* lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA.

Use esprintf, not sprintf, in case result does not fit in int.

2 files changed, 14 insertions, 5 deletions

diff --git a/src/ChangeLog b/src/ChangeLog
index adf9bb244b8..ac83d07cba5 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -65,6 +65,9 @@
         * gtkutil.c (xg_check_special_colors, xg_set_geometry):
         Make sprintf buffers a bit bigger, to avoid potential buffer overrun.
 
+        * lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA.
+        Use esprintf, not sprintf, in case result does not fit in int.
+
 2011-08-26  Paul Eggert  <eggert@cs.ucla.edu>
 
         Integer and memory overflow issues (Bug#9196).
diff --git a/src/lread.c b/src/lread.c
index d24da729df6..ec65e881b0e 100644
--- a/src/lread.c
+++ b/src/lread.c
@@ -4295,14 +4295,20 @@ init_lread (void)
 void
 dir_warning (const char *format, Lisp_Object dirname)
 {
-  char *buffer
-    = (char *) alloca (SCHARS (dirname) + strlen (format) + 5);
-
   fprintf (stderr, format, SDATA (dirname));
-  sprintf (buffer, format, SDATA (dirname));
+
   /* Don't log the warning before we've initialized!! */
   if (initialized)
-    message_dolog (buffer, strlen (buffer), 0, STRING_MULTIBYTE (dirname));
+    {
+      char *buffer;
+      ptrdiff_t message_len;
+      USE_SAFE_ALLOCA;
+      SAFE_ALLOCA (buffer, char *,
+                   SBYTES (dirname) + strlen (format) - (sizeof "%s" - 1) + 1);
+      message_len = esprintf (buffer, format, SDATA (dirname));
+      message_dolog (buffer, message_len, 0, STRING_MULTIBYTE (dirname));
+      SAFE_FREE ();
+    }
 }
 
 void