diff options
| author | Richard M. Stallman <rms@gnu.org> | 1995-08-11 00:54:44 +0000 |
|---|---|---|
| committer | Richard M. Stallman <rms@gnu.org> | 1995-08-11 00:54:44 +0000 |
| commit | 537dfb138242b79afb1d9f892061abb6bf259df8 (patch) | |
| tree | c4019dc6d173cfa223c1fc0988283635f0c9c598 /src/editfns.c | |
| parent | dfb824e8d4b54bfb913a8c4c2080d8a2dec1dbcb (diff) | |
| download | emacs-537dfb138242b79afb1d9f892061abb6bf259df8.tar.gz | |
(Fformat): Limit minlen to avoid stack overflow.
Diffstat (limited to 'src/editfns.c')
| -rw-r--r-- | src/editfns.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/src/editfns.c b/src/editfns.c index 365d534c050..37f0e7e813f 100644 --- a/src/editfns.c +++ b/src/editfns.c @@ -1800,10 +1800,9 @@ Use %% to put a single % into the output.") /* Process a numeric arg and skip it. */ minlen = atoi (format); - if (minlen > 0) - total += minlen; - else - total -= minlen; + if (minlen < 0) + minlen = - minlen; + while ((*format >= '0' && *format <= '9') || *format == '-' || *format == ' ' || *format == '.') format++; @@ -1811,7 +1810,7 @@ Use %% to put a single % into the output.") if (*format == '%') format++; else if (++n >= nargs) - error ("not enough arguments for format string"); + error ("Not enough arguments for format string"); else if (*format == 'S') { /* For `S', prin1 the argument and then treat like a string. */ @@ -1831,6 +1830,10 @@ Use %% to put a single % into the output.") if (*format != 's' && *format != 'S') error ("format specifier doesn't match argument type"); total += XSTRING (args[n])->size; + /* We have to put an arbitrary limit on minlen + since otherwise it could make alloca fail. */ + if (minlen < XSTRING (args[n])->size + 1000) + total += minlen; } /* Would get MPV otherwise, since Lisp_Int's `point' to low memory. */ else if (INTEGERP (args[n]) && *format != 's') @@ -1844,6 +1847,10 @@ Use %% to put a single % into the output.") args[n] = Ffloat (args[n]); #endif total += 30; + /* We have to put an arbitrary limit on minlen + since otherwise it could make alloca fail. */ + if (minlen < 1000) + total += minlen; } #ifdef LISP_FLOAT_TYPE else if (FLOATP (args[n]) && *format != 's') @@ -1851,6 +1858,10 @@ Use %% to put a single % into the output.") if (! (*format == 'e' || *format == 'f' || *format == 'g')) args[n] = Ftruncate (args[n]); total += 30; + /* We have to put an arbitrary limit on minlen + since otherwise it could make alloca fail. */ + if (minlen < 1000) + total += minlen; } #endif else |