diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2011-08-29 09:48:19 -0700 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2011-08-29 09:48:19 -0700 |
| commit | b5cd19054673bfa46a4f0d1ac3905deeafcf94ff (patch) | |
| tree | 07ab94434229efd114cdc57848cfc29c907cdcdd /src/filelock.c | |
| parent | d749b01b0c7daff6427373b787e56d06e6f4d223 (diff) | |
| download | emacs-b5cd19054673bfa46a4f0d1ac3905deeafcf94ff.tar.gz | |
* filelock.c (lock_file_1, lock_file): Don't blindly alloca long name;
use SAFE_ALLOCA instead. Use esprintf to avoid int-overflow issues.
Diffstat (limited to 'src/filelock.c')
| -rw-r--r-- | src/filelock.c | 35 |
1 files changed, 21 insertions, 14 deletions
diff --git a/src/filelock.c b/src/filelock.c index c28ee7837fa..7235c862ef0 100644 --- a/src/filelock.c +++ b/src/filelock.c @@ -341,6 +341,9 @@ lock_file_1 (char *lfname, int force) const char *user_name; const char *host_name; char *lock_info_str; + ptrdiff_t lock_info_size; + int symlink_errno; + USE_SAFE_ALLOCA; /* Call this first because it can GC. */ boot = get_boot_time (); @@ -353,17 +356,14 @@ lock_file_1 (char *lfname, int force) host_name = SSDATA (Fsystem_name ()); else host_name = ""; - lock_info_str = (char *)alloca (strlen (user_name) + strlen (host_name) - + 2 * INT_STRLEN_BOUND (printmax_t) - + sizeof "@.:"); + lock_info_size = (strlen (user_name) + strlen (host_name) + + 2 * INT_STRLEN_BOUND (printmax_t) + + sizeof "@.:"); + SAFE_ALLOCA (lock_info_str, char *, lock_info_size); pid = getpid (); - if (boot) - sprintf (lock_info_str, "%s@%s.%"pMd":%"pMd, - user_name, host_name, pid, boot); - else - sprintf (lock_info_str, "%s@%s.%"pMd, - user_name, host_name, pid); + esprintf (lock_info_str, boot ? "%s@%s.%"pMd":%"pMd : "%s@%s.%"pMd, + user_name, host_name, pid, boot); err = symlink (lock_info_str, lfname); if (errno == EEXIST && force) @@ -372,6 +372,9 @@ lock_file_1 (char *lfname, int force) err = symlink (lock_info_str, lfname); } + symlink_errno = errno; + SAFE_FREE (); + errno = symlink_errno; return err == 0; } @@ -541,9 +544,11 @@ lock_file (Lisp_Object fn) { register Lisp_Object attack, orig_fn, encoded_fn; register char *lfname, *locker; + ptrdiff_t locker_size; lock_info_type lock_info; printmax_t pid; struct gcpro gcpro1; + USE_SAFE_ALLOCA; /* Don't do locking while dumping Emacs. Uncompressing wtmp files uses call-process, which does not work @@ -580,15 +585,17 @@ lock_file (Lisp_Object fn) return; /* Else consider breaking the lock */ - locker = (char *) alloca (strlen (lock_info.user) + strlen (lock_info.host) - + INT_STRLEN_BOUND (printmax_t) - + sizeof "@ (pid )"); + locker_size = (strlen (lock_info.user) + strlen (lock_info.host) + + INT_STRLEN_BOUND (printmax_t) + + sizeof "@ (pid )"); + SAFE_ALLOCA (locker, char *, locker_size); pid = lock_info.pid; - sprintf (locker, "%s@%s (pid %"pMd")", - lock_info.user, lock_info.host, pid); + esprintf (locker, "%s@%s (pid %"pMd")", + lock_info.user, lock_info.host, pid); FREE_LOCK_INFO (lock_info); attack = call2 (intern ("ask-user-about-lock"), fn, build_string (locker)); + SAFE_FREE (); if (!NILP (attack)) /* User says take the lock */ { |