Mercurial > unleashed > wips
changeset 19604:a2b2582d173d
9564 cw: possible buffer overflow in cw
Reviewed by: Yuri Pankov <yuripv@yuripv.net>
Reviewed by: Andy Fiddaman <omnios@citrus-it.co.uk>
Approved by: Robert Mustacchi <rm@joyent.com>
author | Toomas Soome <tsoome@me.com> |
---|---|
date | Wed, 30 May 2018 11:39:35 +0300 |
parents | 92ef33bd11b3 |
children | 015adb683b3e |
files | usr/src/tools/cw/cw.c |
diffstat | 1 files changed, 3 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/tools/cw/cw.c Thu Sep 07 15:12:35 2017 -0700 +++ b/usr/src/tools/cw/cw.c Wed May 30 11:39:35 2018 +0300 @@ -1297,16 +1297,13 @@ case 'O': if (strncmp(arg, "-xO", 3) == 0) { size_t len = strlen(arg); - char *s; + char *s = NULL; int c = *(arg + 3); int level; if (len != 4 || !isdigit(c)) error(arg); - if ((s = malloc(len)) == NULL) - nomem(); - level = atoi(arg + 3); if (level > 5) error(arg); @@ -1322,7 +1319,8 @@ */ level = 2; } - (void) snprintf(s, len, "-O%d", level); + if (asprintf(&s, "-O%d", level) == -1) + nomem(); newae(ctx->i_ae, s); free(s); break;