[Emacs-diffs] /srv/bzr/emacs/trunk r104934: * editfns.c (Fformat_time_string): Don't assume strlen fits in int.

[Paul Eggert]

------------------------------------------------------------
revno: 104934
committer: Paul Eggert <address@hidden>
branch nick: trunk
timestamp: Mon 2011-07-04 00:44:38 -0700
message:
  * editfns.c (Fformat_time_string): Don't assume strlen fits in int.
  
  Report string overflow if the output is too long.
modified:
  src/ChangeLog
  src/editfns.c

=== modified file 'src/ChangeLog'
--- a/src/ChangeLog     2011-07-04 02:47:04 +0000
+++ b/src/ChangeLog     2011-07-04 07:44:38 +0000
@@ -1,3 +1,8 @@
+2011-07-04  Paul Eggert  <address@hidden>
+
+       * editfns.c (Fformat_time_string): Don't assume strlen fits in int.
+       Report string overflow if the output is too long.
+
 2011-07-04  Juanma Barranquero  <address@hidden>
 
        * gnutls.c (Fgnutls_boot): Don't mention :verify-error.

=== modified file 'src/editfns.c'
--- a/src/editfns.c     2011-07-03 13:02:43 +0000
+++ b/src/editfns.c     2011-07-04 07:44:38 +0000
@@ -1700,7 +1700,7 @@
   (Lisp_Object format_string, Lisp_Object timeval, Lisp_Object universal)
 {
   time_t value;
-  int size;
+  ptrdiff_t size;
   int usec;
   int ns;
   struct tm *tm;
@@ -1717,7 +1717,9 @@
                                                Vlocale_coding_system, 1);
 
   /* This is probably enough.  */
-  size = SBYTES (format_string) * 6 + 50;
+  size = SBYTES (format_string);
+  if (size <= (STRING_BYTES_BOUND - 50) / 6)
+    size = size * 6 + 50;
 
   BLOCK_INPUT;
   tm = ut ? gmtime (&value) : localtime (&value);
@@ -1730,7 +1732,7 @@
   while (1)
     {
       char *buf = (char *) alloca (size + 1);
-      int result;
+      size_t result;
 
       buf[0] = '\1';
       BLOCK_INPUT;
@@ -1749,6 +1751,8 @@
                                SBYTES (format_string),
                                tm, ut, ns);
       UNBLOCK_INPUT;
+      if (STRING_BYTES_BOUND <= result)
+       string_overflow ();
       size = result + 1;
     }
 }