* etags.c (xmalloc, xrealloc): Accept size_t, not unsigned int,

to avoid potential buffer overflow issues on typical 64-bit hosts. (whatlen_max): New static var. (main): Avoid buffer overflow if subsidiary command length is greater than BUFSIZ or 2*BUFSIZ + 20. Do not use sprintf when its result might not fit in 'int'.
2024-11-26 07:33:47 +00:00 · 2011-08-28 16:55:41 -07:00 · 2011-08-28 16:55:41 -07:00 · 9250f75825
commit 9250f75825
parent 17107bb698
2 changed files with 41 additions and 10 deletions
--- a/lib-src/ChangeLog
+++ b/lib-src/ChangeLog
@ -19,6 +19,13 @@
 	result might not fit in 'int'.
 	(set_local_socket): Do not assume uid fits in 'int'.

+	* etags.c (xmalloc, xrealloc): Accept size_t, not unsigned int,
+	to avoid potential buffer overflow issues on typical 64-bit hosts.
+	(whatlen_max): New static var.
+	(main): Avoid buffer overflow if subsidiary command length is
+	greater than BUFSIZ or 2*BUFSIZ + 20. Do not use sprintf when its
+	result might not fit in 'int'.
+
 2011-07-28  Paul Eggert  <eggert@cs.ucla.edu>

 	Assume freestanding C89 headers, string.h, stdlib.h.
--- a/lib-src/etags.c
+++ b/lib-src/etags.c
@ -414,8 +414,8 @@ static bool filename_is_absolute (char *f);
 static void canonicalize_filename (char *);
 static void linebuffer_init (linebuffer *);
 static void linebuffer_setlen (linebuffer *, int);
-static PTR xmalloc (unsigned int);
-static PTR xrealloc (char *, unsigned int);
+static PTR xmalloc (size_t);
+static PTR xrealloc (char *, size_t);


 static char searchar = '/';	/* use /.../ searches */
@ -425,6 +425,7 @@ static char *progname;		/* name this program was invoked with */
 static char *cwd;		/* current working directory */
 static char *tagfiledir;	/* directory of tagfile */
 static FILE *tagf;		/* ioptr for tags file */
+static ptrdiff_t whatlen_max;	/* maximum length of any 'what' member */

 static fdesc *fdhead;		/* head of file description list */
 static fdesc *curfdp;		/* current file description */
@ -1066,6 +1067,7 @@ main (int argc, char **argv)
  int current_arg, file_count;
  linebuffer filename_lb;
  bool help_asked = FALSE;
+  ptrdiff_t len;
 char *optstring;
 int opt;

@ -1110,6 +1112,9 @@ main (int argc, char **argv)
 	/* This means that a file name has been seen.  Record it. */
 	argbuffer[current_arg].arg_type = at_filename;
 	argbuffer[current_arg].what     = optarg;
+	len = strlen (optarg);
+	if (whatlen_max < len)
+	  whatlen_max = len;
 	++current_arg;
 	++file_count;
 	break;
@ -1118,6 +1123,9 @@ main (int argc, char **argv)
 	/* Parse standard input.  Idea by Vivek <vivek@etla.org>. */
 	argbuffer[current_arg].arg_type = at_stdin;
 	argbuffer[current_arg].what     = optarg;
+	len = strlen (optarg);
+	if (whatlen_max < len)
+	  whatlen_max = len;
 	++current_arg;
 	++file_count;
 	if (parsing_stdin)
@ -1160,6 +1168,9 @@ main (int argc, char **argv)
      case 'r':
 	argbuffer[current_arg].arg_type = at_regexp;
 	argbuffer[current_arg].what = optarg;
+	len = strlen (optarg);
+	if (whatlen_max < len)
+	  whatlen_max = len;
 	++current_arg;
 	break;
      case 'R':
@ -1198,6 +1209,9 @@ main (int argc, char **argv)
    {
      argbuffer[current_arg].arg_type = at_filename;
      argbuffer[current_arg].what = argv[optind];
+      len = strlen (argv[optind]);
+      if (whatlen_max < len)
+	whatlen_max = len;
      ++current_arg;
      ++file_count;
    }
@ -1331,7 +1345,9 @@ main (int argc, char **argv)
  /* From here on, we are in (CTAGS && !cxref_style) */
  if (update)
    {
-      char cmd[BUFSIZ];
+      char *cmd =
+	xmalloc (strlen (tagfile) + whatlen_max +
+		 sizeof "mv..OTAGS;fgrep -v '\t\t' OTAGS >;rm OTAGS");
      for (i = 0; i < current_arg; ++i)
 	{
 	  switch (argbuffer[i].arg_type)
@ -1342,12 +1358,17 @@ main (int argc, char **argv)
 	    default:
 	      continue;		/* the for loop */
 	    }
-	  sprintf (cmd,
-		   "mv %s OTAGS;fgrep -v '\t%s\t' OTAGS >%s;rm OTAGS",
-		   tagfile, argbuffer[i].what, tagfile);
+	  strcpy (cmd, "mv ");
+	  strcat (cmd, tagfile);
+	  strcat (cmd, " OTAGS;fgrep -v '\t");
+	  strcat (cmd, argbuffer[i].what);
+	  strcat (cmd, "\t' OTAGS >");
+	  strcat (cmd, tagfile);
+	  strcat (cmd, ";rm OTAGS");
 	  if (system (cmd) != EXIT_SUCCESS)
 	    fatal ("failed to execute shell command", (char *)NULL);
 	}
+      free (cmd);
      append_to_tagfile = TRUE;
    }

@ -1363,11 +1384,14 @@ main (int argc, char **argv)
  if (CTAGS)
    if (append_to_tagfile || update)
      {
-	char cmd[2*BUFSIZ+20];
+	char *cmd = xmalloc (2 * strlen (tagfile) + sizeof "sort -u -o..");
 	/* Maybe these should be used:
 	   setenv ("LC_COLLATE", "C", 1);
 	   setenv ("LC_ALL", "C", 1); */
-	sprintf (cmd, "sort -u -o %.*s %.*s", BUFSIZ, tagfile, BUFSIZ, tagfile);
+	strcpy (cmd, "sort -u -o ");
+	strcat (cmd, tagfile);
+	strcat (cmd, " ");
+	strcat (cmd, tagfile);
 	exit (system (cmd));
      }
  return EXIT_SUCCESS;
@ -6656,7 +6680,7 @@ linebuffer_setlen (linebuffer *lbp, int toksize)

 /* Like malloc but get fatal error if memory is exhausted. */
 static PTR
-xmalloc (unsigned int size)
+xmalloc (size_t size)
 {
  PTR result = (PTR) malloc (size);
  if (result == NULL)
@ -6665,7 +6689,7 @@ xmalloc (unsigned int size)
 }

 static PTR
-xrealloc (char *ptr, unsigned int size)
+xrealloc (char *ptr, size_t size)
 {
  PTR result = (PTR) realloc (ptr, size);
  if (result == NULL)