[Emacs-diffs] /srv/bzr/emacs/trunk r100351: Fix stack overflow in string

emacs-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] /srv/bzr/emacs/trunk r100351: Fix stack overflow in string

From:	Chong Yidong
Subject:	[Emacs-diffs] /srv/bzr/emacs/trunk r100351: Fix stack overflow in string creation (Bug#6214).
Date:	Tue, 18 May 2010 14:05:43 -0400
User-agent:	Bazaar (2.0.3)

------------------------------------------------------------
revno: 100351 [merge]
committer: Chong Yidong <address@hidden>
branch nick: trunk
timestamp: Tue 2010-05-18 14:05:43 -0400
message:
  Fix stack overflow in string creation (Bug#6214).
  * character.c (Fstring, Funibyte_string): Use SAFE_ALLOCA to
  prevent stack overflow if number of arguments is too large
  (Bug#6214).
modified:
  src/ChangeLog
  src/character.c

=== modified file 'src/ChangeLog'
--- a/src/ChangeLog     2010-05-18 08:33:29 +0000
+++ b/src/ChangeLog     2010-05-18 18:05:43 +0000
@@ -1,3 +1,9 @@
+2010-05-18  Chong Yidong  <address@hidden>
+
+       * character.c (Fstring, Funibyte_string): Use SAFE_ALLOCA to
+       prevent stack overflow if number of arguments is too large
+       (Bug#6214).
+
 2010-05-18  Juanma Barranquero  <address@hidden>
 
        * charset.c (load_charset_map_from_file): Don't call close after fclose.

=== modified file 'src/character.c'
--- a/src/character.c   2010-03-02 04:44:28 +0000
+++ b/src/character.c   2010-05-18 18:01:10 +0000
@@ -961,10 +961,13 @@
      int n;
      Lisp_Object *args;
 {
-  int i;
-  unsigned char *buf = (unsigned char *) alloca (MAX_MULTIBYTE_LENGTH * n);
-  unsigned char *p = buf;
-  int c;
+  int i, c;
+  unsigned char *buf, *p;
+  Lisp_Object str;
+  USE_SAFE_ALLOCA;
+
+  SAFE_ALLOCA (buf, unsigned char *, MAX_MULTIBYTE_LENGTH * n);
+  p = buf;
 
   for (i = 0; i < n; i++)
     {
@@ -973,7 +976,9 @@
       p += CHAR_STRING (c, p);
     }
 
-  return make_string_from_bytes ((char *) buf, n, p - buf);
+  str = make_string_from_bytes ((char *) buf, n, p - buf);
+  SAFE_FREE ();
+  return str;
 }
 
 DEFUN ("unibyte-string", Funibyte_string, Sunibyte_string, 0, MANY, 0,
@@ -983,10 +988,13 @@
      int n;
      Lisp_Object *args;
 {
-  int i;
-  unsigned char *buf = (unsigned char *) alloca (n);
-  unsigned char *p = buf;
-  unsigned c;
+  int i, c;
+  unsigned char *buf, *p;
+  Lisp_Object str;
+  USE_SAFE_ALLOCA;
+
+  SAFE_ALLOCA (buf, unsigned char *, n);
+  p = buf;
 
   for (i = 0; i < n; i++)
     {
@@ -997,7 +1005,9 @@
       *p++ = c;
     }
 
-  return make_string_from_bytes ((char *) buf, n, p - buf);
+  str = make_string_from_bytes ((char *) buf, n, p - buf);
+  SAFE_FREE ();
+  return str;
 }
 
 DEFUN ("char-resolve-modifiers", Fchar_resolve_modifiers,

[Prev in Thread]

Current Thread

[Next in Thread]

[Emacs-diffs] /srv/bzr/emacs/trunk r100351: Fix stack overflow in string creation (Bug#6214)., Chong Yidong <=

Prev by Date: [Emacs-diffs] /srv/bzr/emacs/trunk r100350: Fix handling of non-associative equal levels.
Next by Date: [Emacs-diffs] /srv/bzr/emacs/emacs-23 r99807: * character.c (Fstring, Funibyte_string): Use SAFE_ALLOCA to
Previous by thread: [Emacs-diffs] /srv/bzr/emacs/trunk r100350: Fix handling of non-associative equal levels.
Next by thread: [Emacs-diffs] /srv/bzr/emacs/emacs-23 r99807: * character.c (Fstring, Funibyte_string): Use SAFE_ALLOCA to
Index(es):
- Date
- Thread