diff options
author | Jim Meyering <meyering@redhat.com> | 2010-11-10 13:53:38 +0100 |
---|---|---|
committer | Jim Meyering <meyering@redhat.com> | 2010-11-10 14:28:03 +0100 |
commit | 0cfd4f2161de5e942cbd7c273d03a90c1dfd2062 (patch) | |
tree | f0c232229a392352ddb48ddf6da987314104f568 /src | |
parent | 425503c8073a17df5ace9bb9330ce283804b07e1 (diff) | |
download | coreutils-0cfd4f2161de5e942cbd7c273d03a90c1dfd2062.tar.xz |
csplit: avoid buffer overrun when writing more than 999 files
Without this fix, seq 1000 | csplit - /./ '{*}' would write
the NUL-terminated file name, xx1000, into a buffer of size 6.
* src/csplit.c (main): Use properly sized file name buffer.
* NEWS (Bug fixes): Mention it.
* tests/misc/csplit-1000: New test to trigger the bug.
* tests/Makefile.am (TESTS): Add misc/csplit-1000.
Diffstat (limited to 'src')
-rw-r--r-- | src/csplit.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/csplit.c b/src/csplit.c index 40baba825..57543f0a2 100644 --- a/src/csplit.c +++ b/src/csplit.c @@ -1372,10 +1372,11 @@ main (int argc, char **argv) usage (EXIT_FAILURE); } - if (suffix) - filename_space = xmalloc (strlen (prefix) + max_out (suffix) + 2); - else - filename_space = xmalloc (strlen (prefix) + digits + 2); + unsigned int max_digit_string_len + = (suffix + ? max_out (suffix) + : MAX (INT_STRLEN_BOUND (unsigned int), digits)); + filename_space = xmalloc (strlen (prefix) + max_digit_string_len + 1); set_input_file (argv[optind++]); |