* filelock.c (lock_file_1, lock_file): Don't blindly alloca long name;

use SAFE_ALLOCA instead. Use esprintf to avoid int-overflow issues.
author: Paul Eggert 2011-08-29 09:48:19 -0700
committer: Paul Eggert 2011-08-29 09:48:19 -0700
commit: b5cd19054673bfa46a4f0d1ac3905deeafcf94ff (patch)
tree: 07ab94434229efd114cdc57848cfc29c907cdcdd /src/filelock.c
parent: d749b01b0c7daff6427373b787e56d06e6f4d223 (diff)
download: emacs-b5cd19054673bfa46a4f0d1ac3905deeafcf94ff.tar.gz
emacs-b5cd19054673bfa46a4f0d1ac3905deeafcf94ff.zip
1 files changed, 21 insertions, 14 deletions
diff --git a/src/filelock.c b/src/filelock.c
index c28ee7837fa..7235c862ef0 100644
--- a/src/filelock.c
+++ b/src/filelock.c
@@ -341,6 +341,9 @@ lock_file_1 (char *lfname, int force)
  const char *user_name;
  const char *host_name;
  char *lock_info_str;
+  ptrdiff_t lock_info_size;
+  int symlink_errno;
+  USE_SAFE_ALLOCA;
  /* Call this first because it can GC.  */
  boot = get_boot_time ();
@@ -353,17 +356,14 @@ lock_file_1 (char *lfname, int force)
    host_name = SSDATA (Fsystem_name ());
  else
    host_name = "";
-  lock_info_str = (char *)alloca (strlen (user_name) + strlen (host_name)
+  lock_info_size = (strlen (user_name) + strlen (host_name)
-                                  + 2 * INT_STRLEN_BOUND (printmax_t)
+                    + 2 * INT_STRLEN_BOUND (printmax_t)
-                                  + sizeof "@.:");
+                    + sizeof "@.:");
+  SAFE_ALLOCA (lock_info_str, char *, lock_info_size);
  pid = getpid ();
-  if (boot)
+  esprintf (lock_info_str, boot ? "%s@%s.%"pMd":%"pMd : "%s@%s.%"pMd,
-    sprintf (lock_info_str, "%s@%s.%"pMd":%"pMd,
+            user_name, host_name, pid, boot);
-             user_name, host_name, pid, boot);
-  else
-    sprintf (lock_info_str, "%s@%s.%"pMd,
-             user_name, host_name, pid);
  err = symlink (lock_info_str, lfname);
  if (errno == EEXIST && force)
@@ -372,6 +372,9 @@ lock_file_1 (char *lfname, int force)
      err = symlink (lock_info_str, lfname);
    }
+  symlink_errno = errno;
+  SAFE_FREE ();
+  errno = symlink_errno;
  return err == 0;
 }
@@ -541,9 +544,11 @@ lock_file (Lisp_Object fn)
 {
  register Lisp_Object attack, orig_fn, encoded_fn;
  register char *lfname, *locker;
+  ptrdiff_t locker_size;
  lock_info_type lock_info;
  printmax_t pid;
  struct gcpro gcpro1;
+  USE_SAFE_ALLOCA;
  /* Don't do locking while dumping Emacs.
     Uncompressing wtmp files uses call-process, which does not work
@@ -580,15 +585,17 @@ lock_file (Lisp_Object fn)
    return;
  /* Else consider breaking the lock */
-  locker = (char *) alloca (strlen (lock_info.user) + strlen (lock_info.host)
+  locker_size = (strlen (lock_info.user) + strlen (lock_info.host)
-                            + INT_STRLEN_BOUND (printmax_t)
+                 + INT_STRLEN_BOUND (printmax_t)
-                            + sizeof "@ (pid )");
+                 + sizeof "@ (pid )");
+  SAFE_ALLOCA (locker, char *, locker_size);
  pid = lock_info.pid;
-  sprintf (locker, "%s@%s (pid %"pMd")",
+  esprintf (locker, "%s@%s (pid %"pMd")",
-           lock_info.user, lock_info.host, pid);
+            lock_info.user, lock_info.host, pid);
  FREE_LOCK_INFO (lock_info);
  attack = call2 (intern ("ask-user-about-lock"), fn, build_string (locker));
+  SAFE_FREE ();
  if (!NILP (attack))
    /* User says take the lock */
    {
author	Paul Eggert	2011-08-29 09:48:19 -0700
committer	Paul Eggert	2011-08-29 09:48:19 -0700
commit	b5cd19054673bfa46a4f0d1ac3905deeafcf94ff (patch)
tree	07ab94434229efd114cdc57848cfc29c907cdcdd /src/filelock.c
parent	d749b01b0c7daff6427373b787e56d06e6f4d223 (diff)
download	emacs-b5cd19054673bfa46a4f0d1ac3905deeafcf94ff.tar.gz emacs-b5cd19054673bfa46a4f0d1ac3905deeafcf94ff.zip