From: Reuben Thomas <rrt@sc3d.org>
Date: Mon, 15 Jan 2018 23:55:16 +0000 (+0000)
Subject: main.c: fix potential buffer overflow (Debian bug #754945)
X-Git-Tag: v3.7~122
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=aa6be4a86544c68e3b36fe37710a89bc78eb9785;p=recode

main.c: fix potential buffer overflow (Debian bug #754945)

Patch from Alexander Gerasiov <gq@debian.org>
---

diff --git a/src/main.c b/src/main.c
index 44a5675..b161726 100644
--- a/src/main.c
+++ b/src/main.c
@@ -805,12 +805,13 @@ warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n"),
 	  for (; optind < argc; optind++)
 	    {
 	      const char *input_name;
-	      char output_name[200]; /* FIXME: dangerous limit */
+	      char *output_name;
 	      FILE *file;
 	      struct stat file_stat;
 	      struct utimbuf file_utime;
 
 	      input_name = argv[optind];
+	      output_name = xmalloc (strlen (input_name) + 17 + 1); /* 17 is upper limit for rec%d.tmp where %d is pid_t */
 
 	      /* Check if the file can be read and rewritten.  */
 
@@ -923,6 +924,7 @@ warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n"),
 
 		  unlink (output_name);
 		}
+	      free (output_name);
 	    }
       }
     else