Avoid printing NUL characters in 'message' (bug#75900)

* src/xdisp.c (vmessage): Increase buffer size to fit an extra
multibyte character.  On buffer overflow, drop the last multibyte
character to determine an accurate byte length.

(cherry picked from commit 8812f526cfb145e00ee4cb74eac05b25953da02c)

diff --git a/src/xdisp.c b/src/xdisp.c
index c6774452d664abc8399fb1df3d8a8c8b965c8480..fac1d53ff128159ac61165514cbc75c2986d1779 100644 (file)
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -12587,10 +12587,19 @@ vmessage (const char *m, va_list ap)
              ptrdiff_t len;
              ptrdiff_t maxsize = FRAME_MESSAGE_BUF_SIZE (f);
              USE_SAFE_ALLOCA;
-             char *message_buf = SAFE_ALLOCA (maxsize + 1);
-
-             len = doprnt (message_buf, maxsize, m, 0, ap);
+             char *message_buf = SAFE_ALLOCA (maxsize + MAX_MULTIBYTE_LENGTH);
 
+             len = doprnt (message_buf, maxsize + MAX_MULTIBYTE_LENGTH, m, 0, ap);
+             /* doprnt returns the buffer size minus one when it
+                truncated a multibyte sequence.  Work around that by
+                truncating to the last valid multibyte head.  */
+             if (len >= maxsize)
+               {
+                 len = maxsize - 1;
+                 while (!CHAR_HEAD_P (message_buf[len]))
+                   len--;
+                 message_buf[len] = 0;
+               }
              message3 (make_string (message_buf, len));
              SAFE_FREE ();
            }