diff options
| author | Paul Eggert | 2011-08-29 09:48:19 -0700 |
|---|---|---|
| committer | Paul Eggert | 2011-08-29 09:48:19 -0700 |
| commit | b5cd19054673bfa46a4f0d1ac3905deeafcf94ff (patch) | |
| tree | 07ab94434229efd114cdc57848cfc29c907cdcdd | |
| parent | d749b01b0c7daff6427373b787e56d06e6f4d223 (diff) | |
| download | emacs-b5cd19054673bfa46a4f0d1ac3905deeafcf94ff.tar.gz emacs-b5cd19054673bfa46a4f0d1ac3905deeafcf94ff.zip | |
* filelock.c (lock_file_1, lock_file): Don't blindly alloca long name;
use SAFE_ALLOCA instead. Use esprintf to avoid int-overflow issues.
| -rw-r--r-- | src/ChangeLog | 3 | ||||
| -rw-r--r-- | src/filelock.c | 35 |
2 files changed, 24 insertions, 14 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index bf7d8b9f36f..4624e5fc30e 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -36,6 +36,9 @@ | |||
| 36 | * eval.c (verror): Simplify by rewriting in terms of evxprintf, | 36 | * eval.c (verror): Simplify by rewriting in terms of evxprintf, |
| 37 | which has the guts of the old verror function. | 37 | which has the guts of the old verror function. |
| 38 | 38 | ||
| 39 | * filelock.c (lock_file_1, lock_file): Don't blindly alloca long name; | ||
| 40 | use SAFE_ALLOCA instead. Use esprintf to avoid int-overflow issues. | ||
| 41 | |||
| 39 | 2011-08-26 Paul Eggert <eggert@cs.ucla.edu> | 42 | 2011-08-26 Paul Eggert <eggert@cs.ucla.edu> |
| 40 | 43 | ||
| 41 | Integer and memory overflow issues (Bug#9196). | 44 | Integer and memory overflow issues (Bug#9196). |
diff --git a/src/filelock.c b/src/filelock.c index c28ee7837fa..7235c862ef0 100644 --- a/src/filelock.c +++ b/src/filelock.c | |||
| @@ -341,6 +341,9 @@ lock_file_1 (char *lfname, int force) | |||
| 341 | const char *user_name; | 341 | const char *user_name; |
| 342 | const char *host_name; | 342 | const char *host_name; |
| 343 | char *lock_info_str; | 343 | char *lock_info_str; |
| 344 | ptrdiff_t lock_info_size; | ||
| 345 | int symlink_errno; | ||
| 346 | USE_SAFE_ALLOCA; | ||
| 344 | 347 | ||
| 345 | /* Call this first because it can GC. */ | 348 | /* Call this first because it can GC. */ |
| 346 | boot = get_boot_time (); | 349 | boot = get_boot_time (); |
| @@ -353,17 +356,14 @@ lock_file_1 (char *lfname, int force) | |||
| 353 | host_name = SSDATA (Fsystem_name ()); | 356 | host_name = SSDATA (Fsystem_name ()); |
| 354 | else | 357 | else |
| 355 | host_name = ""; | 358 | host_name = ""; |
| 356 | lock_info_str = (char *)alloca (strlen (user_name) + strlen (host_name) | 359 | lock_info_size = (strlen (user_name) + strlen (host_name) |
| 357 | + 2 * INT_STRLEN_BOUND (printmax_t) | 360 | + 2 * INT_STRLEN_BOUND (printmax_t) |
| 358 | + sizeof "@.:"); | 361 | + sizeof "@.:"); |
| 362 | SAFE_ALLOCA (lock_info_str, char *, lock_info_size); | ||
| 359 | pid = getpid (); | 363 | pid = getpid (); |
| 360 | 364 | ||
| 361 | if (boot) | 365 | esprintf (lock_info_str, boot ? "%s@%s.%"pMd":%"pMd : "%s@%s.%"pMd, |
| 362 | sprintf (lock_info_str, "%s@%s.%"pMd":%"pMd, | 366 | user_name, host_name, pid, boot); |
| 363 | user_name, host_name, pid, boot); | ||
| 364 | else | ||
| 365 | sprintf (lock_info_str, "%s@%s.%"pMd, | ||
| 366 | user_name, host_name, pid); | ||
| 367 | 367 | ||
| 368 | err = symlink (lock_info_str, lfname); | 368 | err = symlink (lock_info_str, lfname); |
| 369 | if (errno == EEXIST && force) | 369 | if (errno == EEXIST && force) |
| @@ -372,6 +372,9 @@ lock_file_1 (char *lfname, int force) | |||
| 372 | err = symlink (lock_info_str, lfname); | 372 | err = symlink (lock_info_str, lfname); |
| 373 | } | 373 | } |
| 374 | 374 | ||
| 375 | symlink_errno = errno; | ||
| 376 | SAFE_FREE (); | ||
| 377 | errno = symlink_errno; | ||
| 375 | return err == 0; | 378 | return err == 0; |
| 376 | } | 379 | } |
| 377 | 380 | ||
| @@ -541,9 +544,11 @@ lock_file (Lisp_Object fn) | |||
| 541 | { | 544 | { |
| 542 | register Lisp_Object attack, orig_fn, encoded_fn; | 545 | register Lisp_Object attack, orig_fn, encoded_fn; |
| 543 | register char *lfname, *locker; | 546 | register char *lfname, *locker; |
| 547 | ptrdiff_t locker_size; | ||
| 544 | lock_info_type lock_info; | 548 | lock_info_type lock_info; |
| 545 | printmax_t pid; | 549 | printmax_t pid; |
| 546 | struct gcpro gcpro1; | 550 | struct gcpro gcpro1; |
| 551 | USE_SAFE_ALLOCA; | ||
| 547 | 552 | ||
| 548 | /* Don't do locking while dumping Emacs. | 553 | /* Don't do locking while dumping Emacs. |
| 549 | Uncompressing wtmp files uses call-process, which does not work | 554 | Uncompressing wtmp files uses call-process, which does not work |
| @@ -580,15 +585,17 @@ lock_file (Lisp_Object fn) | |||
| 580 | return; | 585 | return; |
| 581 | 586 | ||
| 582 | /* Else consider breaking the lock */ | 587 | /* Else consider breaking the lock */ |
| 583 | locker = (char *) alloca (strlen (lock_info.user) + strlen (lock_info.host) | 588 | locker_size = (strlen (lock_info.user) + strlen (lock_info.host) |
| 584 | + INT_STRLEN_BOUND (printmax_t) | 589 | + INT_STRLEN_BOUND (printmax_t) |
| 585 | + sizeof "@ (pid )"); | 590 | + sizeof "@ (pid )"); |
| 591 | SAFE_ALLOCA (locker, char *, locker_size); | ||
| 586 | pid = lock_info.pid; | 592 | pid = lock_info.pid; |
| 587 | sprintf (locker, "%s@%s (pid %"pMd")", | 593 | esprintf (locker, "%s@%s (pid %"pMd")", |
| 588 | lock_info.user, lock_info.host, pid); | 594 | lock_info.user, lock_info.host, pid); |
| 589 | FREE_LOCK_INFO (lock_info); | 595 | FREE_LOCK_INFO (lock_info); |
| 590 | 596 | ||
| 591 | attack = call2 (intern ("ask-user-about-lock"), fn, build_string (locker)); | 597 | attack = call2 (intern ("ask-user-about-lock"), fn, build_string (locker)); |
| 598 | SAFE_FREE (); | ||
| 592 | if (!NILP (attack)) | 599 | if (!NILP (attack)) |
| 593 | /* User says take the lock */ | 600 | /* User says take the lock */ |
| 594 | { | 601 | { |