[COMMIT] Incorporate Fabrice's fix of my buffer overrun bug
APPROVE COMMIT
NOTE: This patch has been committed.
src/ChangeLog addition:
2006-05-21 Aidan Kehoe <kehoea(a)parhasard.net>
* doc.c (extract_object_file_name):
* doc.c (unparesseuxify_doc_string):
Leave sufficient space for the '\0' sentinel when reading into the
buffer. The bug in unparesseuxify_doc_string had been there for
ten years at least, but it was Fabrice Popineau's investigation of
the code on the same model in extract_object_file_name that
provoked its discovery. Thank you Fabrice!
XEmacs Trunk source patch:
Diff command: cvs -q diff -u
Files affected: src/doc.c
Index: src/doc.c
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/src/doc.c,v
retrieving revision 1.37
diff -u -u -r1.37 doc.c
--- src/doc.c 2006/05/07 14:20:36 1.37
+++ src/doc.c 2006/05/21 18:30:25
@@ -49,7 +49,7 @@
{
Ibyte buf[DOC_MAX_FILENAME_LENGTH+1];
Ibyte *buffer = buf;
- int buffer_size = sizeof (buf), space_left;
+ int buffer_size = sizeof (buf) - 1, space_left;
Ibyte *from, *to;
REGISTER Ibyte *p = buffer;
Lisp_Object return_me;
@@ -59,8 +59,8 @@
GCPRO2 (fdstream, instream);
- position = doc_pos > DOC_MAX_FILENAME_LENGTH ?
- doc_pos - DOC_MAX_FILENAME_LENGTH : 0;
+ position = doc_pos > buffer_size ?
+ doc_pos - buffer_size : 0;
if (0 > lseek (fd, position, 0))
{
@@ -168,7 +168,7 @@
{
Ibyte buf[512 * 32 + 1];
Ibyte *buffer = buf;
- int buffer_size = sizeof (buf);
+ int buffer_size = sizeof (buf) - 1;
Ibyte *from, *to;
REGISTER Ibyte *p = buffer;
Lisp_Object return_me;
@@ -215,13 +215,15 @@
if (space_left == 0)
{
Ibyte *old_buffer = buffer;
+ buffer_size *= 2;
+
if (buffer == buf)
{
- buffer = xnew_ibytes (buffer_size *= 2);
+ buffer = xnew_ibytes (buffer_size + 1);
memcpy (buffer, old_buffer, p - old_buffer);
}
else
- XREALLOC_ARRAY (buffer, Ibyte, buffer_size *= 2);
+ XREALLOC_ARRAY (buffer, Ibyte, buffer_size + 1);
p += buffer - old_buffer;
space_left = buffer_size - (p - buffer);
}
--
Aidan Kehoe, http://www.parhasard.net/