fix bad path allocation in makeinfo

In one branch of the image handling, the wrong malloc() call was
copied-pasted making the allocation possibly smaller than needed.
Spotted while building the gcc11 port, libgccjit.info exercise that
branch and the write out of bounds was discovered by malloc().

Convert the malloc + strlcpy/cat dance to an asprintf, and while here
also fix the leak of the two paths.

ok tb@

diff --git a/gnu/usr.bin/texinfo/makeinfo/makeinfo.c b/gnu/usr.bin/texinfo/makeinfo/makeinfo.c
index 1e55048..5749e8a 100644 (file)
--- a/gnu/usr.bin/texinfo/makeinfo/makeinfo.c
+++ b/gnu/usr.bin/texinfo/makeinfo/makeinfo.c
@@ -1,5 +1,5 @@
 /* makeinfo -- convert Texinfo source into other formats.
-   $Id: makeinfo.c,v 1.9 2015/11/14 23:06:06 deraadt Exp $
+   $Id: makeinfo.c,v 1.10 2023/11/05 07:39:16 op Exp $
 
    Copyright (C) 1987, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
    2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
@@ -3363,11 +3363,13 @@ cm_image (int arg)
         { /* Try to open foo.EXT or foo.txt.  */
           FILE *image_file;
           char *txtpath = NULL;
-          char *txtname = xmalloc (strlen (name_arg)
-                                   + (ext_arg && *ext_arg
-                                      ? strlen (ext_arg) : 4) + 1);
-          strcpy (txtname, name_arg);
-          strcat (txtname, ".txt");
+          char *txtname;
+
+          if (asprintf (&txtname, "%s.txt", name_arg) == -1) {
+            perror ("asprintf");
+            exit (1);
+          }
+
           image_file = fopen (txtname, "r");
           if (image_file == NULL)
             {
@@ -3451,6 +3453,9 @@ cm_image (int arg)
           else
             warning (_("@image file `%s' (for text) unreadable: %s"),
                         txtname, strerror (errno));
+
+          free (txtname);
+          free (txtpath);
         }
 
       free (fullname);