From aaafe47af10d234df2483bace35336a79736cc8b Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 21 Jun 2011 10:49:46 -0700
Subject: [PATCH] * xsettings.c (apply_xft_settings): Fix potential buffer
 overrun.

This is unlikely, but can occur if DPI is outlandish.
---
 src/ChangeLog   |  3 +++
 src/xsettings.c | 36 +++++++++++++++++++++---------------
 2 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 0c7cac342d9..ad84e3271e4 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,8 @@
 2011-06-21  Paul Eggert  <eggert@cs.ucla.edu>
 
+	* xsettings.c (apply_xft_settings): Fix potential buffer overrun.
+	This is unlikely, but can occur if DPI is outlandish.
+
 	* xselect.c (Fx_get_atom_name): Avoid need for strlen.
 
 	* xrdb.c: Don't assume strlen fits in int; avoid some strlens.
diff --git a/src/xsettings.c b/src/xsettings.c
index 2513bcc5aa8..c8cb9529647 100644
--- a/src/xsettings.c
+++ b/src/xsettings.c
@@ -18,6 +18,8 @@ You should have received a copy of the GNU General Public License
 along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.  */
 
 #include <config.h>
+
+#include <float.h>
 #include <limits.h>
 #include <setjmp.h>
 #include <fcntl.h>
@@ -434,10 +436,8 @@ apply_xft_settings (struct x_display_info *dpyinfo,
   FcPattern *pat;
   struct xsettings oldsettings;
   int changed = 0;
-  char buf[256];
 
   memset (&oldsettings, 0, sizeof (oldsettings));
-  buf[0] = '\0';
   pat = FcPatternCreate ();
   XftDefaultSubstitute (dpyinfo->display,
                         XScreenNumberOfScreen (dpyinfo->screen),
@@ -458,7 +458,6 @@ apply_xft_settings (struct x_display_info *dpyinfo,
       ++changed;
       oldsettings.aa = settings->aa;
     }
-  sprintf (buf, "Antialias: %d", oldsettings.aa);
 
   if ((settings->seen & SEEN_HINTING) != 0
       && oldsettings.hinting != settings->hinting)
@@ -468,8 +467,6 @@ apply_xft_settings (struct x_display_info *dpyinfo,
       ++changed;
       oldsettings.hinting = settings->hinting;
     }
-  if (strlen (buf) > 0) strcat (buf, ", ");
-  sprintf (buf+strlen (buf), "Hinting: %d", oldsettings.hinting);
   if ((settings->seen & SEEN_RGBA) != 0 && oldsettings.rgba != settings->rgba)
     {
       FcPatternDel (pat, FC_RGBA);
@@ -477,8 +474,6 @@ apply_xft_settings (struct x_display_info *dpyinfo,
       oldsettings.rgba = settings->rgba;
       ++changed;
     }
-  if (strlen (buf) > 0) strcat (buf, ", ");
-  sprintf (buf+strlen (buf), "RGBA: %d", oldsettings.rgba);
 
   /* Older fontconfig versions don't have FC_LCD_FILTER. */
   if ((settings->seen & SEEN_LCDFILTER) != 0
@@ -489,8 +484,6 @@ apply_xft_settings (struct x_display_info *dpyinfo,
       ++changed;
       oldsettings.lcdfilter = settings->lcdfilter;
     }
-  if (strlen (buf) > 0) strcat (buf, ", ");
-  sprintf (buf+strlen (buf), "LCDFilter: %d", oldsettings.lcdfilter);
 
 # ifdef FC_HINT_STYLE
   if ((settings->seen & SEEN_HINTSTYLE) != 0
@@ -502,8 +495,6 @@ apply_xft_settings (struct x_display_info *dpyinfo,
       oldsettings.hintstyle = settings->hintstyle;
     }
 # endif
-  if (strlen (buf) > 0) strcat (buf, ", ");
-  sprintf (buf+strlen (buf), "Hintstyle: %d", oldsettings.hintstyle);
 
   if ((settings->seen & SEEN_DPI) != 0 && oldsettings.dpi != settings->dpi
       && settings->dpi > 0)
@@ -523,16 +514,31 @@ apply_xft_settings (struct x_display_info *dpyinfo,
           XFRAME (frame)->resy = XFRAME (frame)->resx = settings->dpi;
     }
 
-  if (strlen (buf) > 0) strcat (buf, ", ");
-  sprintf (buf+strlen (buf), "DPI: %lf", oldsettings.dpi);
-
   if (changed)
     {
+      static char const format[] =
+	"Antialias: %d, Hinting: %d, RGBA: %d, LCDFilter: %d, "
+	"Hintstyle: %d, DPI: %lf";
+      enum
+      {
+	d_formats = 5,
+	d_growth = INT_BUFSIZE_BOUND (int) - sizeof "%d",
+	lf_formats = 1,
+	max_f_integer_digits = DBL_MAX_10_EXP + 1,
+	f_precision = 6,
+	lf_growth = (sizeof "-." + max_f_integer_digits + f_precision
+		     - sizeof "%lf")
+      };
+      char buf[sizeof format + d_formats * d_growth + lf_formats * lf_growth];
+
       XftDefaultSet (dpyinfo->display, pat);
       if (send_event_p)
         store_config_changed_event (Qfont_render,
                                     XCAR (dpyinfo->name_list_element));
-      Vxft_settings = make_string (buf, strlen (buf));
+      sprintf (buf, format, oldsettings.aa, oldsettings.hinting,
+	       oldsettings.rgba, oldsettings.lcdfilter,
+	       oldsettings.hintstyle, oldsettings.dpi);
+      Vxft_settings = build_string (buf);
     }
   else
     FcPatternDestroy (pat);
-- 
2.39.2