Fix bug in i18n/l10n optimization

This fixes a off-by-one buffer overrun bug introduced in 2017-06-04T15:39:37Z!eggert@cs.ucla.edu. Problem uncovered by an experimental version of Emacs built with -fcheck-pointer-bounds and running on Intel MPX hardware. * src/editfns.c (styled_format): Avoid overrunning internal buffers.
2017-12-02 21:31:24 -08:00 · 2017-12-02 21:31:24 -08:00 · 04e5b28ff1
commit 04e5b28ff1
parent 8227087194
1 changed files with 2 additions and 2 deletions
--- a/src/editfns.c
+++ b/src/editfns.c
@ -4919,7 +4919,7 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message)
 		  else if (discarded[bytepos] == 1)
 		    {
 		      position++;
-		      if (translated == info[fieldn].start)
+		      if (fieldn < nspec && translated == info[fieldn].start)
 			{
 			  translated += info[fieldn].end - info[fieldn].start;
 			  fieldn++;
@ -4939,7 +4939,7 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message)
 		  else if (discarded[bytepos] == 1)
 		    {
 		      position++;
-		      if (translated == info[fieldn].start)
+		      if (fieldn < nspec && translated == info[fieldn].start)
 			{
 			  translated += info[fieldn].end - info[fieldn].start;
 			  fieldn++;