* lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA.

Use esprintf, not sprintf, in case result does not fit in int.

diff --git a/src/ChangeLog b/src/ChangeLog
index adf9bb244b8730af4bbe2b980a2972de19226225..ac83d07cba57d7b41466224fdb274e4f6cd977c7 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -65,6 +65,9 @@
        * gtkutil.c (xg_check_special_colors, xg_set_geometry):
        Make sprintf buffers a bit bigger, to avoid potential buffer overrun.
 
+       * lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA.
+       Use esprintf, not sprintf, in case result does not fit in int.
+
 2011-08-26  Paul Eggert  <eggert@cs.ucla.edu>
 
        Integer and memory overflow issues (Bug#9196).

diff --git a/src/lread.c b/src/lread.c
index d24da729df626d0aa39493778c718a7aca0971a6..ec65e881b0e803d6b2ca1714b6bb89772bb4b42b 100644 (file)
--- a/src/lread.c
+++ b/src/lread.c
@@ -4295,14 +4295,20 @@ init_lread (void)
 void
 dir_warning (const char *format, Lisp_Object dirname)
 {
-  char *buffer
-    = (char *) alloca (SCHARS (dirname) + strlen (format) + 5);
-
   fprintf (stderr, format, SDATA (dirname));
-  sprintf (buffer, format, SDATA (dirname));
+
   /* Don't log the warning before we've initialized!! */
   if (initialized)
-    message_dolog (buffer, strlen (buffer), 0, STRING_MULTIBYTE (dirname));
+    {
+      char *buffer;
+      ptrdiff_t message_len;
+      USE_SAFE_ALLOCA;
+      SAFE_ALLOCA (buffer, char *,
+                  SBYTES (dirname) + strlen (format) - (sizeof "%s" - 1) + 1);
+      message_len = esprintf (buffer, format, SDATA (dirname));
+      message_dolog (buffer, message_len, 0, STRING_MULTIBYTE (dirname));
+      SAFE_FREE ();
+    }
 }
 
 void