS_INT start_char = 0, end_char = 0;
-  ptrdiff_t start_byte, end_byte;
+  ptrdiff_t size, start_char = 0, start_byte, end_char = 0, end_byte;
   register EMACS_INT b, e;
   register struct buffer *bp;
   EMACS_INT temp;
diff --git a/src/lisp.h b/src/lisp.h
index 2c53282cf14..fb832b80940 100644
--- a/src/lisp.h
+++ b/src/lisp.h
@@ -3464,7 +3464,8 @@ ptrdiff_t hash_lookup (struct Lisp_Hash_Table *, Lisp_Object, EMACS_UINT *);
 ptrdiff_t hash_put (struct Lisp_Hash_Table *, Lisp_Object, Lisp_Object,
 		    EMACS_UINT);
 extern struct hash_table_test hashtest_eql, hashtest_equal;
-
+extern void validate_subarray (Lisp_Object, Lisp_Object, Lisp_Object,
+			       ptrdiff_t, ptrdiff_t *, ptrdiff_t *);
 extern Lisp_Object substring_both (Lisp_Object, ptrdiff_t, ptrdiff_t,
 				   ptrdiff_t, ptrdiff_t);
 extern Lisp_Object merge (Lisp_Object, Lisp_Object, Lisp_Object);