From fc0ba192891879cba64cd58e66c84b06a8d58481 Mon Sep 17 00:00:00 2001
From: Thomas Schmitt <scdbackup@gmx.net>
Date: Thu, 5 Nov 2015 18:07:45 +0000
Subject: [PATCH] Closed a gap for line buffer overflow with man page
 production. Coverity CID 28784.

---
 xorriso/make_xorriso_1.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/xorriso/make_xorriso_1.c b/xorriso/make_xorriso_1.c
index 51bef86a..c92866d6 100644
--- a/xorriso/make_xorriso_1.c
+++ b/xorriso/make_xorriso_1.c
@@ -378,6 +378,7 @@ int Mx1_convert(struct Mx1 *m, char line_in[256], char line_out[256], int flag)
    strcpy(buf, "\\fB");
    if(word[0] == '-') {
      if(l >= 255) {
+length_overflow:;
        Mx1_report_error(m, "Line length overflow while converting @item", 0);
        return(-1);
      }
@@ -390,8 +391,10 @@ int Mx1_convert(struct Mx1 *m, char line_in[256], char line_out[256], int flag)
    ret= Mx1_substitute(m, buf, line_out, raw, strlen(buf), 0);
    if(ret <= 0)
      return(-1);
-   strcpy(buf, line_out);
 
+   if(strlen(line_out) + 3 + strlen(remainder) > 255)
+     goto length_overflow;
+   strcpy(buf, line_out);
    strcat(buf, "\\fR");
    raw= strlen(buf);
    strcat(buf, remainder);