git: eab91d008165 - main - xargs: Prevent overflow in linelen calculation if nargs is large.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 13 Jul 2023 21:37:26 UTC
The branch main has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=eab91d008165e7bbf8ca7b87eabe4dc8bf3da191 commit eab91d008165e7bbf8ca7b87eabe4dc8bf3da191 Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2023-07-13 20:06:40 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2023-07-13 21:35:23 +0000 xargs: Prevent overflow in linelen calculation if nargs is large. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D41023 --- usr.bin/xargs/tests/regress.n2147483647.out | 1 + usr.bin/xargs/tests/regress.sh | 1 + usr.bin/xargs/xargs.c | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/usr.bin/xargs/tests/regress.n2147483647.out b/usr.bin/xargs/tests/regress.n2147483647.out new file mode 100644 index 000000000000..cc32a92a2199 --- /dev/null +++ b/usr.bin/xargs/tests/regress.n2147483647.out @@ -0,0 +1 @@ +quick brown fox jumped over the lazy dog diff --git a/usr.bin/xargs/tests/regress.sh b/usr.bin/xargs/tests/regress.sh index ed81d66bf2a6..fed3ab9c8461 100644 --- a/usr.bin/xargs/tests/regress.sh +++ b/usr.bin/xargs/tests/regress.sh @@ -5,6 +5,7 @@ echo 1..21 REGRESSION_START($1) REGRESSION_TEST(`normal', `xargs echo The <${SRCDIR}/regress.in') +REGRESSION_TEST(`n2147483647', `xargs -n2147483647 <${SRCDIR}/regress.in') REGRESSION_TEST(`I', `xargs -I% echo The % % % %% % % <${SRCDIR}/regress.in') REGRESSION_TEST(`J', `xargs -J% echo The % again. <${SRCDIR}/regress.in') REGRESSION_TEST(`L', `xargs -L3 echo <${SRCDIR}/regress.in') diff --git a/usr.bin/xargs/xargs.c b/usr.bin/xargs/xargs.c index e6f8619bb8d1..cd6b7da1a186 100644 --- a/usr.bin/xargs/xargs.c +++ b/usr.bin/xargs/xargs.c @@ -257,7 +257,7 @@ main(int argc, char *argv[]) * the maximum arguments to be read from stdin and the trailing * NULL. */ - linelen = 1 + argc + nargs + 1; + linelen = 1 + argc + (size_t)nargs + 1; if ((av = bxp = malloc(linelen * sizeof(char *))) == NULL) errx(1, "malloc failed");