Mercurial > unleashed > wips

changeset 19604:a2b2582d173d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
9564 cw: possible buffer overflow in cw Reviewed by: Yuri Pankov <yuripv@yuripv.net> Reviewed by: Andy Fiddaman <omnios@citrus-it.co.uk> Approved by: Robert Mustacchi <rm@joyent.com>
author Toomas Soome <tsoome@me.com>
date Wed, 30 May 2018 11:39:35 +0300
parents 92ef33bd11b3
children 015adb683b3e
files usr/src/tools/cw/cw.c
diffstat 1 files changed, 3 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/tools/cw/cw.c	Thu Sep 07 15:12:35 2017 -0700
+++ b/usr/src/tools/cw/cw.c	Wed May 30 11:39:35 2018 +0300
@@ -1297,16 +1297,13 @@
 			case 'O':
 				if (strncmp(arg, "-xO", 3) == 0) {
 					size_t len = strlen(arg);
-					char *s;
+					char *s = NULL;
 					int c = *(arg + 3);
 					int level;
 
 					if (len != 4 || !isdigit(c))
 						error(arg);
 
-					if ((s = malloc(len)) == NULL)
-						nomem();
-
 					level = atoi(arg + 3);
 					if (level > 5)
 						error(arg);
@@ -1322,7 +1319,8 @@
 						 */
 						level = 2;
 					}
-					(void) snprintf(s, len, "-O%d", level);
+					if (asprintf(&s, "-O%d", level) == -1)
+						nomem();
 					newae(ctx->i_ae, s);
 					free(s);
 					break;