aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorRichard M. Stallman1995-08-11 00:54:44 +0000
committerRichard M. Stallman1995-08-11 00:54:44 +0000
commit537dfb138242b79afb1d9f892061abb6bf259df8 (patch)
treec4019dc6d173cfa223c1fc0988283635f0c9c598 /src
parentdfb824e8d4b54bfb913a8c4c2080d8a2dec1dbcb (diff)
downloademacs-537dfb138242b79afb1d9f892061abb6bf259df8.tar.gz
emacs-537dfb138242b79afb1d9f892061abb6bf259df8.zip
(Fformat): Limit minlen to avoid stack overflow.
Diffstat (limited to 'src')
-rw-r--r--src/editfns.c21
1 files changed, 16 insertions, 5 deletions
diff --git a/src/editfns.c b/src/editfns.c
index 365d534c050..37f0e7e813f 100644
--- a/src/editfns.c
+++ b/src/editfns.c
@@ -1800,10 +1800,9 @@ Use %% to put a single % into the output.")
1800 1800
1801 /* Process a numeric arg and skip it. */ 1801 /* Process a numeric arg and skip it. */
1802 minlen = atoi (format); 1802 minlen = atoi (format);
1803 if (minlen > 0) 1803 if (minlen < 0)
1804 total += minlen; 1804 minlen = - minlen;
1805 else 1805
1806 total -= minlen;
1807 while ((*format >= '0' && *format <= '9') 1806 while ((*format >= '0' && *format <= '9')
1808 || *format == '-' || *format == ' ' || *format == '.') 1807 || *format == '-' || *format == ' ' || *format == '.')
1809 format++; 1808 format++;
@@ -1811,7 +1810,7 @@ Use %% to put a single % into the output.")
1811 if (*format == '%') 1810 if (*format == '%')
1812 format++; 1811 format++;
1813 else if (++n >= nargs) 1812 else if (++n >= nargs)
1814 error ("not enough arguments for format string"); 1813 error ("Not enough arguments for format string");
1815 else if (*format == 'S') 1814 else if (*format == 'S')
1816 { 1815 {
1817 /* For `S', prin1 the argument and then treat like a string. */ 1816 /* For `S', prin1 the argument and then treat like a string. */
@@ -1831,6 +1830,10 @@ Use %% to put a single % into the output.")
1831 if (*format != 's' && *format != 'S') 1830 if (*format != 's' && *format != 'S')
1832 error ("format specifier doesn't match argument type"); 1831 error ("format specifier doesn't match argument type");
1833 total += XSTRING (args[n])->size; 1832 total += XSTRING (args[n])->size;
1833 /* We have to put an arbitrary limit on minlen
1834 since otherwise it could make alloca fail. */
1835 if (minlen < XSTRING (args[n])->size + 1000)
1836 total += minlen;
1834 } 1837 }
1835 /* Would get MPV otherwise, since Lisp_Int's `point' to low memory. */ 1838 /* Would get MPV otherwise, since Lisp_Int's `point' to low memory. */
1836 else if (INTEGERP (args[n]) && *format != 's') 1839 else if (INTEGERP (args[n]) && *format != 's')
@@ -1844,6 +1847,10 @@ Use %% to put a single % into the output.")
1844 args[n] = Ffloat (args[n]); 1847 args[n] = Ffloat (args[n]);
1845#endif 1848#endif
1846 total += 30; 1849 total += 30;
1850 /* We have to put an arbitrary limit on minlen
1851 since otherwise it could make alloca fail. */
1852 if (minlen < 1000)
1853 total += minlen;
1847 } 1854 }
1848#ifdef LISP_FLOAT_TYPE 1855#ifdef LISP_FLOAT_TYPE
1849 else if (FLOATP (args[n]) && *format != 's') 1856 else if (FLOATP (args[n]) && *format != 's')
@@ -1851,6 +1858,10 @@ Use %% to put a single % into the output.")
1851 if (! (*format == 'e' || *format == 'f' || *format == 'g')) 1858 if (! (*format == 'e' || *format == 'f' || *format == 'g'))
1852 args[n] = Ftruncate (args[n]); 1859 args[n] = Ftruncate (args[n]);
1853 total += 30; 1860 total += 30;
1861 /* We have to put an arbitrary limit on minlen
1862 since otherwise it could make alloca fail. */
1863 if (minlen < 1000)
1864 total += minlen;
1854 } 1865 }
1855#endif 1866#endif
1856 else 1867 else
generated by cgit v1.2.1 (git 2.18.0) at 2026-01-21 10:59:38 +0000