+2011-04-29 Eli Zaretskii <eliz@gnu.org>
+
+ * doprnt.c (doprnt): Fix the case where a multibyte sequence
+ produced by %s or %c overflows available buffer space. (Bug#8545)
+
2011-04-28 Paul Eggert <eggert@cs.ucla.edu>
* doprnt.c (doprnt): Omit useless test; int overflow check (Bug#8545).
/* Truncate the string at character boundary. */
tem = bufsize;
while (!CHAR_HEAD_P (string[tem - 1])) tem--;
- memcpy (bufptr, string, tem);
- /* We must calculate WIDTH again. */
- width = strwidth (bufptr, tem);
+ /* If the multibyte sequence of this character is
+ too long for the space we have left in the
+ buffer, truncate before it. */
+ if (tem > 0
+ && BYTES_BY_CHAR_HEAD (string[tem - 1]) > bufsize)
+ tem--;
+ if (tem > 0)
+ memcpy (bufptr, string, tem);
+ bufptr[tem] = 0;
+ /* Trigger exit from the loop, but make sure we
+ return to the caller a value which will indicate
+ that the buffer was too small. */
+ bufptr += bufsize;
+ bufsize = 0;
+ continue;
}
else
memcpy (bufptr, string, tem);
{
char buf[4000];
size_t size = sizeof buf;
- size_t size_max = min (MOST_POSITIVE_FIXNUM, SIZE_MAX);
+ size_t size_max = min (MOST_POSITIVE_FIXNUM, SIZE_MAX);
size_t mlen = strlen (m);
char *buffer = buf;
size_t used;
HCoop / bpt / emacs.git / commitdiff