Previously, if max was specified, od will call read with that size, potentially overflowing buf with data read from the file. --- od.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/od.c b/od.c index 9b83501..b5884e7 100644 --- a/od.c +++ b/od.c @@ -132,20 +132,19 @@ od(FILE *fp, char *fname, int last) size_t i; unsigned char buf[BUFSIZ]; static off_t addr; - size_t buflen; + size_t n; while (skip - addr > 0) { - buflen = fread(buf, 1, MIN(skip - addr, BUFSIZ), fp); - addr += buflen; + n = fread(buf, 1, MIN(skip - addr, sizeof(buf)), fp); + addr += n; if (feof(fp) || ferror(fp)) return; } if (!line) line = emalloc(linelen); - while ((buflen = fread(buf, 1, max >= 0 ? - max - (addr - skip) : BUFSIZ, fp))) { - for (i = 0; i < buflen; i++, addr++) { + while ((n = fread(buf, 1, MIN((size_t)max - (addr - skip), sizeof(buf)), fp))) { + for (i = 0; i < n; i++, addr++) { line[lineoff++] = buf[i]; if (lineoff == linelen) { printline(line, lineoff, addr - lineoff + 1); -- 2.11.0