Fix doprnt when buffer is too small for multibyte sequences.

 src/doprnt.c (doprnt): Fix the case where a multibyte sequence
 produced by %s or %c overflows available buffer space.  (Bug#8545)

diff --git a/src/ChangeLog b/src/ChangeLog
index 832c8abfdcca4d9a3a9bede0c73136338c6c8aab..bb660036c1771cd940227965b156166362858a5f 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2011-04-29  Eli Zaretskii  <eliz@gnu.org>
+
+       * doprnt.c (doprnt): Fix the case where a multibyte sequence
+       produced by %s or %c overflows available buffer space.  (Bug#8545)
+
 2011-04-28  Paul Eggert  <eggert@cs.ucla.edu>
 
        * doprnt.c (doprnt): Omit useless test; int overflow check (Bug#8545).

diff --git a/src/doprnt.c b/src/doprnt.c
index e9a68f9d2195488504714b101e554e64470b2239..2508ddd831a0dc2a85d5e97c69ff43788a4d7b76 100644 (file)
--- a/src/doprnt.c
+++ b/src/doprnt.c
@@ -367,9 +367,21 @@ doprnt (char *buffer, register size_t bufsize, const char *format,
                  /* Truncate the string at character boundary.  */
                  tem = bufsize;
                  while (!CHAR_HEAD_P (string[tem - 1])) tem--;
-                 memcpy (bufptr, string, tem);
-                 /* We must calculate WIDTH again.  */
-                 width = strwidth (bufptr, tem);
+                 /* If the multibyte sequence of this character is
+                    too long for the space we have left in the
+                    buffer, truncate before it.  */
+                 if (tem > 0
+                     && BYTES_BY_CHAR_HEAD (string[tem - 1]) > bufsize)
+                   tem--;
+                 if (tem > 0)
+                   memcpy (bufptr, string, tem);
+                 bufptr[tem] = 0;
+                 /* Trigger exit from the loop, but make sure we
+                    return to the caller a value which will indicate
+                    that the buffer was too small.  */
+                 bufptr += bufsize;
+                 bufsize = 0;
+                 continue;
                }
              else
                memcpy (bufptr, string, tem);

diff --git a/src/eval.c b/src/eval.c
index bcbbf740153c129a7e01491733ca8b432f2abbe6..ea090644c07cee6592600389c83f2e5a25376781 100644 (file)
--- a/src/eval.c
+++ b/src/eval.c
@@ -1994,7 +1994,7 @@ verror (const char *m, va_list ap)
 {
   char buf[4000];
   size_t size = sizeof buf;
-  size_t size_max =    min (MOST_POSITIVE_FIXNUM, SIZE_MAX);
+  size_t size_max = min (MOST_POSITIVE_FIXNUM, SIZE_MAX);
   size_t mlen = strlen (m);
   char *buffer = buf;
   size_t used;