* lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA.

Use esprintf, not sprintf, in case result does not fit in int.
author: Paul Eggert 2011-08-29 11:55:58 -0700
committer: Paul Eggert 2011-08-29 11:55:58 -0700
commit: 0df02bf3e941de4c20a7174e8233357eeca738d5 (patch)
tree: 39ded4214d66e857de74906d650f1b57b493dce7 /src
parent: 84722b3d573a4ad663f84ed44e212743970a0daf (diff)
download: emacs-0df02bf3e941de4c20a7174e8233357eeca738d5.tar.gz
emacs-0df02bf3e941de4c20a7174e8233357eeca738d5.zip
2 files changed, 14 insertions, 5 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index adf9bb244b8..ac83d07cba5 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -65,6 +65,9 @@
        * gtkutil.c (xg_check_special_colors, xg_set_geometry):
        Make sprintf buffers a bit bigger, to avoid potential buffer overrun.
+        * lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA.
+        Use esprintf, not sprintf, in case result does not fit in int.
 2011-08-26  Paul Eggert  <eggert@cs.ucla.edu>
        Integer and memory overflow issues (Bug#9196).
diff --git a/src/lread.c b/src/lread.c
index d24da729df6..ec65e881b0e 100644
--- a/src/lread.c
+++ b/src/lread.c
@@ -4295,14 +4295,20 @@ init_lread (void)
 void
 dir_warning (const char *format, Lisp_Object dirname)
 {
-  char *buffer
-    = (char *) alloca (SCHARS (dirname) + strlen (format) + 5);
  fprintf (stderr, format, SDATA (dirname));
-  sprintf (buffer, format, SDATA (dirname));
  /* Don't log the warning before we've initialized!! */
  if (initialized)
-    message_dolog (buffer, strlen (buffer), 0, STRING_MULTIBYTE (dirname));
+    {
+      char *buffer;
+      ptrdiff_t message_len;
+      USE_SAFE_ALLOCA;
+      SAFE_ALLOCA (buffer, char *,
+                   SBYTES (dirname) + strlen (format) - (sizeof "%s" - 1) + 1);
+      message_len = esprintf (buffer, format, SDATA (dirname));
+      message_dolog (buffer, message_len, 0, STRING_MULTIBYTE (dirname));
+      SAFE_FREE ();
+    }
 }
 void
author	Paul Eggert	2011-08-29 11:55:58 -0700
committer	Paul Eggert	2011-08-29 11:55:58 -0700
commit	0df02bf3e941de4c20a7174e8233357eeca738d5 (patch)
tree	39ded4214d66e857de74906d650f1b57b493dce7 /src
parent	84722b3d573a4ad663f84ed44e212743970a0daf (diff)
download	emacs-0df02bf3e941de4c20a7174e8233357eeca738d5.tar.gz emacs-0df02bf3e941de4c20a7174e8233357eeca738d5.zip

diff --git a/src/ChangeLog b/src/ChangeLog index adf9bb244b8..ac83d07cba5 100644 --- a/src/ChangeLog +++ b/src/ChangeLog
@@ -65,6 +65,9 @@
65	* gtkutil.c (xg_check_special_colors, xg_set_geometry):	65	* gtkutil.c (xg_check_special_colors, xg_set_geometry):
66	Make sprintf buffers a bit bigger, to avoid potential buffer overrun.	66	Make sprintf buffers a bit bigger, to avoid potential buffer overrun.
67		67
		68	* lread.c (dir_warning): Don't blindly alloca buffer; use SAFE_ALLOCA.
		69	Use esprintf, not sprintf, in case result does not fit in int.
		70
68	2011-08-26 Paul Eggert <eggert@cs.ucla.edu>	71	2011-08-26 Paul Eggert <eggert@cs.ucla.edu>
69		72
70	Integer and memory overflow issues (Bug#9196).	73	Integer and memory overflow issues (Bug#9196).


diff --git a/src/lread.c b/src/lread.c index d24da729df6..ec65e881b0e 100644 --- a/src/lread.c +++ b/src/lread.c
@@ -4295,14 +4295,20 @@ init_lread (void)
4295	void	4295	void
4296	dir_warning (const char *format, Lisp_Object dirname)	4296	dir_warning (const char *format, Lisp_Object dirname)
4297	{	4297	{
4298	char *buffer
4299	= (char *) alloca (SCHARS (dirname) + strlen (format) + 5);
4300
4301	fprintf (stderr, format, SDATA (dirname));	4298	fprintf (stderr, format, SDATA (dirname));
4302	sprintf (buffer, format, SDATA (dirname));	4299
4303	/* Don't log the warning before we've initialized!! */	4300	/* Don't log the warning before we've initialized!! */
4304	if (initialized)	4301	if (initialized)
4305	message_dolog (buffer, strlen (buffer), 0, STRING_MULTIBYTE (dirname));	4302	{
		4303	char *buffer;
		4304	ptrdiff_t message_len;
		4305	USE_SAFE_ALLOCA;
		4306	SAFE_ALLOCA (buffer, char *,
		4307	SBYTES (dirname) + strlen (format) - (sizeof "%s" - 1) + 1);
		4308	message_len = esprintf (buffer, format, SDATA (dirname));
		4309	message_dolog (buffer, message_len, 0, STRING_MULTIBYTE (dirname));
		4310	SAFE_FREE ();
		4311	}
4306	}	4312	}
4307		4313
4308	void	4314	void