# HG changeset patch
# User Chong Yidong <cyd@stupidchicken.com>
# Date 1138127725 0
# Node ID 3422c551ad06e21b47f7291306216d4ff2cc8494
# Parent  94d20d05817b132c38abd19e54df391f2bfcffa6
	* alloc.c (allocate_string_data): Update next_free immediately, to
	reduce risk of memory clobberage.

diff -r 94d20d05817b -r 3422c551ad06 src/ChangeLog
--- a/src/ChangeLog	Tue Jan 24 17:14:16 2006 +0000
+++ b/src/ChangeLog	Tue Jan 24 18:35:25 2006 +0000
@@ -1,3 +1,8 @@
+2006-01-24  Chong Yidong  <cyd@stupidchicken.com>
+
+	* alloc.c (allocate_string_data): Update next_free immediately, to
+	reduce risk of memory clobberage.
+
 2006-01-24  L$,1 q(Brentey K,Aa(Broly  <lorentey@elte.hu>
 
 	* xdisp.c (handle_invisible_prop): Set it->position to fix cursor
diff -r 94d20d05817b -r 3422c551ad06 src/alloc.c
--- a/src/alloc.c	Tue Jan 24 17:14:16 2006 +0000
+++ b/src/alloc.c	Tue Jan 24 18:35:25 2006 +0000
@@ -1978,6 +1978,8 @@
   old_nbytes = GC_STRING_BYTES (s);
 
   data = b->next_free;
+  b->next_free = (struct sdata *) ((char *) data + needed + GC_STRING_EXTRA);
+
   data->string = s;
   s->data = SDATA_DATA (data);
 #ifdef GC_CHECK_STRING_BYTES
@@ -1990,7 +1992,6 @@
   bcopy (string_overrun_cookie, (char *) data + needed,
 	 GC_STRING_OVERRUN_COOKIE_SIZE);
 #endif
-  b->next_free = (struct sdata *) ((char *) data + needed + GC_STRING_EXTRA);
 
   /* If S had already data assigned, mark that as free by setting its
      string back-pointer to null, and recording the size of the data