From ea64063f079e31f824de1f471074c69281fb06fd Mon Sep 17 00:00:00 2001
From: Daniel Colascione <dancol@dancol.org>
Date: Fri, 21 Mar 2014 20:04:24 -0700
Subject: [PATCH] Do not read unitialized memory in conv_sockaddr_to_lisp

---
 lisp/ChangeLog        |  5 +++++
 lisp/mail/emacsbug.el |  4 ++++
 src/ChangeLog         |  6 ++++++
 src/process.c         | 20 ++++++++++++++++----
 4 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index b35264cdf6b..214807697e1 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,8 @@
+2014-03-21  Daniel Colascione  <dancol@dancol.org>
+
+	* mail/emacsbug.el (report-emacs-bug): Include memory usage
+	information in bug reports.
+
 2014-03-21  Glenn Morris  <rgm@gnu.org>
 
 	* Makefile.in ($(MH_E_DIR)/mh-loaddefs.el)
diff --git a/lisp/mail/emacsbug.el b/lisp/mail/emacsbug.el
index 0f72d24ed1e..b994949e94d 100644
--- a/lisp/mail/emacsbug.el
+++ b/lisp/mail/emacsbug.el
@@ -322,6 +322,10 @@ usually do not have translators for other languages.\n\n")))
                 shadows)))
     (insert (format "\nFeatures:\n%s\n" features))
     (fill-region (line-beginning-position 0) (point))
+
+    (insert (format "\nMemory information:\n"))
+    (pp (garbage-collect) (current-buffer))
+    
     ;; This is so the user has to type something in order to send easily.
     (use-local-map (nconc (make-sparse-keymap) (current-local-map)))
     (define-key (current-local-map) "\C-c\C-i" 'info-emacs-bug)
diff --git a/src/ChangeLog b/src/ChangeLog
index c491119041f..504716f8915 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2014-03-22  Daniel Colascione  <dancol@dancol.org>
+
+	* process.c (conv_sockaddr_to_lisp): When extracting the string
+	names of AF_LOCAL sockets, stop before reading uninitialized
+	memory.
+
 2014-03-21  Daniel Colascione  <dancol@dancol.org>
 
 	* xterm.c (x_bitmap_icon): Stop reading the icon bitmap from disk
diff --git a/src/process.c b/src/process.c
index 187627dd85a..10a2984a053 100644
--- a/src/process.c
+++ b/src/process.c
@@ -2010,10 +2010,22 @@ conv_sockaddr_to_lisp (struct sockaddr *sa, int len)
     case AF_LOCAL:
       {
 	struct sockaddr_un *sockun = (struct sockaddr_un *) sa;
-	for (i = 0; i < sizeof (sockun->sun_path); i++)
-	  if (sockun->sun_path[i] == 0)
-	    break;
-	return make_unibyte_string (sockun->sun_path, i);
+        ptrdiff_t name_length = len - offsetof (struct sockaddr_un, sun_path);
+        /* If the first byte is NUL, the name is a Linux abstract
+           socket name, and the name can contain embedded NULs.  If
+           it's not, we have a NUL-terminated string.  Be careful not
+           to walk past the end of the object looking for the name
+           terminator, however.  */
+        if (name_length > 0 && sockun->sun_path[0] != '\0')
+          {
+            const char* terminator =
+              memchr (sockun->sun_path, '\0', name_length);
+
+            if (terminator)
+              name_length = terminator - (const char*) sockun->sun_path;
+          }
+
+	return make_unibyte_string (sockun->sun_path, name_length);
       }
 #endif
     default:
-- 
2.39.5