From 80f2e268a31679c363e0fa2c660d8dca53871aed Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 29 Aug 2011 12:47:44 -0700
Subject: [PATCH] * term.c (produce_glyphless_glyph): Make sprintf buffer a bit
 bigger

to avoid potential buffer overrun.
---
 src/ChangeLog | 3 +++
 src/term.c    | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index b1c29363da0..97d1ea08db1 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -88,6 +88,9 @@
 	* process.c (make_process): Use printmax_t, not int, to format
 	process-name gensyms.
 
+	* term.c (produce_glyphless_glyph): Make sprintf buffer a bit bigger
+	to avoid potential buffer overrun.
+
 2011-08-26  Paul Eggert  <eggert@cs.ucla.edu>
 
 	Integer and memory overflow issues (Bug#9196).
diff --git a/src/term.c b/src/term.c
index f3bf3a947cb..48d4069e20e 100644
--- a/src/term.c
+++ b/src/term.c
@@ -1887,7 +1887,7 @@ produce_glyphless_glyph (struct it *it, int for_no_font, Lisp_Object acronym)
 {
   int face_id;
   int len;
-  char buf[9];
+  char buf[sizeof "\\x" + max (6, (sizeof it->c * CHAR_BIT + 3) / 4)];
   char const *str = "    ";
 
   /* Get a face ID for the glyph by utilizing a cache (the same way as
-- 
2.39.2