Attachment #20697 for bug #54773

View | Details | Raw Unified | Return to bug 54773
Collapse All | Expand All

Lines 485-491 commit (int argc, char **argv) Link Here

(-)src/commit.c (-1 / +6 lines)
485	operate on, and only work with those files in the future.	485	operate on, and only work with those files in the future.
486	This saves time--we don't want to search the file system	486	This saves time--we don't want to search the file system
487	of the working directory twice. */	487	of the working directory twice. */
488	find_args.argv = xmalloc (find_args.argc * sizeof (char **));	488	if (size_overflow_p (xtimes (find_args.argc, sizeof (char **))))
		489	{
		490	find_args.argc = 0;
		491	return 0;
		492	}
		493	find_args.argv = xmalloc (xtimes (find_args.argc, sizeof (char **)));
489	find_args.argc = 0;	494	find_args.argc = 0;
490	walklist (find_args.ulist, copy_ulist, &find_args);	495	walklist (find_args.ulist, copy_ulist, &find_args);
491		496

Lines 43-48 Link Here

(-)src/cvs.h (+1 lines)
43	#include "exit.h"	43	#include "exit.h"
44	#include "vasnprintf.h"	44	#include "vasnprintf.h"
45	#include "xalloc.h"	45	#include "xalloc.h"
		46	#include "xsize.h"
46	/* end GNULIB headers */	47	/* end GNULIB headers */
47		48
48	#if ! STDC_HEADERS	49	#if ! STDC_HEADERS

Lines 930-937 void Link Here

(-)src/filesubr.c (-1 / +7 lines)
930	expand_wild (int argc, char *argv, int pargc, char ***pargv)	930	expand_wild (int argc, char *argv, int pargc, char ***pargv)
931	{	931	{
932	int i;	932	int i;
		933	if (size_overflow_p (xtimes (argc, sizeof (char *)))) {
		934	*pargc = 0;
		935	*pargv = NULL;
		936	error (0, 0, "expand_wild: too many arguments");
		937	return;
		938	}
933	*pargc = argc;	939	*pargc = argc;
934	pargv = (char ) xmalloc (argc sizeof (char *));	940	pargv = xmalloc (xtimes (argc, sizeof (char )));
935	for (i = 0; i < argc; ++i)	941	for (i = 0; i < argc; ++i)
936	(*pargv)[i] = xstrdup (argv[i]);	942	(*pargv)[i] = xstrdup (argv[i]);
937	}	943	}




		working = 1;
		break;
	    case 'X':			/* Undocumented debugging flag */
#ifdef DEBUG
		histfile = optarg;
#endif
		break;

	    case 'D':			/* Since specified date */
		if (*since_rev || *since_tag || *backto)
		{

{
    if (user_count == user_max)
    {
	if (size_overflow_p (xtimes (xsum (user_max, USER_INCREMENT),
	                             sizeof (char *))))
	{
	    error (0, 0, "save_user: too many users");
	    return;
	}
	user_max = xsum (user_max, USER_INCREMENT);
	user_list = xrealloc (user_list, xtimes (user_max, sizeof (char *)));
    }
    user_list[user_count++] = xstrdup (name);
}


    if (file_count == file_max)
    {
	if (size_overflow_p (xtimes (xsum (file_max, FILE_INCREMENT),
	                             sizeof (*fl))))
	{
	    error (0, 0, "save_file: too many files");
	    return;
	}
	file_max = xsum (file_max, FILE_INCREMENT);
	file_list = xrealloc (file_list, xtimes (file_max, sizeof (*fl)));
    }
    fl = &file_list[file_count++];
    fl->l_file = cp = xmalloc (strlen (dir) + strlen (name) + 2);

{
    if (mod_count == mod_max)
    {
	if (size_overflow_p (xtimes (xsum (mod_max, MODULE_INCREMENT),
	                             sizeof (char *))))
	{
	    error (0, 0, "save_module: too many modules");
	    return;
	}
	mod_max = xsum (mod_max, MODULE_INCREMENT);
	mod_list = xrealloc (mod_list, xtimes (mod_max, sizeof (char *)));
    }
    mod_list[mod_count++] = xstrdup (module);
}

Lines 886-892 serve_max_dotdot (char *arg) Link Here

(-)src/server.c (-3 / +22 lines)
886	int i;	886	int i;
887	char *p;	887	char *p;
888		888
889	if (lim < 0)	889	if (lim < 0 \|\| lim > 10000)
890	return;	890	return;
891	p = xmalloc (strlen (server_temp_dir) + 2 * lim + 10);	891	p = xmalloc (strlen (server_temp_dir) + 2 * lim + 10);
892	if (p == NULL)	892	if (p == NULL)
Lines 2011-2016 serve_notify (char *arg) Link Here
2011	{	2011	{
2012	char *cp;	2012	char *cp;
2013		2013
		2014	if (!data[0])
		2015	goto error;
		2016
2014	if (strchr (data, '+'))	2017	if (strchr (data, '+'))
2015	goto error;	2018	goto error;
2016		2019
Lines 2143-2148 serve_argument (char *arg) Link Here
2143	char *p;	2146	char *p;
2144		2147
2145	if (error_pending()) return;	2148	if (error_pending()) return;
		2149
		2150	if (argument_count >= 10000)
		2151	{
		2152	if (alloc_pending (80))
		2153	sprintf (pending_error_text,
		2154	"E Protocol error: too many arguments");
		2155	return;
		2156	}
2146		2157
2147	if (argument_vector_size <= argument_count)	2158	if (argument_vector_size <= argument_count)
2148	{	2159	{
Lines 2172-2177 serve_argumentx (char *arg) Link Here
2172	char *p;	2183	char *p;
2173		2184
2174	if (error_pending()) return;	2185	if (error_pending()) return;
		2186
		2187	if (argument_count <= 1)
		2188	{
		2189	if (alloc_pending (80))
		2190	sprintf (pending_error_text,
		2191	"E Protocol error: called argumentx without prior call to argument");
		2192	return;
		2193	}
2175		2194
2176	p = argument_vector[argument_count - 1];	2195	p = argument_vector[argument_count - 1];
2177	p = xrealloc (p, strlen (p) + 1 + strlen (arg) + 1);	2196	p = xrealloc (p, strlen (p) + 1 + strlen (arg) + 1);
Lines 2498-2504 check_command_valid_p (char *cmd_name) Link Here
2498	save some code here... -kff */	2517	save some code here... -kff */
2499		2518
2500	/* Chop newline by hand, for strcmp()'s sake. */	2519	/* Chop newline by hand, for strcmp()'s sake. */
2501	if (linebuf[num_red - 1] == '\n')	2520	if (num_red > 0 && linebuf[num_red - 1] == '\n')
2502	linebuf[num_red - 1] = '\0';	2521	linebuf[num_red - 1] = '\0';
2503		2522
2504	if (strcmp (linebuf, CVS_Username) == 0)	2523	if (strcmp (linebuf, CVS_Username) == 0)
Lines 2553-2559 check_command_valid_p (char *cmd_name) Link Here
2553	while ((num_red = getline (&linebuf, &linebuf_len, fp)) >= 0)	2572	while ((num_red = getline (&linebuf, &linebuf_len, fp)) >= 0)
2554	{	2573	{
2555	/* Chop newline by hand, for strcmp()'s sake. */	2574	/* Chop newline by hand, for strcmp()'s sake. */
2556	if (linebuf[num_red - 1] == '\n')	2575	if (num_red > 0 && linebuf[num_red - 1] == '\n')
2557	linebuf[num_red - 1] = '\0';	2576	linebuf[num_red - 1] = '\0';
2558		2577
2559	if (strcmp (linebuf, CVS_Username) == 0)	2578	if (strcmp (linebuf, CVS_Username) == 0)




#endif /* SERVER_SUPPORT || CLIENT_SUPPORT */

/*
 * Remove fmt str specifier other than %% or %s. And allow
 * only max_s %s specifiers
 */
wrap_clean_fmt_str(char *fmt, int max_s)
{
    while (*fmt) {
	if (fmt[0] == '%' && fmt[1])
	{
	    if (fmt[1] == '%') 
		fmt++;
	    else
		if (fmt[1] == 's' && max_s > 0)
		{
		    max_s--;
		    fmt++;
		} else 
		    *fmt = ' ';
	}
	fmt++;
    }
    return;
}

/*
 * Open a file and read lines, feeding each line to a line parser. Arrange
 * for keeping a temporary list of wrappers at the end, if the "temp"
 * argument is set.

    args = xmalloc (strlen (e->tocvsFilter)
		    + strlen (fileName)
		    + strlen (buf));

    wrap_clean_fmt_str(e->tocvsFilter, 2);
       e->tocvsFilter ourselves and giving a real error.  */
    sprintf (args, e->tocvsFilter, fileName, buf);
    run_setup (args);
    run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL|RUN_REALLY );


    args = xmalloc (strlen (e->fromcvsFilter)
		    + strlen (fileName));

    wrap_clean_fmt_str(e->fromcvsFilter, 1);
       e->fromcvsFilter ourselves and giving a real error.  */
    sprintf (args, e->fromcvsFilter, fileName);
    run_setup (args);
    run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL );

Return to bug 54773

Lines 412-419 history (int argc, char **argv) Link Here

(-)src/history.c (-9 / +27 lines)
412	working = 1;	412	working = 1;
413	break;	413	break;
414	case 'X': /* Undocumented debugging flag */	414	case 'X': /* Undocumented debugging flag */
		415	#ifdef DEBUG
415	histfile = optarg;	416	histfile = optarg;
		417	#endif
416	break;	418	break;
		419
417	case 'D': /* Since specified date */	420	case 'D': /* Since specified date */
418	if (since_rev \|\| since_tag \|\| *backto)	421	if (since_rev \|\| since_tag \|\| *backto)
419	{	422	{
Lines 898-906 save_user (char *name) Link Here
898	{	901	{
899	if (user_count == user_max)	902	if (user_count == user_max)
900	{	903	{
901	user_max += USER_INCREMENT;	904	if (size_overflow_p (xtimes (xsum (user_max, USER_INCREMENT),
902	user_list = (char *) xrealloc ((char ) user_list,	905	sizeof (char *))))
903	(int) user_max * sizeof (char *));	906	{
		907	error (0, 0, "save_user: too many users");
		908	return;
		909	}
		910	user_max = xsum (user_max, USER_INCREMENT);
		911	user_list = xrealloc (user_list, xtimes (user_max, sizeof (char *)));
904	}	912	}
905	user_list[user_count++] = xstrdup (name);	913	user_list[user_count++] = xstrdup (name);
906	}	914	}
Lines 925-933 save_file (char dir, char name, char * Link Here
925		933
926	if (file_count == file_max)	934	if (file_count == file_max)
927	{	935	{
928	file_max += FILE_INCREMENT;	936	if (size_overflow_p (xtimes (xsum (file_max, FILE_INCREMENT),
929	file_list = (struct file_list_str ) xrealloc ((char ) file_list,	937	sizeof (*fl))))
930	file_max * sizeof (*fl));	938	{
		939	error (0, 0, "save_file: too many files");
		940	return;
		941	}
		942	file_max = xsum (file_max, FILE_INCREMENT);
		943	file_list = xrealloc (file_list, xtimes (file_max, sizeof (*fl)));
931	}	944	}
932	fl = &file_list[file_count++];	945	fl = &file_list[file_count++];
933	fl->l_file = cp = xmalloc (strlen (dir) + strlen (name) + 2);	946	fl->l_file = cp = xmalloc (strlen (dir) + strlen (name) + 2);
Lines 965-973 save_module (char *module) Link Here
965	{	978	{
966	if (mod_count == mod_max)	979	if (mod_count == mod_max)
967	{	980	{
968	mod_max += MODULE_INCREMENT;	981	if (size_overflow_p (xtimes (xsum (mod_max, MODULE_INCREMENT),
969	mod_list = (char *) xrealloc ((char ) mod_list,	982	sizeof (char *))))
970	mod_max * sizeof (char *));	983	{
		984	error (0, 0, "save_module: too many modules");
		985	return;
		986	}
		987	mod_max = xsum (mod_max, MODULE_INCREMENT);
		988	mod_list = xrealloc (mod_list, xtimes (mod_max, sizeof (char *)));
971	}	989	}
972	mod_list[mod_count++] = xstrdup (module);	990	mod_list[mod_count++] = xstrdup (module);
973	}	991	}

Lines 235-240 wrap_unparse_rcs_options (char **line, i Link Here

(-)src/wrapper.c (-6 / +28 lines)
235	#endif /* SERVER_SUPPORT \|\| CLIENT_SUPPORT */	235	#endif /* SERVER_SUPPORT \|\| CLIENT_SUPPORT */
236		236
237	/*	237	/*
		238	* Remove fmt str specifier other than %% or %s. And allow
		239	* only max_s %s specifiers
		240	*/
		241	wrap_clean_fmt_str(char *fmt, int max_s)
		242	{
		243	while (*fmt) {
		244	if (fmt[0] == '%' && fmt[1])
		245	{
		246	if (fmt[1] == '%')
		247	fmt++;
		248	else
		249	if (fmt[1] == 's' && max_s > 0)
		250	{
		251	max_s--;
		252	fmt++;
		253	} else
		254	*fmt = ' ';
		255	}
		256	fmt++;
		257	}
		258	return;
		259	}
		260
		261	/*
238	* Open a file and read lines, feeding each line to a line parser. Arrange	262	* Open a file and read lines, feeding each line to a line parser. Arrange
239	* for keeping a temporary list of wrappers at the end, if the "temp"	263	* for keeping a temporary list of wrappers at the end, if the "temp"
240	* argument is set.	264	* argument is set.
Lines 540-548 wrap_tocvs_process_file(const char *file Link Here
540	args = xmalloc (strlen (e->tocvsFilter)	564	args = xmalloc (strlen (e->tocvsFilter)
541	+ strlen (fileName)	565	+ strlen (fileName)
542	+ strlen (buf));	566	+ strlen (buf));
543	/* FIXME: sprintf will blow up if the format string contains items other	567
544	than %s, or contains too many %s's. We should instead be parsing	568	wrap_clean_fmt_str(e->tocvsFilter, 2);
545	e->tocvsFilter ourselves and giving a real error. */
546	sprintf (args, e->tocvsFilter, fileName, buf);	569	sprintf (args, e->tocvsFilter, fileName, buf);
547	run_setup (args);	570	run_setup (args);
548	run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL\|RUN_REALLY );	571	run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL\|RUN_REALLY );
Lines 572-580 wrap_fromcvs_process_file(const char *fi Link Here
572		595
573	args = xmalloc (strlen (e->fromcvsFilter)	596	args = xmalloc (strlen (e->fromcvsFilter)
574	+ strlen (fileName));	597	+ strlen (fileName));
575	/* FIXME: sprintf will blow up if the format string contains items other	598
576	than %s, or contains too many %s's. We should instead be parsing	599	wrap_clean_fmt_str(e->fromcvsFilter, 1);
577	e->fromcvsFilter ourselves and giving a real error. */
578	sprintf (args, e->fromcvsFilter, fileName);	600	sprintf (args, e->fromcvsFilter, fileName);
579	run_setup (args);	601	run_setup (args);
580	run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL );	602	run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL );