Fix unlikely buffer overrun when checkpointing

* src/checkpoint.c (format_checkpoint_string):
Don’t overrun buffer when word splitting.

diff --git a/src/checkpoint.c b/src/checkpoint.c
index e9ca35233344a4d1357053dcbeda6c73e6b77b90..00079ec219e07f145eb5df6d96d08ced512e679a 100644 (file)
--- a/src/checkpoint.c
+++ b/src/checkpoint.c
@@ -300,10 +300,13 @@ format_checkpoint_string (FILE *fp, size_t len,
                if (arg)
                  {
                    ws.ws_delim = ",";
-                   if (wordsplit (arg, &ws, WRDSF_NOVAR | WRDSF_NOCMD |
-                                          WRDSF_QUOTE | WRDSF_DELIM))
+                   if (wordsplit (arg, &ws,
+                                  (WRDSF_NOVAR | WRDSF_NOCMD
+                                   | WRDSF_QUOTE | WRDSF_DELIM)))
                      ERROR ((0, 0, _("cannot split string '%s': %s"),
                              arg, wordsplit_strerror (&ws)));
+                   else if (3 < ws.ws_wordc)
+                     ERROR ((0, 0, _("too many words in '%s'"), arg));
                    else
                      {
                        int i;