emacs-diffs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Emacs-diffs] /srv/bzr/emacs/trunk r101089: Potential buffer overrun and

From: Jan D
Subject: [Emacs-diffs] /srv/bzr/emacs/trunk r101089: Potential buffer overrun and uninit variable fixed, bug 6855.
Date: Sun, 15 Aug 2010 10:13:02 +0200
User-agent: Bazaar (2.0.3) 
------------------------------------------------------------
revno: 101089
committer: Jan D <address@hidden>
branch nick: trunk
timestamp: Sun 2010-08-15 10:13:02 +0200
message:
  Potential buffer overrun and uninit variable fixed, bug 6855.
  
  * keyboard.c (parse_tool_bar_item): malloc buf.  Set TOOL_BAR_ITEM_LABEL
  to empty string if not set to new_lbl (Bug#6855).
modified:
  src/ChangeLog
  src/keyboard.c

=== modified file 'src/ChangeLog'
--- a/src/ChangeLog     2010-08-14 12:55:04 +0000
+++ b/src/ChangeLog     2010-08-15 08:13:02 +0000
@@ -1,3 +1,8 @@
+2010-08-15  Jan Djärv  <address@hidden>
+
+       * keyboard.c (parse_tool_bar_item): malloc buf.  Set TOOL_BAR_ITEM_LABEL
+       to empty string if not set to new_lbl (Bug#6855).
+
 2010-08-14  Eli Zaretskii  <address@hidden>
 
        * xterm.c (x_draw_stretch_glyph_string):

=== modified file 'src/keyboard.c'
--- a/src/keyboard.c    2010-08-14 07:35:24 +0000
+++ b/src/keyboard.c    2010-08-15 08:13:02 +0000
@@ -8328,14 +8328,14 @@
       Lisp_Object capt = PROP (TOOL_BAR_ITEM_CAPTION);
       const char *label = SYMBOLP (key) ? (char *) SDATA (SYMBOL_NAME (key)) : 
"";
       const char *caption = STRINGP (capt) ? (char *) SDATA (capt) : "";
-      char buf[64];
       EMACS_INT max_lbl = 2*tool_bar_max_label_size;
+      char *buf = (char *) xmalloc (max_lbl+1);
       Lisp_Object new_lbl;
 
       if (strlen (caption) < max_lbl && caption[0] != '\0')
         {
           strcpy (buf, caption);
-          while (buf[0] != '\0' &&  buf[strlen (buf) -1] == '.')
+          while (buf[0] != '\0' && buf[strlen (buf) -1] == '.')
             buf[strlen (buf)-1] = '\0';
           if (strlen (buf) <= max_lbl)
             caption = buf;
@@ -8361,6 +8361,9 @@
       new_lbl = Fupcase_initials (make_string (label, strlen (label)));
       if (SCHARS (new_lbl) <= tool_bar_max_label_size)
         PROP (TOOL_BAR_ITEM_LABEL) = new_lbl;
+      else
+        PROP (TOOL_BAR_ITEM_LABEL) = make_string ("", 0);
+      free (buf);
     }
 
   /* If got a filter apply it on binding.  */
reply via email to
[Prev in Thread] Current Thread [Next in Thread]