Mercurial > emacs
changeset 109790:c34b730eb583
Potential buffer overrun and uninit variable fixed, bug 6855.
* keyboard.c (parse_tool_bar_item): malloc buf. Set TOOL_BAR_ITEM_LABEL
to empty string if not set to new_lbl (Bug#6855).
| author | Jan D <jan.h.d@swipnet.se> |
|---|---|
| date | Sun, 15 Aug 2010 10:13:02 +0200 |
| parents | 6994dcd2f3fa |
| children | af075a74e694 |
| files | src/ChangeLog src/keyboard.c |
| diffstat | 2 files changed, 10 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/ChangeLog Sat Aug 14 20:04:53 2010 -0400 +++ b/src/ChangeLog Sun Aug 15 10:13:02 2010 +0200 @@ -1,3 +1,8 @@ +2010-08-15 Jan Djärv <jan.h.d@swipnet.se> + + * keyboard.c (parse_tool_bar_item): malloc buf. Set TOOL_BAR_ITEM_LABEL + to empty string if not set to new_lbl (Bug#6855). + 2010-08-14 Eli Zaretskii <eliz@gnu.org> * xterm.c (x_draw_stretch_glyph_string):
--- a/src/keyboard.c Sat Aug 14 20:04:53 2010 -0400 +++ b/src/keyboard.c Sun Aug 15 10:13:02 2010 +0200 @@ -8328,14 +8328,14 @@ Lisp_Object capt = PROP (TOOL_BAR_ITEM_CAPTION); const char *label = SYMBOLP (key) ? (char *) SDATA (SYMBOL_NAME (key)) : ""; const char *caption = STRINGP (capt) ? (char *) SDATA (capt) : ""; - char buf[64]; EMACS_INT max_lbl = 2*tool_bar_max_label_size; + char *buf = (char *) xmalloc (max_lbl+1); Lisp_Object new_lbl; if (strlen (caption) < max_lbl && caption[0] != '\0') { strcpy (buf, caption); - while (buf[0] != '\0' && buf[strlen (buf) -1] == '.') + while (buf[0] != '\0' && buf[strlen (buf) -1] == '.') buf[strlen (buf)-1] = '\0'; if (strlen (buf) <= max_lbl) caption = buf; @@ -8361,6 +8361,9 @@ new_lbl = Fupcase_initials (make_string (label, strlen (label))); if (SCHARS (new_lbl) <= tool_bar_max_label_size) PROP (TOOL_BAR_ITEM_LABEL) = new_lbl; + else + PROP (TOOL_BAR_ITEM_LABEL) = make_string ("", 0); + free (buf); } /* If got a filter apply it on binding. */