From 1e6f32f816c83b5a78e514d77b8f1d7052561d2e Mon Sep 17 00:00:00 2001
From: Jim Meyering <jim@meyering.net>
Date: Wed, 2 May 2012 18:41:27 +0800
Subject: [PATCH] * lib-src/emacsclient.c (send_to_emacs): Avoid invalid strcpy
 upon partial send.

Fixes: debbugs:11374
---
 lib-src/ChangeLog     |  5 +++++
 lib-src/emacsclient.c | 40 ++++++++++++++++++++++------------------
 2 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/lib-src/ChangeLog b/lib-src/ChangeLog
index d225b77f156..007a365708c 100644
--- a/lib-src/ChangeLog
+++ b/lib-src/ChangeLog
@@ -1,3 +1,8 @@
+2012-05-02  Jim Meyering  <jim@meyering.net>
+
+	* emacsclient.c (send_to_emacs): Avoid invalid strcpy upon partial
+	send (Bug#11374).
+
 2012-04-29  Andreas Schwab  <schwab@linux-m68k.org>
 
 	* make-docfile.c (scan_lisp_file) [DEBUG]: Also skip if and
diff --git a/lib-src/emacsclient.c b/lib-src/emacsclient.c
index ea55398306b..d8e9e256584 100644
--- a/lib-src/emacsclient.c
+++ b/lib-src/emacsclient.c
@@ -119,6 +119,8 @@ char *(getcwd) (char *, size_t);
 # define IF_LINT(Code) /* empty */
 #endif
 
+#define min(x, y) (((x) < (y)) ? (x) : (y))
+
 
 /* Name used to invoke this program.  */
 const char *progname;
@@ -783,33 +785,35 @@ sock_err_message (const char *function_name)
 static void
 send_to_emacs (HSOCKET s, const char *data)
 {
-  while (data)
+  size_t dlen;
+
+  if (!data)
+    return;
+
+  dlen = strlen (data);
+  while (*data)
     {
-      size_t dlen = strlen (data);
-      if (dlen + sblen >= SEND_BUFFER_SIZE)
-	{
-	  int part = SEND_BUFFER_SIZE - sblen;
-	  strncpy (&send_buffer[sblen], data, part);
-	  data += part;
-	  sblen = SEND_BUFFER_SIZE;
-	}
-      else if (dlen)
-	{
-	  strcpy (&send_buffer[sblen], data);
-	  data = NULL;
-	  sblen += dlen;
-	}
-      else
-	break;
+      size_t part = min (dlen, SEND_BUFFER_SIZE - sblen);
+      memcpy (&send_buffer[sblen], data, part);
+      data += part;
+      sblen += part;
 
       if (sblen == SEND_BUFFER_SIZE
 	  || (sblen > 0 && send_buffer[sblen-1] == '\n'))
 	{
 	  int sent = send (s, send_buffer, sblen, 0);
+	  if (sent < 0)
+	    {
+	      message (TRUE, "%s: failed to send %d bytes to socket: %s\n",
+		       progname, sblen, strerror (errno));
+	      fail ();
+	    }
 	  if (sent != sblen)
-	    strcpy (send_buffer, &send_buffer[sent]);
+	    memmove (send_buffer, &send_buffer[sent], sblen - sent);
 	  sblen -= sent;
 	}
+
+      dlen -= part;
     }
 }
 
-- 
2.39.2