From ecdfc9aa701b4f406c239b6e163a45a5cc5b4a8c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Thomas=20Wei=C3=9Fschuh?= Date: Fri, 22 Sep 2023 19:53:24 +0200 Subject: [PATCH] more: avoid out-of-bound access MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The realloc() needs to happen before that memory is used. Signed-off-by: Thomas Weißschuh --- text-utils/more.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/text-utils/more.c b/text-utils/more.c index bdb34e0768..e25b0e24ce 100644 --- a/text-utils/more.c +++ b/text-utils/more.c @@ -356,11 +356,11 @@ static void env_argscan(struct more_control *ctl, const char *s) env_argv = xmalloc(sizeof(char *) * size); env_argv[0] = _("MORE environment variable"); /* program name */ for (tok = strtok_r(str, delim, &key); tok; tok = strtok_r(NULL, delim, &key)) { - env_argv[env_argc++] = tok; - if (size < env_argc) { + if (size == env_argc) { size *= 2; env_argv = xrealloc(env_argv, sizeof(char *) * size); } + env_argv[env_argc++] = tok; } argscan(ctl, env_argc, env_argv); -- 2.47.3