From eb7582620704a33f23d2c9952790b998e4396995 Mon Sep 17 00:00:00 2001
From: Eli Zaretskii <eliz@gnu.org>
Date: Mon, 17 May 2021 18:10:49 +0300
Subject: [PATCH] Avoid crashes in condition-case

* src/eval.c (internal_lisp_condition_case): Don't take XCAR
without making sure the value is a cons cell.  (Bug#48479)
---
 src/eval.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/eval.c b/src/eval.c
index aeedcc50cc0..18faa0b9b15 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -1370,7 +1370,7 @@ internal_lisp_condition_case (Lisp_Object var, Lisp_Object bodyform,
 		     || CONSP (XCAR (tem))))))
 	error ("Invalid condition handler: %s",
 	       SDATA (Fprin1_to_string (tem, Qt)));
-      if (EQ (XCAR (tem), QCsuccess))
+      if (CONSP (tem) && EQ (XCAR (tem), QCsuccess))
 	success_handler = XCDR (tem);
       else
 	clausenb++;
@@ -1387,8 +1387,11 @@ internal_lisp_condition_case (Lisp_Object var, Lisp_Object bodyform,
   Lisp_Object volatile *clauses = alloca (clausenb * sizeof *clauses);
   clauses += clausenb;
   for (Lisp_Object tail = handlers; CONSP (tail); tail = XCDR (tail))
-    if (!EQ (XCAR (XCAR (tail)), QCsuccess))
-      *--clauses = XCAR (tail);
+    {
+      Lisp_Object tem = XCAR (tail);
+      if (!(CONSP (tem) && EQ (XCAR (tem), QCsuccess)))
+	*--clauses = tem;
+    }
   for (ptrdiff_t i = 0; i < clausenb; i++)
     {
       Lisp_Object clause = clauses[i];
-- 
2.39.5