From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 29 Aug 2011 15:53:21 +0000 (-0700)
Subject: * editfns.c (Fcurrent_time_zone): Don't overrun buffer
X-Git-Tag: emacs-pretest-24.0.90~104^2~153^2~1^2~31
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=33ef5c64373c744c6ce4329fe021c3eb729aeee4;p=emacs.git

* editfns.c (Fcurrent_time_zone): Don't overrun buffer

even if the time zone offset is outlandishly large.
Don't mishandle offset == INT_MIN.
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 4336d6a6b83..afd78a46c6e 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -26,6 +26,10 @@
 	* dispnew.c (add_window_display_history): Don't overrun buffer.
 	Truncate instead; this is OK since it's just a log.
 
+	* editfns.c (Fcurrent_time_zone): Don't overrun buffer
+	even if the time zone offset is outlandishly large.
+	Don't mishandle offset == INT_MIN.
+
 2011-08-26  Paul Eggert  <eggert@cs.ucla.edu>
 
 	Integer and memory overflow issues (Bug#9196).
diff --git a/src/editfns.c b/src/editfns.c
index 6759016766f..580298c6e7d 100644
--- a/src/editfns.c
+++ b/src/editfns.c
@@ -2014,7 +2014,7 @@ the data it can't find.  */)
     {
       int offset = tm_diff (t, &gmt);
       char *s = 0;
-      char buf[6];
+      char buf[sizeof "+00" + INT_STRLEN_BOUND (int)];
 
 #ifdef HAVE_TM_ZONE
       if (t->tm_zone)
@@ -2029,7 +2029,8 @@ the data it can't find.  */)
       if (!s)
 	{
 	  /* No local time zone name is available; use "+-NNNN" instead.  */
-	  int am = (offset < 0 ? -offset : offset) / 60;
+	  int m = offset / 60;
+	  int am = offset < 0 ? - m : m;
 	  sprintf (buf, "%c%02d%02d", (offset < 0 ? '-' : '+'), am/60, am%60);
 	  s = buf;
 	}