From fc0ba192891879cba64cd58e66c84b06a8d58481 Mon Sep 17 00:00:00 2001 From: Thomas Schmitt Date: Thu, 5 Nov 2015 18:07:45 +0000 Subject: [PATCH] Closed a gap for line buffer overflow with man page production. Coverity CID 28784. --- xorriso/make_xorriso_1.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xorriso/make_xorriso_1.c b/xorriso/make_xorriso_1.c index 51bef86a..c92866d6 100644 --- a/xorriso/make_xorriso_1.c +++ b/xorriso/make_xorriso_1.c @@ -378,6 +378,7 @@ int Mx1_convert(struct Mx1 *m, char line_in[256], char line_out[256], int flag) strcpy(buf, "\\fB"); if(word[0] == '-') { if(l >= 255) { +length_overflow:; Mx1_report_error(m, "Line length overflow while converting @item", 0); return(-1); } @@ -390,8 +391,10 @@ int Mx1_convert(struct Mx1 *m, char line_in[256], char line_out[256], int flag) ret= Mx1_substitute(m, buf, line_out, raw, strlen(buf), 0); if(ret <= 0) return(-1); - strcpy(buf, line_out); + if(strlen(line_out) + 3 + strlen(remainder) > 255) + goto length_overflow; + strcpy(buf, line_out); strcat(buf, "\\fR"); raw= strlen(buf); strcat(buf, remainder);