Prevented a possible buffer overrun with -concat. Coverity CID 28782.

xorriso/opts_a_c.c

@@ -2235,6 +2235,7 @@ int Xorriso_option_concat(struct XorrisO *xorriso,
 {
  int ret, end_idx, optc= 0, progc= 0, iso_rr_start, prog_end_idx= -1;
  char **optv= NULL, **progv= NULL, *delimiter_mem= NULL;
+ char *delimiter= NULL;
 
  /* Must be done before any goto ex; */
  end_idx= Xorriso_end_idx(xorriso, argc, argv, *idx, 1);
@@ -2260,9 +2261,16 @@ int Xorriso_option_concat(struct XorrisO *xorriso,
      ret= 0; goto ex;
    }
 
+   ret= Xorriso_check_thing_len(xorriso, argv[*idx + 1],
+                                sizeof(xorriso->list_delimiter), "-concat",
+                                "Delimiter", 0);
+   if(ret <= 0)
+     goto ex;
    Xorriso_alloc_meM(delimiter_mem, char, strlen(xorriso->list_delimiter) + 1);
+   Xorriso_alloc_meM(delimiter, char, strlen(argv[*idx + 1]) + 1);
    strcpy(delimiter_mem, xorriso->list_delimiter);
-   strcpy(xorriso->list_delimiter, argv[*idx + 1]);
+   strcpy(delimiter, argv[*idx + 1]);
+   strcpy(xorriso->list_delimiter, delimiter);
    ret= Xorriso_opt_args(xorriso, "-concat pipe", argc , argv, *idx + 2,
                          &prog_end_idx, &progc, &progv, 4 | 128);
    strcpy(xorriso->list_delimiter, delimiter_mem);
@@ -2288,15 +2296,16 @@ int Xorriso_option_concat(struct XorrisO *xorriso,
                      progc, progv, optc, optv, 0);
 ex:;
  if(progv != NULL) {
-   if(delimiter_mem != NULL)
-      strcpy(xorriso->list_delimiter, argv[*idx + 2]);
+   if(delimiter_mem != NULL && delimiter != NULL)
+     strcpy(xorriso->list_delimiter, delimiter);
    Xorriso_opt_args(xorriso, "-concat", argc, argv, *idx + 2, &prog_end_idx,
                     &progc, &progv, 256);
-   if(delimiter_mem != NULL)
+   if(delimiter_mem != NULL && delimiter != NULL)
      strcpy(xorriso->list_delimiter, delimiter_mem);
  }
  Xorriso_opt_args(xorriso, "-concat", argc, argv, iso_rr_start, &end_idx,
                   &optc, &optv, 256);
+ Xorriso_free_meM(delimiter);
  Xorriso_free_meM(delimiter_mem);
  *idx= end_idx;
  return(ret); 

xorriso/parse_exec.c

@@ -445,12 +445,12 @@ int Xorriso_decode_load_adr(struct XorrisO *xorriso, char *cmd,
 }
 
  
-int Xorriso_check_name_len(struct XorrisO *xorriso, char *name, int size,
-                           char *cmd, int flag)
+int Xorriso_check_thing_len(struct XorrisO *xorriso, char *name, int size,
+                            char *cmd, char *thing, int flag)
 {
  if((int) strlen(name) >= size) {
    sprintf(xorriso->info_text,
-           "Name too long with option %s (%d > %d)", cmd,
+           "%s too long with option %s (%d > %d)", thing, cmd,
            (int) strlen(name), size - 1);
    Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "SORRY", 0);
    return(0);
@@ -459,6 +459,12 @@ int Xorriso_check_name_len(struct XorrisO *xorriso, char *name, int size,
 }
  
 
+int Xorriso_check_name_len(struct XorrisO *xorriso, char *name, int size,
+                           char *cmd, int flag)
+{
+ return Xorriso_check_thing_len(xorriso, name, size, cmd, "Name", flag);
+}
+
 
 /* @return <0 error , >=0 number of skipped dashes
 */

xorriso/parse_exec.h

@@ -55,6 +55,9 @@ int Xorriso_decode_load_adr(struct XorrisO *xorriso, char *cmd,
                             int *entity_code, char entity_id[81],
                             int flag);
 
+int Xorriso_check_thing_len(struct XorrisO *xorriso, char *name, int size,
+                            char *cmd, char *thing, int flag);
+
 int Xorriso_check_name_len(struct XorrisO *xorriso, char *name, int size,
                            char *cmd, int flag);