From 14ad7a25505ec3127cd1f07001d54d94f51f1748 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Tue, 14 Dec 2010 11:09:32 -0800 Subject: sort: fix very-unlikely buffer overrun when merging to input file * src/sort.c (avoid_trashing_input): Fix a typo that could cause a buffer overrun in theory. In practice this is extremely unlikely, as it requires running out of file descriptors in a small merge, presumably because some other process is hogging all the OS's file descriptors. --- src/sort.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/sort.c b/src/sort.c index 63162ea41..3321ddb6d 100644 --- a/src/sort.c +++ b/src/sort.c @@ -3613,9 +3613,8 @@ avoid_trashing_input (struct sortfile *files, size_t ntemps, files[i].name = temp; files[i].pid = pid; - if (i + num_merged < nfiles) - memmove (&files[i + 1], &files[i + num_merged], - num_merged * sizeof *files); + memmove (&files[i + 1], &files[i + num_merged], + (nfiles - (i + num_merged)) * sizeof *files); ntemps += 1; nfiles -= num_merged - 1;; i += num_merged; -- cgit v1.2.3-54-g00ecf