]> granicus.if.org Git - recode/commitdiff
projects / recode / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 28e31dc)
main.c: fix potential buffer overflow (Debian bug #754945)
authorReuben Thomas <rrt@sc3d.org>
Mon, 15 Jan 2018 23:55:16 +0000 (23:55 +0000)
committerReuben Thomas <rrt@sc3d.org>
Fri, 19 Jan 2018 00:19:36 +0000 (00:19 +0000)
Patch from Alexander Gerasiov <gq@debian.org>

src/main.c patch | blob | history

diff --git a/src/main.c b/src/main.c
index 44a56752363ed18bdacec29db9a5fe4a3a472fcf..b16172643fa5e11b2f3bebafb65288533b14b4ad 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -805,12 +805,13 @@ warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n"),
          for (; optind < argc; optind++)
            {
              const char *input_name;
-             char output_name[200]; /* FIXME: dangerous limit */
+             char *output_name;
              FILE *file;
              struct stat file_stat;
              struct utimbuf file_utime;
 
              input_name = argv[optind];
+             output_name = xmalloc (strlen (input_name) + 17 + 1); /* 17 is upper limit for rec%d.tmp where %d is pid_t */
 
              /* Check if the file can be read and rewritten.  */
 
@@ -923,6 +924,7 @@ warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n"),
 
                  unlink (output_name);
                }
+             free (output_name);
            }
       }
     else
Unnamed repository; edit this file 'description' to name the repository.