Commit 66c6fdd5 authored by Paul Eggert's avatar Paul Eggert

* emacs.c (main) [NS_IMPL_COCOA]: Don't overrun buffer

when creating daemon; the previous buffer-overflow check was incorrect.
parent 33ef5c64
...@@ -30,6 +30,9 @@ ...@@ -30,6 +30,9 @@
even if the time zone offset is outlandishly large. even if the time zone offset is outlandishly large.
Don't mishandle offset == INT_MIN. Don't mishandle offset == INT_MIN.
* emacs.c (main) [NS_IMPL_COCOA]: Don't overrun buffer
when creating daemon; the previous buffer-overflow check was incorrect.
2011-08-26 Paul Eggert <eggert@cs.ucla.edu> 2011-08-26 Paul Eggert <eggert@cs.ucla.edu>
Integer and memory overflow issues (Bug#9196). Integer and memory overflow issues (Bug#9196).
......
...@@ -1068,15 +1068,17 @@ Using an Emacs configured with --with-x-toolkit=lucid does not have this problem ...@@ -1068,15 +1068,17 @@ Using an Emacs configured with --with-x-toolkit=lucid does not have this problem
if (!dname_arg || !strchr (dname_arg, '\n')) if (!dname_arg || !strchr (dname_arg, '\n'))
{ /* In orig, child: now exec w/special daemon name. */ { /* In orig, child: now exec w/special daemon name. */
char fdStr[80]; char fdStr[80];
int fdStrlen =
snprintf (fdStr, sizeof fdStr,
"--daemon=\n%d,%d\n%s", daemon_pipe[0],
daemon_pipe[1], dname_arg ? dname_arg : "");
if (dname_arg && strlen (dname_arg) > 70) if (! (0 <= fdStrlen && fdStrlen < sizeof fdStr))
{ {
fprintf (stderr, "daemon: child name too long\n"); fprintf (stderr, "daemon: child name too long\n");
exit (1); exit (1);
} }
sprintf (fdStr, "--daemon=\n%d,%d\n%s", daemon_pipe[0],
daemon_pipe[1], dname_arg ? dname_arg : "");
argv[skip_args] = fdStr; argv[skip_args] = fdStr;
execv (argv[0], argv); execv (argv[0], argv);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment