Avert crash in store_mode_line_string on Android 5.0 and earlier

* src/xdisp.c (store_mode_line_string)
[__ANDROID_API__ < 22]: Call strlen on STRING if the limit
would otherwise be SIZE_MAX, or if the address of the string
is within PRECISION bytes of UINTPTR_MAX, in which case it
cannot possibly be larger than PRECISION.

diff --git a/src/xdisp.c b/src/xdisp.c
index 18ac5b69d7e6768f5776c1af792bcfc2272bc5d0..7d31813a57e60caa5c57e87a6243a6b777686308 100644 (file)
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -28053,7 +28053,18 @@ store_mode_line_string (const char *string, Lisp_Object lisp_string,
 
   if (string != NULL)
     {
-      len = strnlen (string, precision <= 0 ? SIZE_MAX : precision);
+#if defined HAVE_ANDROID && !defined ANDROID_STUBIFY   \
+  && __ANDROID_API__ < 22
+      /* Circumvent a bug in memchr preventing strnlen from returning
+        valid values when a large limit is specified.
+
+         https://issuetracker.google.com/issues/37020957 */
+      if (precision <= 0 || ((uintptr_t) string
+                            > (UINTPTR_MAX - precision)))
+       len = strlen (string);
+      else
+#endif /* HAVE_ANDROID && !ANDROID_STUBIFY && __ANDROID_API__ < 22 */
+       len = strnlen (string, precision <= 0 ? SIZE_MAX : precision);
       lisp_string = make_string (string, len);
       if (NILP (props))
        props = mode_line_string_face_prop;