Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/bin/rcp Fix up seriously borked mallocing of a static buffer...
details: https://anonhg.NetBSD.org/src/rev/bb020f3adca5
branches: trunk
changeset: 747062:bb020f3adca5
user: dholland <dholland%NetBSD.org@localhost>
date: Mon Aug 31 07:11:16 2009 +0000
description:
Fix up seriously borked mallocing of a static buffer, which seems to
have been this way since at least 4.4. This will still dump core if
malloc fails on the first trip through, instead of on any malloc
failure, but should otherwise behave much more reasonably.
diffstat:
bin/rcp/rcp.c | 17 ++++++++++++-----
1 files changed, 12 insertions(+), 5 deletions(-)
diffs (44 lines):
diff -r 252e0dfc2cac -r bb020f3adca5 bin/rcp/rcp.c
--- a/bin/rcp/rcp.c Mon Aug 31 06:21:54 2009 +0000
+++ b/bin/rcp/rcp.c Mon Aug 31 07:11:16 2009 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rcp.c,v 1.47 2008/07/20 00:52:40 lukem Exp $ */
+/* $NetBSD: rcp.c,v 1.48 2009/08/31 07:11:16 dholland Exp $ */
/*
* Copyright (c) 1983, 1990, 1992, 1993
@@ -39,7 +39,7 @@
#if 0
static char sccsid[] = "@(#)rcp.c 8.2 (Berkeley) 4/2/94";
#else
-__RCSID("$NetBSD: rcp.c,v 1.47 2008/07/20 00:52:40 lukem Exp $");
+__RCSID("$NetBSD: rcp.c,v 1.48 2009/08/31 07:11:16 dholland Exp $");
#endif
#endif /* not lint */
@@ -583,15 +583,22 @@
SCREWUP("size not delimited");
if (targisdir) {
static char *namebuf;
- static int cursize;
+ static size_t cursize;
+ char *newnamebuf;
size_t need;
need = strlen(targ) + strlen(cp) + 250;
if (need > cursize) {
- if (!(namebuf = malloc(need)))
+ newnamebuf = realloc(namebuf, need);
+ if (newnamebuf != NULL) {
+ namebuf = newnamebuf;
+ cursize = need;
+ } else {
+ /* note: run_err is not fatal */
run_err("%s", strerror(errno));
+ }
}
- (void)snprintf(namebuf, need, "%s%s%s", targ,
+ (void)snprintf(namebuf, cursize, "%s%s%s", targ,
*targ ? "/" : "", cp);
np = namebuf;
} else
Home |
Main Index |
Thread Index |
Old Index