more: avoid out-of-bound access

The realloc() needs to happen before that memory is used.

Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>

diff --git a/text-utils/more.c b/text-utils/more.c
index bdb34e0768c73f3ca7091d9cd654b19906d637e5..e25b0e24ce0d3dea115f407b71d1a228bdb75d17 100644 (file)
--- a/text-utils/more.c
+++ b/text-utils/more.c
@@ -356,11 +356,11 @@ static void env_argscan(struct more_control *ctl, const char *s)
        env_argv = xmalloc(sizeof(char *) * size);
        env_argv[0] = _("MORE environment variable");   /* program name */
        for (tok = strtok_r(str, delim, &key); tok; tok = strtok_r(NULL, delim, &key)) {
-               env_argv[env_argc++] = tok;
-               if (size < env_argc) {
+               if (size == env_argc) {
                        size *= 2;
                        env_argv = xrealloc(env_argv, sizeof(char *) * size);
                }
+               env_argv[env_argc++] = tok;
        }
 
        argscan(ctl, env_argc, env_argv);