Commit 8bc53d00 authored by Eli Zaretskii's avatar Eli Zaretskii

Fix unsafe use of alloca reported in bug #11138.

 src/w32menu.c (simple_dialog_show, add_menu_item): Use SAFE_ALLOCA
 instead of alloca.
parent 3b0512a3
2012-04-01 Eli Zaretskii <eliz@gnu.org>
* w32menu.c (simple_dialog_show, add_menu_item): Use SAFE_ALLOCA
instead of alloca. (Bug#11138)
2012-04-01 Andreas Schwab <schwab@linux-m68k.org>
* w32menu.c (is_simple_dialog): Properly check lisp types.
......
......@@ -1231,6 +1231,7 @@ simple_dialog_show (FRAME_PTR f, Lisp_Object contents, Lisp_Object header)
if (unicode_message_box)
{
WCHAR *text, *title;
USE_SAFE_ALLOCA;
if (STRINGP (temp))
{
......@@ -1240,7 +1241,7 @@ simple_dialog_show (FRAME_PTR f, Lisp_Object contents, Lisp_Object header)
one utf16 word, so we cannot simply use the character
length of temp. */
int utf8_len = strlen (utf8_text);
text = alloca ((utf8_len + 1) * sizeof (WCHAR));
SAFE_ALLOCA (text, WCHAR *, (utf8_len + 1) * sizeof (WCHAR));
utf8to16 (utf8_text, utf8_len, text);
}
else
......@@ -1260,6 +1261,7 @@ simple_dialog_show (FRAME_PTR f, Lisp_Object contents, Lisp_Object header)
}
answer = unicode_message_box (FRAME_W32_WINDOW (f), text, title, type);
SAFE_FREE ();
}
else
{
......@@ -1366,6 +1368,7 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item)
char *out_string, *p, *q;
int return_value;
size_t nlen, orig_len;
USE_SAFE_ALLOCA;
if (menu_separator_name_p (wv->name))
{
......@@ -1381,7 +1384,8 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item)
if (wv->key != NULL)
{
out_string = alloca (strlen (wv->name) + strlen (wv->key) + 2);
SAFE_ALLOCA (out_string, char *,
strlen (wv->name) + strlen (wv->key) + 2);
strcpy (out_string, wv->name);
strcat (out_string, "\t");
strcat (out_string, wv->key);
......@@ -1415,7 +1419,7 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item)
if (nlen > orig_len)
{
p = out_string;
out_string = alloca (nlen + 1);
SAFE_ALLOCA (out_string, char *, nlen + 1);
q = out_string;
while (*p)
{
......@@ -1475,7 +1479,7 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item)
if (fuFlags & MF_OWNERDRAW)
utf16_string = local_alloc ((utf8_len + 1) * sizeof (WCHAR));
else
utf16_string = alloca ((utf8_len + 1) * sizeof (WCHAR));
SAFE_ALLOCA (utf16_string, WCHAR *, (utf8_len + 1) * sizeof (WCHAR));
utf8to16 (out_string, utf8_len, utf16_string);
return_value = unicode_append_menu (menu, fuFlags,
......@@ -1544,6 +1548,7 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item)
FALSE, &info);
}
}
SAFE_FREE ();
return return_value;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment