Avert crash in store_mode_line_string on Android 5.0 and earlier

* src/xdisp.c (store_mode_line_string)
[__ANDROID_API__ < 22]: Call strlen on STRING if the limit
would otherwise be SIZE_MAX, or if the address of the string
is within PRECISION bytes of UINTPTR_MAX, in which case it
cannot possibly be larger than PRECISION.

(cherry picked from commit 8b1841021c0d1ca92cb79443909824519429f75f)

diff --git a/src/xdisp.c b/src/xdisp.c
index 8c7e8e5cb43b58bfdcd31b2d9a64172cb2c7ff43..566c4b211d6bb31498738f57dd61a4bb051909c8 100644 (file)
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -28065,7 +28065,18 @@ store_mode_line_string (const char *string, Lisp_Object lisp_string,
 
   if (string != NULL)
     {
-      len = strnlen (string, precision <= 0 ? SIZE_MAX : precision);
+#if defined HAVE_ANDROID && !defined ANDROID_STUBIFY   \
+  && __ANDROID_API__ < 22
+      /* Circumvent a bug in memchr preventing strnlen from returning
+        valid values when a large limit is specified.
+
+         https://issuetracker.google.com/issues/37020957 */
+      if (precision <= 0 || ((uintptr_t) string
+                            > (UINTPTR_MAX - precision)))
+       len = strlen (string);
+      else
+#endif /* HAVE_ANDROID && !ANDROID_STUBIFY && __ANDROID_API__ < 22 */
+       len = strnlen (string, precision <= 0 ? SIZE_MAX : precision);
       lisp_string = make_string (string, len);
       if (NILP (props))
        props = mode_line_string_face_prop;