* xfns.c (x_window): Make sprintf buffer a bit bigger

author Paul Eggert <eggert@cs.ucla.edu>

Mon, 29 Aug 2011 19:59:51 +0000 (12:59 -0700)

committer Paul Eggert <eggert@cs.ucla.edu>

Mon, 29 Aug 2011 19:59:51 +0000 (12:59 -0700)
author Paul Eggert <eggert@cs.ucla.edu>
Mon, 29 Aug 2011 19:59:51 +0000 (12:59 -0700)
committer Paul Eggert <eggert@cs.ucla.edu>
Mon, 29 Aug 2011 19:59:51 +0000 (12:59 -0700)
diff --git a/src/ChangeLog b/src/ChangeLog

index aeb984ee8df776db774beda361a1a2d187a50985..53344aa7dd9dc60871ec275a4a1166c47a22eb81 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -94,6 +94,9 @@
         * xfaces.c (x_update_menu_appearance): Don't overrun buffer
         if X resource line is longer than 512 bytes.
  
+       * xfns.c (x_window): Make sprintf buffer a bit bigger
+       to avoid potential buffer overrun.
+
  2011-08-26  Paul Eggert  <eggert@cs.ucla.edu>
  
         Integer and memory overflow issues (Bug#9196).
diff --git a/src/xfns.c b/src/xfns.c

index 9a3d5fcda83daa39aa91aec8020bb1d948db0251..194a8f063b7b16245a999e596c814cb8e71b0614 100644 (file)
--- a/src/xfns.c
+++ b/src/xfns.c
@@ -2440,7 +2440,7 @@ x_window (struct frame *f, long window_prompting, int minibuffer_only)
    /* Do some needed geometry management.  */
    {
      ptrdiff_t len;
-    char *tem, shell_position[32];
+    char *tem, shell_position[sizeof "=x++" + 4 * INT_STRLEN_BOUND (int)];
      Arg gal[10];
      int gac = 0;
      int extra_borders = 0;
author	Paul Eggert <eggert@cs.ucla.edu>
	Mon, 29 Aug 2011 19:59:51 +0000 (12:59 -0700)
committer	Paul Eggert <eggert@cs.ucla.edu>
	Mon, 29 Aug 2011 19:59:51 +0000 (12:59 -0700)
src/ChangeLog		patch \| blob \| history
src/xfns.c		patch \| blob \| history