procyberian/emacs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix GC-related crashes in styled_format (bug#75754)

Browse source 
This approach ensures we don't use an SSDATA pointer after GC, and
that no Lisp callback code can modify the format string while we're
working on it.

* src/editfns.c (styled_format): Operate on a copy of the format
string rather than the original.  Ensure final NUL byte is copied.
This commit is contained in:
Pip Cet 2025-02-03 20:40:34 +00:00
parent b5316e1ddb
commit 14ebe4d5db
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/editfns.c
View file

@ -3442,9 +3442,10 @@ styled_format (ptrdiff_t nargs, Lisp_Object *args, bool message)
} *info;
CHECK_STRING (args[0]);
char *format_start = SSDATA (args[0]);
bool multibyte_format = STRING_MULTIBYTE (args[0]);
ptrdiff_t formatlen = SBYTES (args[0]);
char *format_start = SAFE_ALLOCA (formatlen + 1);
memcpy (format_start, SSDATA (args[0]), formatlen + 1);
bool fmt_props = !!string_intervals (args[0]);
/* Upper bound on number of format specs. Each uses at least 2 chars. */