From: Paul Eggert Date: Mon, 29 Aug 2011 18:55:58 +0000 (-0700) Subject: * lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA. X-Git-Tag: emacs-pretest-24.0.90~104^2~153^2~1^2~23 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=0df02bf3e941de4c20a7174e8233357eeca738d5;p=emacs.git * lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA. Use esprintf, not sprintf, in case result does not fit in int. --- diff --git a/src/ChangeLog b/src/ChangeLog index adf9bb244b8..ac83d07cba5 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -65,6 +65,9 @@ * gtkutil.c (xg_check_special_colors, xg_set_geometry): Make sprintf buffers a bit bigger, to avoid potential buffer overrun. + * lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA. + Use esprintf, not sprintf, in case result does not fit in int. + 2011-08-26 Paul Eggert Integer and memory overflow issues (Bug#9196). diff --git a/src/lread.c b/src/lread.c index d24da729df6..ec65e881b0e 100644 --- a/src/lread.c +++ b/src/lread.c @@ -4295,14 +4295,20 @@ init_lread (void) void dir_warning (const char *format, Lisp_Object dirname) { - char *buffer - = (char *) alloca (SCHARS (dirname) + strlen (format) + 5); - fprintf (stderr, format, SDATA (dirname)); - sprintf (buffer, format, SDATA (dirname)); + /* Don't log the warning before we've initialized!! */ if (initialized) - message_dolog (buffer, strlen (buffer), 0, STRING_MULTIBYTE (dirname)); + { + char *buffer; + ptrdiff_t message_len; + USE_SAFE_ALLOCA; + SAFE_ALLOCA (buffer, char *, + SBYTES (dirname) + strlen (format) - (sizeof "%s" - 1) + 1); + message_len = esprintf (buffer, format, SDATA (dirname)); + message_dolog (buffer, message_len, 0, STRING_MULTIBYTE (dirname)); + SAFE_FREE (); + } } void