diff options
author | Hans de Graaff <graaff@gentoo.org> | 2007-11-26 20:15:44 +0000 |
---|---|---|
committer | Hans de Graaff <graaff@gentoo.org> | 2007-11-26 20:15:44 +0000 |
commit | c1387771abe563fbff99253d5ea97912b76b74d2 (patch) | |
tree | 046458a150bd7b8a6fa936f32622a1bf2ad11596 /app-editors/xemacs/files | |
parent | Moved to Portage tree. (diff) | |
download | emacs-c1387771abe563fbff99253d5ea97912b76b74d2.tar.gz emacs-c1387771abe563fbff99253d5ea97912b76b74d2.tar.bz2 emacs-c1387771abe563fbff99253d5ea97912b76b74d2.zip |
Add patch for security issue in bug #200297
svn path=/emacs-overlay/; revision=787
Diffstat (limited to 'app-editors/xemacs/files')
-rw-r--r-- | app-editors/xemacs/files/xemacs-21.5.28-int-format.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/app-editors/xemacs/files/xemacs-21.5.28-int-format.patch b/app-editors/xemacs/files/xemacs-21.5.28-int-format.patch new file mode 100644 index 0000000..b4b1a47 --- /dev/null +++ b/app-editors/xemacs/files/xemacs-21.5.28-int-format.patch @@ -0,0 +1,43 @@ + +diff -r 33f6ee3a6e75 src/doprnt.c +--- a/src/doprnt.c Thu Sep 06 21:51:29 2007 +0000 ++++ b/src/doprnt.c Mon Nov 26 03:46:16 2007 +0100 +@@ -776,9 +776,21 @@ emacs_doprnt_1 (Lisp_Object stream, cons + #endif /* HAVE_BIGFLOAT */ + else + { +- Ascbyte *text_to_print = alloca_array (char, 350); ++ Ascbyte *text_to_print; + Ascbyte constructed_spec[100]; + Ascbyte *p = constructed_spec; ++ int alloca_sz = 350; ++ int min = spec->minwidth, prec = spec->precision; ++ ++ if (prec < 0) ++ prec = 0; ++ if (min < 0) ++ min = 0; ++ ++ if (32+min+prec > alloca_sz) ++ alloca_sz = 32 + min + prec; ++ ++ text_to_print = alloca_array(char, alloca_sz); + + /* Mostly reconstruct the spec and use sprintf() to + format the string. */ +diff -r 33f6ee3a6e75 tests/automated/lisp-tests.el +--- a/tests/automated/lisp-tests.el Thu Sep 06 21:51:29 2007 +0000 ++++ b/tests/automated/lisp-tests.el Mon Nov 26 03:46:16 2007 +0100 +@@ -1279,6 +1279,10 @@ + (Assert (= (read (format "%d" most-negative-fixnum)) most-negative-fixnum)) + (Assert (= (read (format "%ld" most-negative-fixnum)) most-negative-fixnum)) + ++;; These used to crash. ++(Assert (eql (read (format "%f" 1.2e+302)) 1.2e+302)) ++(Assert (eql (read (format "%.1000d" 1)) 1)) ++ + ;;; "%u" is undocumented, and Emacs Lisp has no unsigned type. + ;;; What to do if "%u" is used with a negative number? + ;;; For non-bignum XEmacsen, the most reasonable thing seems to be to print an + + |