[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
FYI: fix stack overflow in pr
From: |
Jim Meyering |
Subject: |
FYI: fix stack overflow in pr |
Date: |
Thu, 10 Mar 2005 10:43:00 +0100 |
FYI, I found that making pr use a very long date string in its
header would overflow the stack:
2005-03-10 Jim Meyering <address@hidden>
Don't segfault for a long header date string, e.g.,
echo a|pr -D +%9999999A
* src/pr.c (init_header): Use x2nrealloc, rather than alloca.
Don't bother with fixed-sized initial buffer; always use x*alloc.
Index: src/pr.c
===================================================================
RCS file: /fetish/cu/src/pr.c,v
retrieving revision 1.128
retrieving revision 1.129
diff -u -p -u -r1.128 -r1.129
--- src/pr.c 10 Mar 2005 07:58:34 -0000 1.128
+++ src/pr.c 10 Mar 2005 08:51:49 -0000 1.129
@@ -1657,8 +1657,7 @@ print_files (int number_of_files, char *
static void
init_header (char *filename, int desc)
{
- char *buf;
- char initbuf[MAX (256, INT_BUFSIZE_BOUND (long int))];
+ char *buf = NULL;
struct stat st;
struct tm *tm;
@@ -1668,25 +1667,27 @@ init_header (char *filename, int desc)
if (desc < 0 || fstat (desc, &st) != 0)
st.st_mtime = time (NULL);
- buf = initbuf;
tm = localtime (&st.st_mtime);
- if (! tm)
- sprintf (buf, "%ld", (long int) st.st_mtime);
+ if (tm == NULL)
+ {
+ buf = xmalloc (INT_BUFSIZE_BOUND (long int));
+ sprintf (buf, "%ld", (long int) st.st_mtime);
+ }
else
{
- size_t bufsize = sizeof initbuf;
+ size_t bufsize = 0;
for (;;)
{
+ buf = x2nrealloc (buf, &bufsize, sizeof *buf);
*buf = '\1';
- if (strftime (buf, bufsize, date_format, tm) || ! *buf)
+ if (strftime (buf, bufsize, date_format, tm) || *buf == '\0')
break;
- buf = alloca (bufsize *= 2);
}
}
if (date_text)
free (date_text);
- date_text = xstrdup (buf);
+ date_text = buf;
file_text = custom_header ? custom_header : desc < 0 ? "" : filename;
header_width_available = (chars_per_line
- mbswidth (date_text, 0)
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- FYI: fix stack overflow in pr,
Jim Meyering <=