Avert crash in store_mode_line_string on Android 5.0 and earlier

* src/xdisp.c (store_mode_line_string) [__ANDROID_API__ < 22]: Call strlen on STRING if the limit would otherwise be SIZE_MAX, or if the address of the string is within PRECISION bytes of UINTPTR_MAX, in which case it cannot possibly be larger than PRECISION.
2024-06-26 12:08:55 +08:00 · 2024-06-26 12:08:55 +08:00 · 8b1841021c
commit 8b1841021c
parent e7c85f9235
1 changed files with 12 additions and 1 deletions
--- a/src/xdisp.c
+++ b/src/xdisp.c
@ -28053,7 +28053,18 @@ store_mode_line_string (const char *string, Lisp_Object lisp_string,

  if (string != NULL)
    {
-      len = strnlen (string, precision <= 0 ? SIZE_MAX : precision);
+#if defined HAVE_ANDROID && !defined ANDROID_STUBIFY	\
+  && __ANDROID_API__ < 22
+      /* Circumvent a bug in memchr preventing strnlen from returning
+	 valid values when a large limit is specified.
+
+         https://issuetracker.google.com/issues/37020957 */
+      if (precision <= 0 || ((uintptr_t) string
+			     > (UINTPTR_MAX - precision)))
+	len = strlen (string);
+      else
+#endif /* HAVE_ANDROID && !ANDROID_STUBIFY && __ANDROID_API__ < 22 */
+	len = strnlen (string, precision <= 0 ? SIZE_MAX : precision);
      lisp_string = make_string (string, len);
      if (NILP (props))
 	props = mode_line_string_face_prop;