* editfns.c (Fformat_time_string): Don't assume strlen fits in int.

Report string overflow if the output is too long.

2 files changed, 12 insertions, 3 deletions

diff --git a/src/ChangeLog b/src/ChangeLog
index f861e8ed5f7..4ea54141142 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2011-07-04  Paul Eggert  <eggert@cs.ucla.edu>
+
+        * editfns.c (Fformat_time_string): Don't assume strlen fits in int.
+        Report string overflow if the output is too long.
+
 2011-07-04  Juanma Barranquero  <lekktu@gmail.com>
 
         * gnutls.c (Fgnutls_boot): Don't mention :verify-error.
diff --git a/src/editfns.c b/src/editfns.c
index c470c9be985..bb36d0dee71 100644
--- a/src/editfns.c
+++ b/src/editfns.c
@@ -1700,7 +1700,7 @@ For example, to produce full ISO 8601 format, use "%Y-%m-%dT%T%z".  */)
   (Lisp_Object format_string, Lisp_Object timeval, Lisp_Object universal)
 {
   time_t value;
-  int size;
+  ptrdiff_t size;
   int usec;
   int ns;
   struct tm *tm;
@@ -1717,7 +1717,9 @@ For example, to produce full ISO 8601 format, use "%Y-%m-%dT%T%z".  */)
                                                 Vlocale_coding_system, 1);
 
   /* This is probably enough.  */
-  size = SBYTES (format_string) * 6 + 50;
+  size = SBYTES (format_string);
+  if (size <= (STRING_BYTES_BOUND - 50) / 6)
+    size = size * 6 + 50;
 
   BLOCK_INPUT;
   tm = ut ? gmtime (&value) : localtime (&value);
@@ -1730,7 +1732,7 @@ For example, to produce full ISO 8601 format, use "%Y-%m-%dT%T%z".  */)
   while (1)
     {
       char *buf = (char *) alloca (size + 1);
-      int result;
+      size_t result;
 
       buf[0] = '\1';
       BLOCK_INPUT;
@@ -1749,6 +1751,8 @@ For example, to produce full ISO 8601 format, use "%Y-%m-%dT%T%z".  */)
                                 SBYTES (format_string),
                                 tm, ut, ns);
       UNBLOCK_INPUT;
+      if (STRING_BYTES_BOUND <= result)
+        string_overflow ();
       size = result + 1;
     }
 }