Commit 04e5b28f authored by Paul Eggert's avatar Paul Eggert
Browse files

Fix bug in i18n/l10n optimization

This fixes a off-by-one buffer overrun bug introduced in
2017-06-04T15:39:37Z!eggert@cs.ucla.edu.  Problem uncovered by an
experimental version of Emacs built with -fcheck-pointer-bounds
and running on Intel MPX hardware.
* src/editfns.c (styled_format): Avoid overrunning internal buffers.
parent 82270871
......@@ -4919,7 +4919,7 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message)
else if (discarded[bytepos] == 1)
{
position++;
if (translated == info[fieldn].start)
if (fieldn < nspec && translated == info[fieldn].start)
{
translated += info[fieldn].end - info[fieldn].start;
fieldn++;
......@@ -4939,7 +4939,7 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message)
else if (discarded[bytepos] == 1)
{
position++;
if (translated == info[fieldn].start)
if (fieldn < nspec && translated == info[fieldn].start)
{
translated += info[fieldn].end - info[fieldn].start;
fieldn++;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment