Mercurial > emacs
changeset 108651:2e8869e152ed
Fix stack overflow in string creation (Bug#6214).
* character.c (Fstring, Funibyte_string): Use SAFE_ALLOCA to
prevent stack overflow if number of arguments is too large
(Bug#6214).
| author | Chong Yidong <cyd@stupidchicken.com> |
|---|---|
| date | Tue, 18 May 2010 14:05:43 -0400 |
| parents | c9e786f54683 (current diff) c3fda38a8b8b (diff) |
| children | 79ce86edba9f |
| files | src/ChangeLog |
| diffstat | 2 files changed, 26 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/src/ChangeLog Tue May 18 12:03:51 2010 -0400 +++ b/src/ChangeLog Tue May 18 14:05:43 2010 -0400 @@ -1,3 +1,9 @@ +2010-05-18 Chong Yidong <cyd@stupidchicken.com> + + * character.c (Fstring, Funibyte_string): Use SAFE_ALLOCA to + prevent stack overflow if number of arguments is too large + (Bug#6214). + 2010-05-18 Juanma Barranquero <lekktu@gmail.com> * charset.c (load_charset_map_from_file): Don't call close after fclose.
--- a/src/character.c Tue May 18 12:03:51 2010 -0400 +++ b/src/character.c Tue May 18 14:05:43 2010 -0400 @@ -961,10 +961,13 @@ int n; Lisp_Object *args; { - int i; - unsigned char *buf = (unsigned char *) alloca (MAX_MULTIBYTE_LENGTH * n); - unsigned char *p = buf; - int c; + int i, c; + unsigned char *buf, *p; + Lisp_Object str; + USE_SAFE_ALLOCA; + + SAFE_ALLOCA (buf, unsigned char *, MAX_MULTIBYTE_LENGTH * n); + p = buf; for (i = 0; i < n; i++) { @@ -973,7 +976,9 @@ p += CHAR_STRING (c, p); } - return make_string_from_bytes ((char *) buf, n, p - buf); + str = make_string_from_bytes ((char *) buf, n, p - buf); + SAFE_FREE (); + return str; } DEFUN ("unibyte-string", Funibyte_string, Sunibyte_string, 0, MANY, 0, @@ -983,10 +988,13 @@ int n; Lisp_Object *args; { - int i; - unsigned char *buf = (unsigned char *) alloca (n); - unsigned char *p = buf; - unsigned c; + int i, c; + unsigned char *buf, *p; + Lisp_Object str; + USE_SAFE_ALLOCA; + + SAFE_ALLOCA (buf, unsigned char *, n); + p = buf; for (i = 0; i < n; i++) { @@ -997,7 +1005,9 @@ *p++ = c; } - return make_string_from_bytes ((char *) buf, n, p - buf); + str = make_string_from_bytes ((char *) buf, n, p - buf); + SAFE_FREE (); + return str; } DEFUN ("char-resolve-modifiers", Fchar_resolve_modifiers,