From febf70b73ffa2a61117e9bade6400d19e6f49344 Mon Sep 17 00:00:00 2001
From: Jim Meyering <jim@meyering.net>
Date: Sat, 2 Nov 1996 03:47:04 +0000
Subject: [PATCH] [!ENABLE_ASSERTIONS]: Guard NDEBUG definition. (checkfp): Fix
 off-by-one error that resulted in writing one byte beyond the end of a
 malloc'd buffer.  It caused `sort -c' to segfault on Linux systems having a
 relatively recent libc.  Before, running the command, perl -e "print 'x' x
 30, \"\n\";"|sort -c would provoke the memory overrun (though not necessarily
 the failure). Add an assertion.

---
 src/sort.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/sort.c b/src/sort.c
index 9db737f684..ade06f2f05 100644
--- a/src/sort.c
+++ b/src/sort.c
@@ -27,7 +27,9 @@
 #include <sys/types.h>
 #include <signal.h>
 #include <stdio.h>
-#define NDEBUG 1
+#ifndef ENABLE_ASSERTIONS
+# define NDEBUG 1
+#endif
 #include <assert.h>
 #include "system.h"
 #include "long-options.h"
@@ -1247,12 +1249,16 @@ checkfp (FILE *fp)
 
       /* Save the last line of the buffer and refill the buffer. */
       prev_line = lines.lines + (lines.used - 1);
-      if (prev_line->length > alloc)
+      if (prev_line->length + 1 > alloc)
+	{
+	  do
 	{
-	  while (prev_line->length + 1 > alloc)
 	    alloc *= 2;
+	    }
+	  while (alloc < prev_line->length + 1);
 	  temp.text = xrealloc (temp.text, alloc);
 	}
+      assert (prev_line->length + 1 <= alloc);
       memcpy (temp.text, prev_line->text, prev_line->length + 1);
       temp.length = prev_line->length;
       temp.keybeg = temp.text + (prev_line->keybeg - prev_line->text);
-- 
2.47.2