From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sat, 3 Aug 2024 18:52:17 +0000 (-0700)
Subject: Fix unlikely buffer overrun when checkpointing
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=9cef4d5495837b30d955f467f2e9c7c4066764c3;p=thirdparty%2Ftar.git

Fix unlikely buffer overrun when checkpointing

* src/checkpoint.c (format_checkpoint_string):
Don’t overrun buffer when word splitting.
---

diff --git a/src/checkpoint.c b/src/checkpoint.c
index e9ca3523..00079ec2 100644
--- a/src/checkpoint.c
+++ b/src/checkpoint.c
@@ -300,10 +300,13 @@ format_checkpoint_string (FILE *fp, size_t len,
 		if (arg)
 		  {
 		    ws.ws_delim = ",";
-		    if (wordsplit (arg, &ws, WRDSF_NOVAR | WRDSF_NOCMD |
-				           WRDSF_QUOTE | WRDSF_DELIM))
+		    if (wordsplit (arg, &ws,
+				   (WRDSF_NOVAR | WRDSF_NOCMD
+				    | WRDSF_QUOTE | WRDSF_DELIM)))
 		      ERROR ((0, 0, _("cannot split string '%s': %s"),
 			      arg, wordsplit_strerror (&ws)));
+		    else if (3 < ws.ws_wordc)
+		      ERROR ((0, 0, _("too many words in '%s'"), arg));
 		    else
 		      {
 			int i;