0066-ps/sortformat.c: Handle large width in aix_format_parse().

Unlikely to ever happen, since it would imply a very large string, but
better safe than sorry.

---------------------------- adapted for newlib branch
. now uses 'xmalloc' vs. unchecked stdlib 'malloc'
. the member 'need' was removed from 'format_node'

Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
Qualys Security Advisory - committed by Craig Small
parent 281ac43e35
commit f212e552d7

View File

@ -22,6 +22,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h>
#include <sys/types.h>
@ -171,7 +172,7 @@ static const char *aix_format_parse(sf_node *sfn){
return _("AIX field descriptor processing bug");
}
} else {
int len;
size_t len;
len = strcspn(walk, "%");
memcpy(buf,walk,len);
if(0){
@ -182,7 +183,7 @@ double_percent:
buf[len] = '\0';
walk += len;
fnode = xmalloc(sizeof(format_node));
fnode->width = len;
fnode->width = len < INT_MAX ? len : INT_MAX;
fnode->name = strdup(buf);
fnode->pr = NULL; /* checked for */
fnode->vendor = AIX;