aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Eggert2011-07-28 18:59:57 -0700
committerPaul Eggert2011-07-28 18:59:57 -0700
commita3d9c2a4ce11ea001c9ac97c8a6fb9a4f9a1d1ac (patch)
treef03127ba5f01cc430e93b09d510de01c5631343b
parentc26f25213a70687820290a58189e58e687ef498c (diff)
downloademacs-a3d9c2a4ce11ea001c9ac97c8a6fb9a4f9a1d1ac.tar.gz
emacs-a3d9c2a4ce11ea001c9ac97c8a6fb9a4f9a1d1ac.zip
* xrdb.c: Integer and memory overflow issues.
(magic_file_p): Plug memory leak on size overflow. (get_environ_db): Don't assume path length fits in int, as sprintf is limited to int lengths.
Diffstat
-rw-r--r--src/ChangeLog5
-rw-r--r--src/xrdb.c21
2 files changed, 16 insertions, 10 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index b5c5afd7a1e..09ee5a8e4dc 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,10 @@
12011-07-29 Paul Eggert <eggert@cs.ucla.edu> 12011-07-29 Paul Eggert <eggert@cs.ucla.edu>
2 2
3 * xrdb.c: Integer and memory overflow issues.
4 (magic_file_p): Plug memory leak on size overflow.
5 (get_environ_db): Don't assume path length fits in int,
6 as sprintf is limited to int lengths.
7
3 * xgselect.c (xg_select): Check for size calculation overflow. 8 * xgselect.c (xg_select): Check for size calculation overflow.
4 Don't update size until alloc done. 9 Don't update size until alloc done.
5 10
diff --git a/src/xrdb.c b/src/xrdb.c
index 6a16e3260bd..7c2cd586b09 100644
--- a/src/xrdb.c
+++ b/src/xrdb.c
@@ -204,7 +204,10 @@ magic_file_p (const char *string, EMACS_INT string_len, const char *class,
204 if (path_size - path_len <= next_len) 204 if (path_size - path_len <= next_len)
205 { 205 {
206 if (min (PTRDIFF_MAX, SIZE_MAX) / 2 - 1 - path_len < next_len) 206 if (min (PTRDIFF_MAX, SIZE_MAX) / 2 - 1 - path_len < next_len)
207 memory_full (SIZE_MAX); 207 {
208 xfree (path);
209 memory_full (SIZE_MAX);
210 }
208 path_size = (path_len + next_len + 1) * 2; 211 path_size = (path_len + next_len + 1) * 2;
209 path = (char *) xrealloc (path, path_size); 212 path = (char *) xrealloc (path, path_size);
210 } 213 }
@@ -426,24 +429,22 @@ get_environ_db (void)
426{ 429{
427 XrmDatabase db; 430 XrmDatabase db;
428 char *p; 431 char *p;
429 char *path = 0, *home = 0; 432 char *path = 0;
430 const char *host;
431 433
432 if ((p = getenv ("XENVIRONMENT")) == NULL) 434 if ((p = getenv ("XENVIRONMENT")) == NULL)
433 { 435 {
434 home = gethomedir (); 436 static char const xdefaults[] = ".Xdefaults-";
435 host = get_system_name (); 437 char *home = gethomedir ();
436 path = (char *) xmalloc (strlen (home) 438 char const *host = get_system_name ();
437 + sizeof (".Xdefaults-") 439 ptrdiff_t pathsize = strlen (home) + sizeof xdefaults + strlen (host);
438 + strlen (host)); 440 path = (char *) xrealloc (home, pathsize);
439 sprintf (path, "%s%s%s", home, ".Xdefaults-", host); 441 strcat (strcat (path, xdefaults), host);
440 p = path; 442 p = path;
441 } 443 }
442 444
443 db = XrmGetFileDatabase (p); 445 db = XrmGetFileDatabase (p);
444 446
445 xfree (path); 447 xfree (path);
446 xfree (home);
447 448
448 return db; 449 return db;
449} 450}
generated by cgit v1.2.1 (git 2.18.0) at 2026-01-13 06:25:20 +0000