From a922106f98319ba4baf3cff363108485a0b72a2f Mon Sep 17 00:00:00 2001 From: op Date: Sun, 5 Nov 2023 07:39:16 +0000 Subject: [PATCH] fix bad path allocation in makeinfo In one branch of the image handling, the wrong malloc() call was copied-pasted making the allocation possibly smaller than needed. Spotted while building the gcc11 port, libgccjit.info exercise that branch and the write out of bounds was discovered by malloc(). Convert the malloc + strlcpy/cat dance to an asprintf, and while here also fix the leak of the two paths. ok tb@ --- gnu/usr.bin/texinfo/makeinfo/makeinfo.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/gnu/usr.bin/texinfo/makeinfo/makeinfo.c b/gnu/usr.bin/texinfo/makeinfo/makeinfo.c index 1e55048caea..5749e8a24cd 100644 --- a/gnu/usr.bin/texinfo/makeinfo/makeinfo.c +++ b/gnu/usr.bin/texinfo/makeinfo/makeinfo.c @@ -1,5 +1,5 @@ /* makeinfo -- convert Texinfo source into other formats. - $Id: makeinfo.c,v 1.9 2015/11/14 23:06:06 deraadt Exp $ + $Id: makeinfo.c,v 1.10 2023/11/05 07:39:16 op Exp $ Copyright (C) 1987, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. @@ -3363,11 +3363,13 @@ cm_image (int arg) { /* Try to open foo.EXT or foo.txt. */ FILE *image_file; char *txtpath = NULL; - char *txtname = xmalloc (strlen (name_arg) - + (ext_arg && *ext_arg - ? strlen (ext_arg) : 4) + 1); - strcpy (txtname, name_arg); - strcat (txtname, ".txt"); + char *txtname; + + if (asprintf (&txtname, "%s.txt", name_arg) == -1) { + perror ("asprintf"); + exit (1); + } + image_file = fopen (txtname, "r"); if (image_file == NULL) { @@ -3451,6 +3453,9 @@ cm_image (int arg) else warning (_("@image file `%s' (for text) unreadable: %s"), txtname, strerror (errno)); + + free (txtname); + free (txtpath); } free (fullname); -- 2.20.1