From eee1d99f965949c9fd372755572c42ddc9e69039 Mon Sep 17 00:00:00 2001
From: Eli Zaretskii <eliz@gnu.org>
Date: Fri, 31 Jan 2025 10:41:28 +0200
Subject: [PATCH] Avoid stack overflow on MS-Windows due to 'make-temp-name'

* src/fileio.c (Fexpand_file_name) [DOS_NT]: Use 'SAFE_ALLOCA'
instead of 'alloca'.  (Bug#75938)

(cherry picked from commit f54f798588ee5f0b6ba4ebbc1c1b395c19845a2f)
---
 src/fileio.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/fileio.c b/src/fileio.c
index 0c27bb3174c..1832a4c7759 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -1450,7 +1450,7 @@ the root directory.  */)
       char *adir = NULL;
       if (!IS_DIRECTORY_SEP (nm[0]))
 	{
-	  adir = alloca (MAXPATHLEN + 1);
+	  adir = SAFE_ALLOCA (MAXPATHLEN + 1);
 	  if (!getdefdir (c_toupper (drive) - 'A' + 1, adir))
 	    adir = NULL;
 	  else if (multibyte)
@@ -1467,7 +1467,7 @@ the root directory.  */)
       if (!adir)
 	{
 	  /* Either nm starts with /, or drive isn't mounted.  */
-	  adir = alloca (4);
+	  adir = SAFE_ALLOCA (4);
 	  adir[0] = DRIVE_LETTER (drive);
 	  adir[1] = ':';
 	  adir[2] = '/';
@@ -1540,7 +1540,7 @@ the root directory.  */)
 	    {
 	      ptrdiff_t nmlen = nmlim - nm;
 	      ptrdiff_t newdirlen = newdirlim - newdir;
-	      char *tmp = alloca (newdirlen + file_name_as_directory_slop
+	      char *tmp = SAFE_ALLOCA (newdirlen + file_name_as_directory_slop
 				  + nmlen + 1);
 	      ptrdiff_t dlen = file_name_as_directory (tmp, newdir, newdirlen,
 						       multibyte);
@@ -1548,7 +1548,7 @@ the root directory.  */)
 	      nm = tmp;
 	      nmlim = nm + dlen + nmlen;
 	    }
-	  adir = alloca (adir_size);
+	  adir = SAFE_ALLOCA (adir_size);
 	  if (drive)
 	    {
 	      if (!getdefdir (c_toupper (drive) - 'A' + 1, adir))
@@ -1584,7 +1584,7 @@ the root directory.  */)
 	  if (IS_DIRECTORY_SEP (newdir[0]) && IS_DIRECTORY_SEP (newdir[1])
 	      && !IS_DIRECTORY_SEP (newdir[2]))
 	    {
-	      char *adir = strcpy (alloca (newdirlim - newdir + 1), newdir);
+	      char *adir = strcpy (SAFE_ALLOCA (newdirlim - newdir + 1), newdir);
 	      char *p = adir + 2;
 	      while (*p && !IS_DIRECTORY_SEP (*p)) p++;
 	      p++;
@@ -1614,7 +1614,7 @@ the root directory.  */)
   /* Reserve space for drive specifier and escape prefix, since either
      or both may need to be inserted.  (The Microsoft x86 compiler
      produces incorrect code if the following two lines are combined.)  */
-  target = alloca (tlen + 4);
+  target = SAFE_ALLOCA (tlen + 4);
   target += 4;
 #else  /* not DOS_NT */
   target = SAFE_ALLOCA (tlen);
-- 
2.39.5