apply buffer overflow patch

Comment out a section of code that has no usefulness on Unix-like
systems, and will crash if fed a comment string exceeding 64K.  Per
report from Lubomir Kundrak, RH bug #226965

diff --git a/wrjpgcom.c b/wrjpgcom.c
index 8c04b05..b7b5a1a 100644 (file)
--- a/wrjpgcom.c
+++ b/wrjpgcom.c
@@ -446,6 +446,8 @@ main (int argc, char **argv)
     } else if (keymatch(arg, "comment", 1)) {
       if (++argn >= argc) usage();
       comment_arg = argv[argn];
+#if 0
+#error "There is a buffer overflow in the code below"
       /* If the comment text starts with '"', then we are probably running
        * under MS-DOG and must parse out the quoted string ourselves.  Sigh.
        */
@@ -466,6 +468,7 @@ main (int argc, char **argv)
          strcat(comment_arg, argv[argn]);
        }
       }
+#endif
       comment_length = (unsigned int) strlen(comment_arg);
     } else
       usage();