From 5bb81adac0aa0bc0ade7d5b8d6ed97e612a35eb0 Mon Sep 17 00:00:00 2001
From: Jim Meyering <jim@meyering.net>
Date: Thu, 10 Mar 2005 12:07:31 +0000
Subject: [PATCH] (long_time_expected_width): Use x2nrealloc, not alloca, so
 format string abuse cannot provoke stack overflow. (print_long_format):
 Likewise.

---
 src/ls.c | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/ls.c b/src/ls.c
index f9cf259..8aa1d46 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -3059,12 +3059,20 @@ long_time_expected_width (void)
 	  len = nstrftime (buf, bufsize, fmt, tm, 0, 0);
 	  if (len || ! *buf)
 	    break;
-	  buf = alloca (bufsize *= 2);
+	  if (buf == initbuf)
+	    {
+	      buf = NULL;
+	      bufsize *= 2;
+	    }
+	  buf = x2nrealloc (buf, &bufsize, sizeof *buf);
 	}
 
       width = mbsnwidth (buf, len, 0);
       if (width < 0)
 	width = 0;
+
+      if (buf != initbuf)
+	free (buf);
     }
 
   return width;
@@ -3349,8 +3357,16 @@ print_long_format (const struct fileinfo *f)
 			 when_local, 0, when_ns);
 	  if (s || ! *p)
 	    break;
-	  newbuf = alloca (bufsize *= 2);
-	  memcpy (newbuf, buf, p - buf);
+	  if (buf == init_bigbuf)
+	    {
+	      bufsize *= 2;
+	      newbuf = xmalloc (bufsize);
+	      memcpy (newbuf, buf, p - buf);
+	    }
+	  else
+	    {
+	      newbuf = x2nrealloc (buf, &bufsize, sizeof *buf);
+	    }
 	  p = newbuf + (p - buf);
 	  buf = newbuf;
 	}
@@ -3374,6 +3390,8 @@ print_long_format (const struct fileinfo *f)
     }
 
   DIRED_FPUTS (buf, stdout, p - buf);
+  if (buf != init_bigbuf)
+    free (buf);
   print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok,
 			   &dired_obstack);
 
-- 
2.7.4