[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] /srv/bzr/emacs/emacs-24 r110850: Fix bug #12867 with crash
|
From: |
Eli Zaretskii |
|
Subject: |
[Emacs-diffs] /srv/bzr/emacs/emacs-24 r110850: Fix bug #12867 with crashes due to large field width in mode-line format. |
|
Date: |
Mon, 12 Nov 2012 17:25:34 +0200 |
|
User-agent: |
Bazaar (2.5.0) |
------------------------------------------------------------
revno: 110850
fixes bug: http://debbugs.gnu.org/12867
committer: Eli Zaretskii <address@hidden>
branch nick: emacs-24
timestamp: Mon 2012-11-12 17:25:34 +0200
message:
Fix bug #12867 with crashes due to large field width in mode-line format.
src/xdisp.c (decode_mode_spec): Limit the value of WIDTH argument
passed to pint2str and pint2hrstr to be at most the size of the
frame's decode_mode_spec_buffer. This avoids crashes with very
large values of FIELD_WIDTH argument to decode_mode_spec.
modified:
src/ChangeLog
src/xdisp.c
=== modified file 'src/ChangeLog'
--- a/src/ChangeLog 2012-11-07 09:41:52 +0000
+++ b/src/ChangeLog 2012-11-12 15:25:34 +0000
@@ -1,3 +1,11 @@
+2012-11-12 Eli Zaretskii <address@hidden>
+
+ * xdisp.c (decode_mode_spec): Limit the value of WIDTH argument
+ passed to pint2str and pint2hrstr to be at most the size of the
+ frame's decode_mode_spec_buffer. This avoids crashes with very
+ large values of FIELD_WIDTH argument to decode_mode_spec.
+ (Bug#12867)
+
2012-11-07 Martin Rudalics <address@hidden>
* window.c (Fsplit_window_internal): Set combination limit of
=== modified file 'src/xdisp.c'
--- a/src/xdisp.c 2012-11-06 16:36:02 +0000
+++ b/src/xdisp.c 2012-11-12 15:25:34 +0000
@@ -21380,6 +21380,12 @@
Lisp_Object obj;
struct frame *f = XFRAME (WINDOW_FRAME (w));
char *decode_mode_spec_buf = f->decode_mode_spec_buffer;
+ /* We are going to use f->decode_mode_spec_buffer as the buffer to
+ produce strings from numerical values, so limit preposterously
+ large values of FIELD_WIDTH to avoid overrunning the buffer's
+ end. The size of the buffer is enough for FRAME_MESSAGE_BUF_SIZE
+ bytes plus the terminating null. */
+ int width = min (field_width, FRAME_MESSAGE_BUF_SIZE (f));
struct buffer *b = current_buffer;
obj = Qnil;
@@ -21475,7 +21481,7 @@
{
ptrdiff_t col = current_column ();
wset_column_number_displayed (w, make_number (col));
- pint2str (decode_mode_spec_buf, field_width, col);
+ pint2str (decode_mode_spec_buf, width, col);
return decode_mode_spec_buf;
}
@@ -21506,14 +21512,14 @@
case 'i':
{
ptrdiff_t size = ZV - BEGV;
- pint2str (decode_mode_spec_buf, field_width, size);
+ pint2str (decode_mode_spec_buf, width, size);
return decode_mode_spec_buf;
}
case 'I':
{
ptrdiff_t size = ZV - BEGV;
- pint2hrstr (decode_mode_spec_buf, field_width, size);
+ pint2hrstr (decode_mode_spec_buf, width, size);
return decode_mode_spec_buf;
}
@@ -21620,12 +21626,12 @@
line_number_displayed = 1;
/* Make the string to show. */
- pint2str (decode_mode_spec_buf, field_width, topline + nlines);
+ pint2str (decode_mode_spec_buf, width, topline + nlines);
return decode_mode_spec_buf;
no_value:
{
char* p = decode_mode_spec_buf;
- int pad = field_width - 2;
+ int pad = width - 2;
while (pad-- > 0)
*p++ = ' ';
*p++ = '?';
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] /srv/bzr/emacs/emacs-24 r110850: Fix bug #12867 with crashes due to large field width in mode-line format.,
Eli Zaretskii <=