* dispnew.c (add_window_display_history): Don't overrun buffer.

Truncate instead; this is OK since it's just a log.

diff --git a/src/ChangeLog b/src/ChangeLog
index 307174268bcedb327d852b972ac6680a783c6424..4336d6a6b83edcfa9c3a469f6fd391fb8fa9e078 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -23,6 +23,9 @@
        * dbusbind.c (xd_signature, Fdbus_register_signal):
        Do not overrun buffer; instead, report string overflow.
 
+       * dispnew.c (add_window_display_history): Don't overrun buffer.
+       Truncate instead; this is OK since it's just a log.
+
 2011-08-26  Paul Eggert  <eggert@cs.ucla.edu>
 
        Integer and memory overflow issues (Bug#9196).

diff --git a/src/dispnew.c b/src/dispnew.c
index e96583e0025ec8d32fc3ec2268e5c8105b4e13fa..0cc888b4b7aa69a0e247bd6028b8477c13971166 100644 (file)
--- a/src/dispnew.c
+++ b/src/dispnew.c
@@ -272,15 +272,16 @@ add_window_display_history (struct window *w, const char *msg, int paused_p)
   buf = redisplay_history[history_idx].trace;
   ++history_idx;
 
-  sprintf (buf, "%"pMu": window %p (`%s')%s\n",
-          history_tick++,
-          w,
-          ((BUFFERP (w->buffer)
-            && STRINGP (BVAR (XBUFFER (w->buffer), name)))
-           ? SSDATA (BVAR (XBUFFER (w->buffer), name))
-           : "???"),
-          paused_p ? " ***paused***" : "");
-  strcat (buf, msg);
+  esnprintf (buf, sizeof redisplay_history[0].trace,
+            "%"pMu": window %p (`%s')%s\n%s",
+            history_tick++,
+            w,
+            ((BUFFERP (w->buffer)
+              && STRINGP (BVAR (XBUFFER (w->buffer), name)))
+             ? SSDATA (BVAR (XBUFFER (w->buffer), name))
+             : "???"),
+            paused_p ? " ***paused***" : "",
+            msg);
 }