From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun, 4 Sep 2011 21:52:59 +0000 (-0700)
Subject: sprintf-related integer and memory overflow issues
X-Git-Tag: emacs-pretest-24.0.90~104^2~153^2~1
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=86633eab8a77697f6e15aae568868781a5a1023f;p=emacs.git

sprintf-related integer and memory overflow issues

Fixes: debbugs:9397 debbugs:9412
---

86633eab8a77697f6e15aae568868781a5a1023f
diff --cc ChangeLog
index 1f38dbf71ca,c973a82e8a4..aae3e190049
--- a/ChangeLog
+++ b/ChangeLog
@@@ -1,3 -1,7 +1,7 @@@
 -2011-08-31  Paul Eggert  <eggert@cs.ucla.edu>
++2011-09-04  Paul Eggert  <eggert@cs.ucla.edu>
+ 
+ 	* configure.in (snprintf): New check.
+ 
  2011-08-30  Paul Eggert  <eggert@cs.ucla.edu>
  
  	* configure.in (opsys): Change pattern to *-*-linux*
diff --cc lib-src/ChangeLog
index c878d313b70,e8a0b13f419..9041eae8bbe
--- a/lib-src/ChangeLog
+++ b/lib-src/ChangeLog
@@@ -1,3 -1,38 +1,38 @@@
 -2011-08-28  Paul Eggert  <eggert@cs.ucla.edu>
++2011-09-04  Paul Eggert  <eggert@cs.ucla.edu>
+ 
+ 	Integer and memory overflow issues (Bug#9397).
+ 
+ 	* emacsclient.c (xmalloc): Accept size_t, not unsigned int, to
+ 	avoid potential buffer overflow issues on typical 64-bit hosts.
+ 	Return void *, not long *.
+ 	(get_current_dir_name): Report a failure, instead of looping
+ 	forever, if buffer size calculation overflows.  Treat malloc
+ 	failures like realloc failures, as that has better behavior and is
+ 	more consistent.  Do not check whether xmalloc returns NULL, as
+ 	that's not possible.
+ 	(message): Do not arbitrarily truncate message to 2048 bytes when
+ 	sending it to stderr; use vfprintf instead.
+ 	(get_server_config, set_local_socket)
+ 	(start_daemon_and_retry_set_socket): Do not alloca
+ 	arbitrarily-large buffers; that's not safe.
+ 	(get_server_config, set_local_socket): Do not use sprintf when its
+ 	result might not fit in 'int'.
+ 	(set_local_socket): Do not assume uid fits in 'int'.
+ 
+ 	* etags.c (xmalloc, xrealloc): Accept size_t, not unsigned int,
+ 	to avoid potential buffer overflow issues on typical 64-bit hosts.
+ 	(whatlen_max): New static var.
+ 	(main): Avoid buffer overflow if subsidiary command length is
+ 	greater than BUFSIZ or 2*BUFSIZ + 20. Do not use sprintf when its
+ 	result might not fit in 'int'.
+ 
+ 	* movemail.c (main): Do not use sprintf when its result might not fit
+ 	in 'int'.  Instead, put the possibly-long file name into the
+ 	output of pfatal_with_name.
+ 
+ 	* update-game-score.c: Include <limits.h>
+ 	(get_user_id): Do not assume uid fits in 'int'.  Simplify.
+ 
  2011-07-28  Paul Eggert  <eggert@cs.ucla.edu>
  
  	Assume freestanding C89 headers, string.h, stdlib.h.
diff --cc nt/ChangeLog
index edbd1a1c1d4,f3c57c7e0d0..8c2ca056aa1
--- a/nt/ChangeLog
+++ b/nt/ChangeLog
@@@ -1,3 -1,7 +1,7 @@@
 -2011-08-31  Paul Eggert  <eggert@cs.ucla.edu>
++2011-09-04  Paul Eggert  <eggert@cs.ucla.edu>
+ 
+ 	* config.nt (HAVE_SNPRINTF): New macro.
+ 
  2011-07-28  Paul Eggert  <eggert@cs.ucla.edu>
  
  	Assume freestanding C89 headers, string.h, stdlib.h.