diff options
| author | Eli Zaretskii <eliz@gnu.org> | 2012-04-01 19:55:30 +0300 |
|---|---|---|
| committer | Eli Zaretskii <eliz@gnu.org> | 2012-04-01 19:55:30 +0300 |
| commit | 8bc53d00e3a4ffff5220adf51b269468fce8c931 (patch) | |
| tree | ebf21ff507f385094af2e5f8c9b0b730ec8cad90 | |
| parent | 3b0512a3d5c5ef30308bc466d914c4282153d453 (diff) | |
| download | emacs-8bc53d00e3a4ffff5220adf51b269468fce8c931.tar.gz | |
Fix unsafe use of alloca reported in bug #11138.
src/w32menu.c (simple_dialog_show, add_menu_item): Use SAFE_ALLOCA
instead of alloca.
| -rw-r--r-- | src/ChangeLog | 5 | ||||
| -rw-r--r-- | src/w32menu.c | 13 |
2 files changed, 14 insertions, 4 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index ee54c48cd94..ea80129ff16 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2012-04-01 Eli Zaretskii <eliz@gnu.org> + + * w32menu.c (simple_dialog_show, add_menu_item): Use SAFE_ALLOCA + instead of alloca. (Bug#11138) + 2012-04-01 Andreas Schwab <schwab@linux-m68k.org> * w32menu.c (is_simple_dialog): Properly check lisp types. diff --git a/src/w32menu.c b/src/w32menu.c index b25edf0f269..9091cb81627 100644 --- a/src/w32menu.c +++ b/src/w32menu.c @@ -1231,6 +1231,7 @@ simple_dialog_show (FRAME_PTR f, Lisp_Object contents, Lisp_Object header) if (unicode_message_box) { WCHAR *text, *title; + USE_SAFE_ALLOCA; if (STRINGP (temp)) { @@ -1240,7 +1241,7 @@ simple_dialog_show (FRAME_PTR f, Lisp_Object contents, Lisp_Object header) one utf16 word, so we cannot simply use the character length of temp. */ int utf8_len = strlen (utf8_text); - text = alloca ((utf8_len + 1) * sizeof (WCHAR)); + SAFE_ALLOCA (text, WCHAR *, (utf8_len + 1) * sizeof (WCHAR)); utf8to16 (utf8_text, utf8_len, text); } else @@ -1260,6 +1261,7 @@ simple_dialog_show (FRAME_PTR f, Lisp_Object contents, Lisp_Object header) } answer = unicode_message_box (FRAME_W32_WINDOW (f), text, title, type); + SAFE_FREE (); } else { @@ -1366,6 +1368,7 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item) char *out_string, *p, *q; int return_value; size_t nlen, orig_len; + USE_SAFE_ALLOCA; if (menu_separator_name_p (wv->name)) { @@ -1381,7 +1384,8 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item) if (wv->key != NULL) { - out_string = alloca (strlen (wv->name) + strlen (wv->key) + 2); + SAFE_ALLOCA (out_string, char *, + strlen (wv->name) + strlen (wv->key) + 2); strcpy (out_string, wv->name); strcat (out_string, "\t"); strcat (out_string, wv->key); @@ -1415,7 +1419,7 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item) if (nlen > orig_len) { p = out_string; - out_string = alloca (nlen + 1); + SAFE_ALLOCA (out_string, char *, nlen + 1); q = out_string; while (*p) { @@ -1475,7 +1479,7 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item) if (fuFlags & MF_OWNERDRAW) utf16_string = local_alloc ((utf8_len + 1) * sizeof (WCHAR)); else - utf16_string = alloca ((utf8_len + 1) * sizeof (WCHAR)); + SAFE_ALLOCA (utf16_string, WCHAR *, (utf8_len + 1) * sizeof (WCHAR)); utf8to16 (out_string, utf8_len, utf16_string); return_value = unicode_append_menu (menu, fuFlags, @@ -1544,6 +1548,7 @@ add_menu_item (HMENU menu, widget_value *wv, HMENU item) FALSE, &info); } } + SAFE_FREE (); return return_value; } |