csplit: avoid buffer overrun when writing more than 999 files

Without this fix, seq 1000 | csplit - /./ '{*}' would write the NUL-terminated file name, xx1000, into a buffer of size 6. * src/csplit.c (main): Use properly sized file name buffer. * NEWS (Bug fixes): Mention it. * tests/misc/csplit-1000: New test to trigger the bug. * tests/Makefile.am (TESTS): Add misc/csplit-1000.
author: Jim Meyering <meyering@redhat.com> 2010-11-10 13:53:38 +0100
committer: Jim Meyering <meyering@redhat.com> 2010-11-10 14:28:03 +0100
commit: 0cfd4f2161de5e942cbd7c273d03a90c1dfd2062 (patch)
tree: f0c232229a392352ddb48ddf6da987314104f568 /src
parent: 425503c8073a17df5ace9bb9330ce283804b07e1 (diff)
download: coreutils-0cfd4f2161de5e942cbd7c273d03a90c1dfd2062.tar.xz
1 files changed, 5 insertions, 4 deletions
diff --git a/src/csplit.c b/src/csplit.c
index 40baba825..57543f0a2 100644
--- a/src/csplit.c
+++ b/src/csplit.c
@@ -1372,10 +1372,11 @@ main (int argc, char **argv)
       usage (EXIT_FAILURE);
     }
 
-  if (suffix)
-    filename_space = xmalloc (strlen (prefix) + max_out (suffix) + 2);
-  else
-    filename_space = xmalloc (strlen (prefix) + digits + 2);
+  unsigned int max_digit_string_len
+    = (suffix
+       ? max_out (suffix)
+       : MAX (INT_STRLEN_BOUND (unsigned int), digits));
+  filename_space = xmalloc (strlen (prefix) + max_digit_string_len + 1);
 
   set_input_file (argv[optind++]);
author	Jim Meyering <meyering@redhat.com>	2010-11-10 13:53:38 +0100
committer	Jim Meyering <meyering@redhat.com>	2010-11-10 14:28:03 +0100
commit	0cfd4f2161de5e942cbd7c273d03a90c1dfd2062 (patch)
tree	f0c232229a392352ddb48ddf6da987314104f568 /src
parent	425503c8073a17df5ace9bb9330ce283804b07e1 (diff)
download	coreutils-0cfd4f2161de5e942cbd7c273d03a90c1dfd2062.tar.xz