Fix GC-related crashes in styled_format (bug#75754)

This approach ensures we don't use an SSDATA pointer after GC, and
that no Lisp callback code can modify the format string while we're
working on it.

* src/editfns.c (styled_format): Operate on a copy of the format
string rather than the original.  Ensure final NUL byte is copied.

(cherry picked from commit 14ebe4d5dbd4e6637de227c8561aab22cf4b632c)

diff --git a/src/editfns.c b/src/editfns.c
index 4ba356d627c8d40af1c36d96f2c7cdb7fac8c25a..f9258392146b0be59290cbd2508f15fc3b3c660e 100644 (file)
--- a/src/editfns.c
+++ b/src/editfns.c
@@ -3442,9 +3442,10 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message)
   } *info;
 
   CHECK_STRING (args[0]);
-  char *format_start = SSDATA (args[0]);
   bool multibyte_format = STRING_MULTIBYTE (args[0]);
   ptrdiff_t formatlen = SBYTES (args[0]);
+  char *format_start = SAFE_ALLOCA (formatlen + 1);
+  memcpy (format_start, SSDATA (args[0]), formatlen + 1);
   bool fmt_props = !!string_intervals (args[0]);
 
   /* Upper bound on number of format specs.  Each uses at least 2 chars.  */