From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 29 Aug 2011 16:48:19 +0000 (-0700)
Subject: * filelock.c (lock_file_1, lock_file): Don't blindly alloca long name;
X-Git-Tag: emacs-pretest-24.0.90~104^2~153^2~1^2~28
X-Git-Url: https://code.delx.au/gnu-emacs/commitdiff_plain/b5cd19054673bfa46a4f0d1ac3905deeafcf94ff

* filelock.c (lock_file_1, lock_file): Don't blindly alloca long name;

use SAFE_ALLOCA instead.  Use esprintf to avoid int-overflow issues.
---

diff --git a/src/ChangeLog b/src/ChangeLog
index bf7d8b9f36..4624e5fc30 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -36,6 +36,9 @@
 	* eval.c (verror): Simplify by rewriting in terms of evxprintf,
 	which has the guts of the old verror function.
 
+	* filelock.c (lock_file_1, lock_file): Don't blindly alloca long name;
+	use SAFE_ALLOCA instead.  Use esprintf to avoid int-overflow issues.
+
 2011-08-26  Paul Eggert  <eggert@cs.ucla.edu>
 
 	Integer and memory overflow issues (Bug#9196).
diff --git a/src/filelock.c b/src/filelock.c
index c28ee7837f..7235c862ef 100644
--- a/src/filelock.c
+++ b/src/filelock.c
@@ -341,6 +341,9 @@ lock_file_1 (char *lfname, int force)
   const char *user_name;
   const char *host_name;
   char *lock_info_str;
+  ptrdiff_t lock_info_size;
+  int symlink_errno;
+  USE_SAFE_ALLOCA;
 
   /* Call this first because it can GC.  */
   boot = get_boot_time ();
@@ -353,17 +356,14 @@ lock_file_1 (char *lfname, int force)
     host_name = SSDATA (Fsystem_name ());
   else
     host_name = "";
-  lock_info_str = (char *)alloca (strlen (user_name) + strlen (host_name)
-				  + 2 * INT_STRLEN_BOUND (printmax_t)
-				  + sizeof "@.:");
+  lock_info_size = (strlen (user_name) + strlen (host_name)
+		    + 2 * INT_STRLEN_BOUND (printmax_t)
+		    + sizeof "@.:");
+  SAFE_ALLOCA (lock_info_str, char *, lock_info_size);
   pid = getpid ();
 
-  if (boot)
-    sprintf (lock_info_str, "%s@%s.%"pMd":%"pMd,
-	     user_name, host_name, pid, boot);
-  else
-    sprintf (lock_info_str, "%s@%s.%"pMd,
-	     user_name, host_name, pid);
+  esprintf (lock_info_str, boot ? "%s@%s.%"pMd":%"pMd : "%s@%s.%"pMd,
+	    user_name, host_name, pid, boot);
 
   err = symlink (lock_info_str, lfname);
   if (errno == EEXIST && force)
@@ -372,6 +372,9 @@ lock_file_1 (char *lfname, int force)
       err = symlink (lock_info_str, lfname);
     }
 
+  symlink_errno = errno;
+  SAFE_FREE ();
+  errno = symlink_errno;
   return err == 0;
 }
 
@@ -541,9 +544,11 @@ lock_file (Lisp_Object fn)
 {
   register Lisp_Object attack, orig_fn, encoded_fn;
   register char *lfname, *locker;
+  ptrdiff_t locker_size;
   lock_info_type lock_info;
   printmax_t pid;
   struct gcpro gcpro1;
+  USE_SAFE_ALLOCA;
 
   /* Don't do locking while dumping Emacs.
      Uncompressing wtmp files uses call-process, which does not work
@@ -580,15 +585,17 @@ lock_file (Lisp_Object fn)
     return;
 
   /* Else consider breaking the lock */
-  locker = (char *) alloca (strlen (lock_info.user) + strlen (lock_info.host)
-			    + INT_STRLEN_BOUND (printmax_t)
-			    + sizeof "@ (pid )");
+  locker_size = (strlen (lock_info.user) + strlen (lock_info.host)
+		 + INT_STRLEN_BOUND (printmax_t)
+		 + sizeof "@ (pid )");
+  SAFE_ALLOCA (locker, char *, locker_size);
   pid = lock_info.pid;
-  sprintf (locker, "%s@%s (pid %"pMd")",
-	   lock_info.user, lock_info.host, pid);
+  esprintf (locker, "%s@%s (pid %"pMd")",
+	    lock_info.user, lock_info.host, pid);
   FREE_LOCK_INFO (lock_info);
 
   attack = call2 (intern ("ask-user-about-lock"), fn, build_string (locker));
+  SAFE_FREE ();
   if (!NILP (attack))
     /* User says take the lock */
     {