From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 14 Oct 2010 07:12:23 +0000 (-0700)
Subject: bug#7213: [PATCH] sort: fix buffer overrun on 32-bit hosts when warning re obsolete... 
X-Git-Tag: v8.6~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b9ab1831f7b05883ed1797a5c71cf5c594b6124;p=thirdparty%2Fcoreutils.git

bug#7213: [PATCH] sort: fix buffer overrun on 32-bit hosts when warning re obsolete keys

* src/sort.c (key_warnings): Local buffer should be of size
INT_BUFSIZE_BOUND (uintmax_t), not INT_BUFSIZE_BOUND (sword).
This bug was discovered by running 'make check' on a 32-bit
Solaris 8 sparc host, using Sun cc.  I saw several other instances
of invoking umaxtostr on a buffer declared to be of size
INT_BUFSIZE_BOUND (VAR), and these instances should at some point
be replaced by INT_BUFSIZE_BOUND (uintmax_t) too, as that's a
less error-prone style.
---

diff --git a/src/sort.c b/src/sort.c
index c155edadbc..7e25f6a0b3 100644
--- a/src/sort.c
+++ b/src/sort.c
@@ -2320,7 +2320,7 @@ key_warnings (struct keyfield const *gkey, bool gkey_only)
         {
           size_t sword = key->sword;
           size_t eword = key->eword;
-          char tmp[INT_BUFSIZE_BOUND (sword)];
+          char tmp[INT_BUFSIZE_BOUND (uintmax_t)];
           /* obsolescent syntax +A.x -B.y is equivalent to:
                -k A+1.x+1,B.y   (when y = 0)
                -k A+1.x+1,B+1.y (when y > 0)  */