diff options
| author | Eli Zaretskii | 2012-04-01 19:55:30 +0300 |
|---|---|---|
| committer | Eli Zaretskii | 2012-04-01 19:55:30 +0300 |
| commit | 8bc53d00e3a4ffff5220adf51b269468fce8c931 (patch) | |
| tree | ebf21ff507f385094af2e5f8c9b0b730ec8cad90 /src | |
| parent | 3b0512a3d5c5ef30308bc466d914c4282153d453 (diff) | |
| download | emacs-8bc53d00e3a4ffff5220adf51b269468fce8c931.tar.gz emacs-8bc53d00e3a4ffff5220adf51b269468fce8c931.zip | |
Fix unsafe use of alloca reported in bug #11138.
src/w32menu.c (simple_dialog_show, add_menu_item): Use SAFE_ALLOCA
instead of alloca.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ChangeLog | 5 | ||||
| -rw-r--r-- | src/w32menu.c | 13 |
2 files changed, 14 insertions, 4 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index ee54c48cd94..ea80129ff16 100644 --- a/src/ChangeLog +++ b/src/ChangeLog | |||
| @@ -1,3 +1,8 @@ | |||
| 1 | 2012-04-01 Eli Zaretskii <eliz@gnu.org> | ||
| 2 | |||
| 3 | * w32menu.c (simple_dialog_show, add_menu_item): Use SAFE_ALLOCA | ||
| 4 | instead of alloca. (Bug#11138) | ||
| 5 | |||
| 1 | 2012-04-01 Andreas Schwab <schwab@linux-m68k.org> | 6 | 2012-04-01 Andreas Schwab <schwab@linux-m68k.org> |
| 2 | 7 | ||
| 3 | * w32menu.c (is_simple_dialog): Properly check lisp types. | 8 | * w32menu.c (is_simple_dialog): Properly check lisp types. |
diff --git a/src/w32menu.c b/src/w32menu.c index b25edf0f269..9091cb81627 100644 --- a/src/w32menu.c +++ b/src/w32menu.c | |||
| @@ -1231,6 +1231,7 @@ simple_dialog_show (FRAME_PTR f, Lisp_Object contents, Lisp_Object header) | |||
| 1231 | if (unicode_message_box) | 1231 | if (unicode_message_box) |
| 1232 | { | 1232 | { |
| 1233 | WCHAR *text, *title; | 1233 | WCHAR *text, *title; |
| 1234 | USE_SAFE_ALLOCA; | ||
| 1234 | 1235 | ||
| 1235 | if (STRINGP (temp)) | 1236 | if (STRINGP (temp)) |
| 1236 | { | 1237 | { |
| @@ -1240,7 +1241,7 @@ simple_dialog_show (FRAME_PTR f, Lisp_Object contents, Lisp_Object header) | |||
| 1240 | one utf16 word, so we cannot simply use the character | 1241 | one utf16 word, so we cannot simply use the character |
| 1241 | length of temp. */ | 1242 | length of temp. */ |
| 1242 | int utf8_len = strlen (utf8_text); | 1243 | int utf8_len = strlen (utf8_text); |
| 1243 | text = alloca ((utf8_len + 1) * sizeof (WCHAR)); | 1244 | SAFE_ALLOCA (text, WCHAR *, (utf8_len + 1) * sizeof (WCHAR)); |
| 1244 | utf8to16 (utf8_text, utf8_len, text); | 1245 | utf8to16 (utf8_text, utf8_len, text); |
| 1245 | } | 1246 | } |
| 1246 | else | 1247 | else |
| @@ -1260,6 +1261,7 @@ simple_dialog_show (FRAME_PTR f, Lisp_Object contents, Lisp_Object header) | |||
| 1260 | } | 1261 | } |
| 1261 | 1262 | ||
| 1262 | answer = unicode_message_box (FRAME_W32_WINDOW (f), text, title, type); | 1263 | answer = unicode_message_box (FRAME_W32_WINDOW (f), text, title, type); |
| 1264 | SAFE_FREE (); | ||
| 1263 | } | 1265 | } |
| 1264 | else | 1266 | else |
| 1265 | { | 1267 | { |
| @@ -1366,6 +1368,7 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item) | |||
| 1366 | char *out_string, *p, *q; | 1368 | char *out_string, *p, *q; |
| 1367 | int return_value; | 1369 | int return_value; |
| 1368 | size_t nlen, orig_len; | 1370 | size_t nlen, orig_len; |
| 1371 | USE_SAFE_ALLOCA; | ||
| 1369 | 1372 | ||
| 1370 | if (menu_separator_name_p (wv->name)) | 1373 | if (menu_separator_name_p (wv->name)) |
| 1371 | { | 1374 | { |
| @@ -1381,7 +1384,8 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item) | |||
| 1381 | 1384 | ||
| 1382 | if (wv->key != NULL) | 1385 | if (wv->key != NULL) |
| 1383 | { | 1386 | { |
| 1384 | out_string = alloca (strlen (wv->name) + strlen (wv->key) + 2); | 1387 | SAFE_ALLOCA (out_string, char *, |
| 1388 | strlen (wv->name) + strlen (wv->key) + 2); | ||
| 1385 | strcpy (out_string, wv->name); | 1389 | strcpy (out_string, wv->name); |
| 1386 | strcat (out_string, "\t"); | 1390 | strcat (out_string, "\t"); |
| 1387 | strcat (out_string, wv->key); | 1391 | strcat (out_string, wv->key); |
| @@ -1415,7 +1419,7 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item) | |||
| 1415 | if (nlen > orig_len) | 1419 | if (nlen > orig_len) |
| 1416 | { | 1420 | { |
| 1417 | p = out_string; | 1421 | p = out_string; |
| 1418 | out_string = alloca (nlen + 1); | 1422 | SAFE_ALLOCA (out_string, char *, nlen + 1); |
| 1419 | q = out_string; | 1423 | q = out_string; |
| 1420 | while (*p) | 1424 | while (*p) |
| 1421 | { | 1425 | { |
| @@ -1475,7 +1479,7 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item) | |||
| 1475 | if (fuFlags & MF_OWNERDRAW) | 1479 | if (fuFlags & MF_OWNERDRAW) |
| 1476 | utf16_string = local_alloc ((utf8_len + 1) * sizeof (WCHAR)); | 1480 | utf16_string = local_alloc ((utf8_len + 1) * sizeof (WCHAR)); |
| 1477 | else | 1481 | else |
| 1478 | utf16_string = alloca ((utf8_len + 1) * sizeof (WCHAR)); | 1482 | SAFE_ALLOCA (utf16_string, WCHAR *, (utf8_len + 1) * sizeof (WCHAR)); |
| 1479 | 1483 | ||
| 1480 | utf8to16 (out_string, utf8_len, utf16_string); | 1484 | utf8to16 (out_string, utf8_len, utf16_string); |
| 1481 | return_value = unicode_append_menu (menu, fuFlags, | 1485 | return_value = unicode_append_menu (menu, fuFlags, |
| @@ -1544,6 +1548,7 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item) | |||
| 1544 | FALSE, &info); | 1548 | FALSE, &info); |
| 1545 | } | 1549 | } |
| 1546 | } | 1550 | } |
| 1551 | SAFE_FREE (); | ||
| 1547 | return return_value; | 1552 | return return_value; |
| 1548 | } | 1553 | } |
| 1549 | 1554 | ||