sprintf-related integer and memory overflow issues

Fixes: debbugs:9397 debbugs:9412
author: Paul Eggert 2011-09-04 14:52:59 -0700
committer: Paul Eggert 2011-09-04 14:52:59 -0700
commit: 86633eab8a77697f6e15aae568868781a5a1023f (patch)
tree: 22039ff17f96363d7115a8e02c0884010ba75744 /lib-src/ChangeLog
parent: 53e9fe90811730f68c4ea246cd8dee8aa22486de (diff)
parent: 6511acf2570df26e93e15283d593b8e81d217a78 (diff)
download: emacs-86633eab8a77697f6e15aae568868781a5a1023f.tar.gz
emacs-86633eab8a77697f6e15aae568868781a5a1023f.zip
1 files changed, 35 insertions, 0 deletions
diff --git a/lib-src/ChangeLog b/lib-src/ChangeLog
index c878d313b70..9041eae8bbe 100644
--- a/lib-src/ChangeLog
+++ b/lib-src/ChangeLog
@@ -1,3 +1,38 @@
+2011-09-04  Paul Eggert  <eggert@cs.ucla.edu>
+        Integer and memory overflow issues (Bug#9397).
+        * emacsclient.c (xmalloc): Accept size_t, not unsigned int, to
+        avoid potential buffer overflow issues on typical 64-bit hosts.
+        Return void *, not long *.
+        (get_current_dir_name): Report a failure, instead of looping
+        forever, if buffer size calculation overflows.  Treat malloc
+        failures like realloc failures, as that has better behavior and is
+        more consistent.  Do not check whether xmalloc returns NULL, as
+        that's not possible.
+        (message): Do not arbitrarily truncate message to 2048 bytes when
+        sending it to stderr; use vfprintf instead.
+        (get_server_config, set_local_socket)
+        (start_daemon_and_retry_set_socket): Do not alloca
+        arbitrarily-large buffers; that's not safe.
+        (get_server_config, set_local_socket): Do not use sprintf when its
+        result might not fit in 'int'.
+        (set_local_socket): Do not assume uid fits in 'int'.
+        * etags.c (xmalloc, xrealloc): Accept size_t, not unsigned int,
+        to avoid potential buffer overflow issues on typical 64-bit hosts.
+        (whatlen_max): New static var.
+        (main): Avoid buffer overflow if subsidiary command length is
+        greater than BUFSIZ or 2*BUFSIZ + 20. Do not use sprintf when its
+        result might not fit in 'int'.
+        * movemail.c (main): Do not use sprintf when its result might not fit
+        in 'int'.  Instead, put the possibly-long file name into the
+        output of pfatal_with_name.
+        * update-game-score.c: Include <limits.h>
+        (get_user_id): Do not assume uid fits in 'int'.  Simplify.
 2011-07-28  Paul Eggert  <eggert@cs.ucla.edu>
        Assume freestanding C89 headers, string.h, stdlib.h.
author	Paul Eggert	2011-09-04 14:52:59 -0700
committer	Paul Eggert	2011-09-04 14:52:59 -0700
commit	86633eab8a77697f6e15aae568868781a5a1023f (patch)
tree	22039ff17f96363d7115a8e02c0884010ba75744 /lib-src/ChangeLog
parent	53e9fe90811730f68c4ea246cd8dee8aa22486de (diff)
parent	6511acf2570df26e93e15283d593b8e81d217a78 (diff)
download	emacs-86633eab8a77697f6e15aae568868781a5a1023f.tar.gz emacs-86633eab8a77697f6e15aae568868781a5a1023f.zip

diff --git a/lib-src/ChangeLog b/lib-src/ChangeLog index c878d313b70..9041eae8bbe 100644 --- a/lib-src/ChangeLog +++ b/lib-src/ChangeLog
@@ -1,3 +1,38 @@
		1	2011-09-04 Paul Eggert <eggert@cs.ucla.edu>
		2
		3	Integer and memory overflow issues (Bug#9397).
		4
		5	* emacsclient.c (xmalloc): Accept size_t, not unsigned int, to
		6	avoid potential buffer overflow issues on typical 64-bit hosts.
		7	Return void , not long .
		8	(get_current_dir_name): Report a failure, instead of looping
		9	forever, if buffer size calculation overflows. Treat malloc
		10	failures like realloc failures, as that has better behavior and is
		11	more consistent. Do not check whether xmalloc returns NULL, as
		12	that's not possible.
		13	(message): Do not arbitrarily truncate message to 2048 bytes when
		14	sending it to stderr; use vfprintf instead.
		15	(get_server_config, set_local_socket)
		16	(start_daemon_and_retry_set_socket): Do not alloca
		17	arbitrarily-large buffers; that's not safe.
		18	(get_server_config, set_local_socket): Do not use sprintf when its
		19	result might not fit in 'int'.
		20	(set_local_socket): Do not assume uid fits in 'int'.
		21
		22	* etags.c (xmalloc, xrealloc): Accept size_t, not unsigned int,
		23	to avoid potential buffer overflow issues on typical 64-bit hosts.
		24	(whatlen_max): New static var.
		25	(main): Avoid buffer overflow if subsidiary command length is
		26	greater than BUFSIZ or 2*BUFSIZ + 20. Do not use sprintf when its
		27	result might not fit in 'int'.
		28
		29	* movemail.c (main): Do not use sprintf when its result might not fit
		30	in 'int'. Instead, put the possibly-long file name into the
		31	output of pfatal_with_name.
		32
		33	* update-game-score.c: Include <limits.h>
		34	(get_user_id): Do not assume uid fits in 'int'. Simplify.
		35
1	2011-07-28 Paul Eggert <eggert@cs.ucla.edu>	36	2011-07-28 Paul Eggert <eggert@cs.ucla.edu>
2		37
3	Assume freestanding C89 headers, string.h, stdlib.h.	38	Assume freestanding C89 headers, string.h, stdlib.h.