From: Peter Johnson <peter@tortall.net>
Date: Sat, 23 Jun 2007 00:19:57 +0000 (-0000)
Subject: Fix default filename buffer overflow.
X-Git-Tag: v0.6.2~8^2~28
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0a3b9a84629d7be4f1104452d1757b9f039b1124;p=yasm

Fix default filename buffer overflow.
Note: this is not a security issue.

Noticed by: Mike Frysinger <vapier@gentoo.org>

svn path=/trunk/yasm/; revision=1884
---

diff --git a/frontends/yasm/yasm.c b/frontends/yasm/yasm.c
index 2aaa90e1..77571742 100644
--- a/frontends/yasm/yasm.c
+++ b/frontends/yasm/yasm.c
@@ -1135,9 +1135,17 @@ replace_extension(const char *orig, /*@null@*/ const char *ext,
                   const char *def)
 {
     char *out, *outext;
+    size_t deflen, outlen;
 
     /* allocate enough space for full existing name + extension */
-    out = yasm_xmalloc(strlen(orig)+(ext ? (strlen(ext)+2) : 1));
+    outlen = strlen(orig) + 2;
+    if (ext)
+        outlen += strlen(ext) + 1;
+    deflen = strlen(def) + 1;
+    if (outlen < deflen)
+        outlen = deflen;
+    out = yasm_xmalloc(outlen);
+
     strcpy(out, orig);
     outext = strrchr(out, '.');
     if (outext) {