From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 14 Dec 2010 19:09:32 +0000 (-0800)
Subject: sort: fix very-unlikely buffer overrun when merging to input file
X-Git-Tag: v8.8~22
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=14ad7a25505ec3127cd1f07001d54d94f51f1748;p=platform%2Fupstream%2Fcoreutils.git

sort: fix very-unlikely buffer overrun when merging to input file

* src/sort.c (avoid_trashing_input): Fix a typo that could cause a
buffer overrun in theory.  In practice this is extremely unlikely,
as it requires running out of file descriptors in a small merge,
presumably because some other process is hogging all the OS's file
descriptors.
---

diff --git a/src/sort.c b/src/sort.c
index 63162ea..3321ddb 100644
--- a/src/sort.c
+++ b/src/sort.c
@@ -3613,9 +3613,8 @@ avoid_trashing_input (struct sortfile *files, size_t ntemps,
               files[i].name = temp;
               files[i].pid = pid;
 
-              if (i + num_merged < nfiles)
-                memmove (&files[i + 1], &files[i + num_merged],
-                         num_merged * sizeof *files);
+              memmove (&files[i + 1], &files[i + num_merged],
+                       (nfiles - (i + num_merged)) * sizeof *files);
               ntemps += 1;
               nfiles -= num_merged - 1;;
               i += num_merged;