From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sat, 11 Nov 2023 08:17:11 +0000 (-0800)
Subject: pinky: fix string size calculation
X-Git-Tag: v9.5~109
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e0d7787e67d4f732298d99eee772fc2631ddfb8;p=thirdparty%2Fcoreutils.git

pinky: fix string size calculation

* src/pinky.c (count_ampersands): Simplify and return idx_t.
(create_fullname): Compute proper destination string size,
basically, by adding (ulen - 1) * ampersands rather than ulen *
(ampersands - 1).  Problem found on CHERI-64.
---

diff --git a/src/pinky.c b/src/pinky.c
index 8c872b2fe1..82b2d842e5 100644
--- a/src/pinky.c
+++ b/src/pinky.c
@@ -82,15 +82,12 @@ static struct option const longopts[] =
 /* Count and return the number of ampersands in STR.  */
 
 ATTRIBUTE_PURE
-static size_t
+static idx_t
 count_ampersands (char const *str)
 {
-  size_t count = 0;
-  do
-    {
-      if (*str == '&')
-        count++;
-    } while (*str++);
+  idx_t count = 0;
+  for (; *str; str++)
+    count += *str == '&';
   return count;
 }
 
@@ -103,16 +100,16 @@ count_ampersands (char const *str)
 static char *
 create_fullname (char const *gecos_name, char const *user_name)
 {
-  size_t rsize = strlen (gecos_name) + 1;
+  idx_t rsize = strlen (gecos_name) + 1;
   char *result;
   char *r;
-  size_t ampersands = count_ampersands (gecos_name);
+  idx_t ampersands = count_ampersands (gecos_name);
 
   if (ampersands != 0)
     {
-      size_t ulen = strlen (user_name);
-      size_t product;
-      if (ckd_mul (&product, ulen, ampersands - 1)
+      idx_t ulen = strlen (user_name);
+      ptrdiff_t product;
+      if (ckd_mul (&product, ulen - 1, ampersands)
           || ckd_add (&rsize, rsize, product))
         xalloc_die ();
     }