From 0df02bf3e941de4c20a7174e8233357eeca738d5 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 29 Aug 2011 11:55:58 -0700
Subject: [PATCH] * lread.c (dir_warning): Don't blindly alloca buffer; use
 SAFE_ALLOCA.

Use esprintf, not sprintf, in case result does not fit in int.
---
 src/ChangeLog |  3 +++
 src/lread.c   | 16 +++++++++++-----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index adf9bb244b8..ac83d07cba5 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -65,6 +65,9 @@
 	* gtkutil.c (xg_check_special_colors, xg_set_geometry):
 	Make sprintf buffers a bit bigger, to avoid potential buffer overrun.
 
+	* lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA.
+	Use esprintf, not sprintf, in case result does not fit in int.
+
 2011-08-26  Paul Eggert  <eggert@cs.ucla.edu>
 
 	Integer and memory overflow issues (Bug#9196).
diff --git a/src/lread.c b/src/lread.c
index d24da729df6..ec65e881b0e 100644
--- a/src/lread.c
+++ b/src/lread.c
@@ -4295,14 +4295,20 @@ init_lread (void)
 void
 dir_warning (const char *format, Lisp_Object dirname)
 {
-  char *buffer
-    = (char *) alloca (SCHARS (dirname) + strlen (format) + 5);
-
   fprintf (stderr, format, SDATA (dirname));
-  sprintf (buffer, format, SDATA (dirname));
+
   /* Don't log the warning before we've initialized!! */
   if (initialized)
-    message_dolog (buffer, strlen (buffer), 0, STRING_MULTIBYTE (dirname));
+    {
+      char *buffer;
+      ptrdiff_t message_len;
+      USE_SAFE_ALLOCA;
+      SAFE_ALLOCA (buffer, char *,
+		   SBYTES (dirname) + strlen (format) - (sizeof "%s" - 1) + 1);
+      message_len = esprintf (buffer, format, SDATA (dirname));
+      message_dolog (buffer, message_len, 0, STRING_MULTIBYTE (dirname));
+      SAFE_FREE ();
+    }
 }
 
 void
-- 
2.39.2