xemacs-beta: src/event-stream.c comparison

comparison src/event-stream.c @ 5857:6ec4964c1687

Be more careful about echo_buf arithmetic, event-stream.c. src/ChangeLog addition: 2015-03-12 Aidan Kehoe <kehoea@parhasard.net> * event-stream.c (lookup_command_event): Check whether echo_buf_fill_pointer is negative before using it in arithmetic, avoiding a crash in GC. Oddly the old code didn't do this check and didn't crash, but its echo_buf was from malloced memory, not from our string data, so there may have been more room to manoeuvre.

author	Aidan Kehoe <kehoea@parhasard.net>
date	Thu, 12 Mar 2015 23:31:42 +0000
parents	b3824b7f5627
children	916b48abd1c6

comparison

equal deleted inserted replaced

-:27876789edc5
+:6ec4964c1687
 #else
 	if (1)
 #endif
 	  {
 	    Lisp_Object prompt = Fkeymap_prompt (leaf, Qt);
-	    if (STRINGP (prompt))
+	    if (STRINGP (prompt) && STRINGP (command_builder->echo_buf))
 	      {
 		/* Append keymap prompt to key echo buffer */
-		int buf_fill_pointer = command_builder->echo_buf_fill_pointer;
+		Bytecount buf_fill_pointer
+= max (command_builder->echo_buf_fill_pointer, 0);
 		Bytecount len = XSTRING_LENGTH (prompt);
 		if (len + buf_fill_pointer + 1
 <= XSTRING_LENGTH (command_builder->echo_buf))
 		  {
 sledgehammer_check_ascii_begin (command_builder->echo_buf);
 /* Show the keymap prompt, but don't adjust the fill
 pointer to reflect it. */
 command_builder->echo_buf_end
-= command_builder->echo_buf_fill_pointer + len;
+= buf_fill_pointer + len;
+command_builder->echo_buf_fill_pointer = buf_fill_pointer;
 		  }
 		maybe_echo_keys (command_builder, 1);
 	      }
 	    else
 	      maybe_echo_keys (command_builder, 0);

Mercurial > hg > xemacs-beta

comparison src/event-stream.c @ 5857:6ec4964c1687