git: eab91d008165 - main - xargs: Prevent overflow in linelen calculation if nargs is large.

From: Dag-Erling Smørgrav <des_at_FreeBSD.org>
Date: Thu, 13 Jul 2023 21:37:26 UTC
The branch main has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=eab91d008165e7bbf8ca7b87eabe4dc8bf3da191

commit eab91d008165e7bbf8ca7b87eabe4dc8bf3da191
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2023-07-13 20:06:40 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2023-07-13 21:35:23 +0000

    xargs: Prevent overflow in linelen calculation if nargs is large.
    
    MFC after:      1 week
    Sponsored by:   Klara, Inc.
    Reviewed by:    kevans
    Differential Revision:  https://reviews.freebsd.org/D41023
---
 usr.bin/xargs/tests/regress.n2147483647.out | 1 +
 usr.bin/xargs/tests/regress.sh              | 1 +
 usr.bin/xargs/xargs.c                       | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/usr.bin/xargs/tests/regress.n2147483647.out b/usr.bin/xargs/tests/regress.n2147483647.out
new file mode 100644
index 000000000000..cc32a92a2199
--- /dev/null
+++ b/usr.bin/xargs/tests/regress.n2147483647.out
@@ -0,0 +1 @@
+quick brown fox jumped over the lazy dog
diff --git a/usr.bin/xargs/tests/regress.sh b/usr.bin/xargs/tests/regress.sh
index ed81d66bf2a6..fed3ab9c8461 100644
--- a/usr.bin/xargs/tests/regress.sh
+++ b/usr.bin/xargs/tests/regress.sh
@@ -5,6 +5,7 @@ echo 1..21
 REGRESSION_START($1)
 
 REGRESSION_TEST(`normal', `xargs echo The <${SRCDIR}/regress.in')
+REGRESSION_TEST(`n2147483647', `xargs -n2147483647 <${SRCDIR}/regress.in')
 REGRESSION_TEST(`I', `xargs -I% echo The % % % %% % % <${SRCDIR}/regress.in')
 REGRESSION_TEST(`J', `xargs -J% echo The % again. <${SRCDIR}/regress.in')
 REGRESSION_TEST(`L', `xargs -L3 echo <${SRCDIR}/regress.in')
diff --git a/usr.bin/xargs/xargs.c b/usr.bin/xargs/xargs.c
index e6f8619bb8d1..cd6b7da1a186 100644
--- a/usr.bin/xargs/xargs.c
+++ b/usr.bin/xargs/xargs.c
@@ -257,7 +257,7 @@ main(int argc, char *argv[])
 	 * the maximum arguments to be read from stdin and the trailing
 	 * NULL.
 	 */
-	linelen = 1 + argc + nargs + 1;
+	linelen = 1 + argc + (size_t)nargs + 1;
 	if ((av = bxp = malloc(linelen * sizeof(char *))) == NULL)
 		errx(1, "malloc failed");