Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 17 Dec 2009 17:03:48 +0000 (UTC)
From:      Jaakko Heinonen <jh@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r200633 - head/usr.bin/uniq
Message-ID:  <200912171703.nBHH3mEn041893@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jh
Date: Thu Dec 17 17:03:47 2009
New Revision: 200633
URL: http://svn.freebsd.org/changeset/base/200633

Log:
  Sync getline() with comm(1):
  
   - Prevent overflowing of the buffer length variable in getline() by
     limiting its maximum value.
   - Exit if reallocf(3) fails in getline(). Failure was silently
     considered as end-of-file.
  
  Reviewed by:	ghelmer
  Approved by:	trasz (mentor)

Modified:
  head/usr.bin/uniq/uniq.c

Modified: head/usr.bin/uniq/uniq.c
==============================================================================
--- head/usr.bin/uniq/uniq.c	Thu Dec 17 16:59:19 2009	(r200632)
+++ head/usr.bin/uniq/uniq.c	Thu Dec 17 17:03:47 2009	(r200633)
@@ -52,6 +52,7 @@ static const char rcsid[] =
 #include <err.h>
 #include <limits.h>
 #include <locale.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -59,7 +60,8 @@ static const char rcsid[] =
 #include <wchar.h>
 #include <wctype.h>
 
-#define	MAXLINELEN	(LINE_MAX + 1)
+#define	INITLINELEN	(LINE_MAX + 1)
+#define	MAXLINELEN	((SIZE_MAX / sizeof(wchar_t)) / 2)
 
 int cflag, dflag, uflag;
 int numchars, numfields, repeats;
@@ -137,8 +139,8 @@ main (int argc, char *argv[])
 	if (argc > 1)
 		ofp = file(argv[1], "w");
 
- 	prevbuflen = MAXLINELEN;
- 	thisbuflen = MAXLINELEN;
+ 	prevbuflen = INITLINELEN;
+ 	thisbuflen = INITLINELEN;
  	prevline = malloc(prevbuflen * sizeof(*prevline));
  	thisline = malloc(thisbuflen * sizeof(*thisline));
 	if (prevline == NULL || thisline == NULL)
@@ -198,16 +200,19 @@ getline(wchar_t *buf, size_t *buflen, FI
 
 	bufpos = 0;
 	while ((ch = getwc(fp)) != WEOF && ch != '\n') {
-		if (bufpos + 2 >= *buflen) {
+		if (bufpos + 1 >= *buflen) {
 			*buflen = *buflen * 2;
+			if (*buflen > MAXLINELEN)
+				errx(1,
+				    "Maximum line buffer length (%zu) exceeded",
+				    MAXLINELEN);
 			buf = reallocf(buf, *buflen * sizeof(*buf));
 			if (buf == NULL)
-				return (NULL);
+				err(1, "reallocf");
 		}
 		buf[bufpos++] = ch;
 	}
-	if (bufpos + 1 != *buflen)
-		buf[bufpos] = '\0';
+	buf[bufpos] = '\0';
 
 	return (bufpos != 0 || ch == '\n' ? buf : NULL);
 }
@@ -305,13 +310,13 @@ wcsicoll(wchar_t *s1, wchar_t *s2)
 	new_l2_buflen = wcsicoll_l2_buflen;
 	while (new_l1_buflen < l1) {
 		if (new_l1_buflen == 0)
-			new_l1_buflen = MAXLINELEN;
+			new_l1_buflen = INITLINELEN;
 		else
 			new_l1_buflen *= 2;
 	}
 	while (new_l2_buflen < l2) {
 		if (new_l2_buflen == 0)
-			new_l2_buflen = MAXLINELEN;
+			new_l2_buflen = INITLINELEN;
 		else
 			new_l2_buflen *= 2;
 	}



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912171703.nBHH3mEn041893>