31b890
From 54e3d1414e1a031d6f635f8fcbe273eecfd65560 Mon Sep 17 00:00:00 2001
31b890
From: Karel Zak <kzak@redhat.com>
31b890
Date: Tue, 5 Feb 2019 12:06:00 +0100
31b890
Subject: [PATCH 39/40] col: make flush_line() a little bit robust
31b890
31b890
The code is horrible. The core of the problem are signed integers
31b890
and no check for the limits.
31b890
31b890
This patch fixes c->c_column = cur_col; where c_column is "short"
31b890
and "cur_col" is int. Let's use "int" for all the variables. It's
31b890
really not perfect as for bigger lines it can segfault again...
31b890
31b890
The patch also removes some unnecessary static variables.
31b890
31b890
Upstream: http://github.com/karelzak/util-linux/commit/004356f05018e3bfcaddd2652846659a4d8481f3
31b890
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1803753
31b890
Addresses: https://github.com/karelzak/util-linux/issues/749
31b890
Signed-off-by: Karel Zak <kzak@redhat.com>
31b890
---
31b890
 text-utils/col.c | 11 ++++++-----
31b890
 1 file changed, 6 insertions(+), 5 deletions(-)
31b890
31b890
diff --git a/text-utils/col.c b/text-utils/col.c
31b890
index 3d9e15d26..c2f8db64d 100644
31b890
--- a/text-utils/col.c
31b890
+++ b/text-utils/col.c
31b890
@@ -88,7 +88,7 @@ typedef char CSET;
31b890
 typedef struct char_str {
31b890
 #define	CS_NORMAL	1
31b890
 #define	CS_ALTERNATE	2
31b890
-	short		c_column;	/* column character is in */
31b890
+	int		c_column;	/* column character is in */
31b890
 	CSET		c_set;		/* character set (currently only 2) */
31b890
 	wchar_t		c_char;		/* character in question */
31b890
 	int		c_width;	/* character width */
31b890
@@ -476,8 +476,9 @@ void flush_line(LINE *l)
31b890
 	nchars = l->l_line_len;
31b890
 
31b890
 	if (l->l_needs_sort) {
31b890
-		static CHAR *sorted;
31b890
-		static int count_size, *count, i, save, sorted_size, tot;
31b890
+		static CHAR *sorted = NULL;
31b890
+		static int count_size = 0, *count = NULL, sorted_size = 0;
31b890
+		int i, tot;
31b890
 
31b890
 		/*
31b890
 		 * Do an O(n) sort on l->l_line by column being careful to
31b890
@@ -494,7 +495,7 @@ void flush_line(LINE *l)
31b890
 			    (unsigned)sizeof(int) * count_size);
31b890
 		}
31b890
 		memset(count, 0, sizeof(int) * l->l_max_col + 1);
31b890
-		for (i = nchars, c = l->l_line; --i >= 0; c++)
31b890
+		for (i = nchars, c = l->l_line; c && --i >= 0; c++)
31b890
 			count[c->c_column]++;
31b890
 
31b890
 		/*
31b890
@@ -502,7 +503,7 @@ void flush_line(LINE *l)
31b890
 		 * indices into new line.
31b890
 		 */
31b890
 		for (tot = 0, i = 0; i <= l->l_max_col; i++) {
31b890
-			save = count[i];
31b890
+			int save = count[i];
31b890
 			count[i] = tot;
31b890
 			tot += save;
31b890
 		}
31b890
-- 
31b890
2.25.4
31b890