+2011-01-30 Jim Meyering <meyering@redhat.com>
+
+ make-docfile: don't corrupt heap for an invalid .elc file
+ "printf '#@1a' > in.elc; ./make-docfile in.elc" would store 0
+ one byte before just-malloc'd saved_string buffer.
+ * make-docfile.c (scan_lisp_file): Diagnose an invalid dynamic
+ doc string length. Also fix an always-false while-loop test.
+
2011-01-29 Eli Zaretskii <eliz@gnu.org>
* makefile.w32-in (LOCAL_FLAGS): Add -I../lib.
c = getc (infile);
if (c == '@')
{
- int length = 0;
- int i;
+ size_t length = 0;
+ size_t i;
/* Read the length. */
while ((c = getc (infile),
length += c - '0';
}
+ if (length <= 1)
+ fatal ("invalid dynamic doc string length", "");
+
+ if (c != ' ')
+ fatal ("space not found after dynamic doc string length", "");
+
/* The next character is a space that is counted in the length
but not part of the doc string.
We already read it, so just ignore it. */
but it is redundant in DOC. So get rid of it here. */
saved_string[length - 1] = 0;
/* Skip the line break. */
- while (c == '\n' && c == '\r')
+ while (c == '\n' || c == '\r')
c = getc (infile);
/* Skip the following line. */
while (c != '\n' && c != '\r')
projects / emacs.git / commitdiff