Subject: misc/33709: jot segfault
To: None <misc-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <hypnosses@pulltheplug.org>
List: netbsd-bugs
Date: 06/13/2006 02:30:00
>Number: 33709
>Category: misc
>Synopsis: jot segfault
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: misc-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Tue Jun 13 02:30:00 +0000 2006
>Originator: Kevin Massey
>Release:
>Organization:
None
>Environment:
>Description:
jot segfualts with a large string
>How-To-Repeat:
jot `perl -e 'print "A" x 9999'`
>Fix:
Index: jot.c
===================================================================
RCS file: /cvsroot/src/usr.bin/jot/jot.c,v
retrieving revision 1.14
diff -u -r1.14 jot.c
--- jot.c 7 Jan 2006 07:09:01 -0000 1.14
+++ jot.c 13 Jun 2006 02:21:31 -0000
@@ -133,19 +133,19 @@
boring = 1;
case 'w':
if ((*argv)[2])
- strcpy(format, *argv + 2);
+ strlcpy(format, *argv + 2, sizeof format);
else if (!--argc)
errx(1, "Need context word after -w or -b");
else
- strcpy(format, *++argv);
+ strlcpy(format, *++argv, sizeof format);
break;
case 's':
if ((*argv)[2])
- strcpy(sepstring, *argv + 2);
+ strlcpy(sepstring, *argv + 2, sizeof sepstring); else if (!--argc)
errx(1, "Need string after -s");
else
- strcpy(sepstring, *++argv);
+ strlcpy(sepstring, *++argv, sizeof sepstring);
break;
case 'p':
if ((*argv)[2])