Hi,
p_filesize is of type long, but we assign an off_t. Before assignment,
check if it will fit. Also, check if fstat was successful or not.
Tobias
Index: pch.c
===================================================================
RCS file: /cvs/src/usr.bin/patch/pch.c,v
retrieving revision 1.41
diff -u -p -r1.41 pch.c
--- pch.c 26 Nov 2013 13:19:07 -0000 1.41
+++ pch.c 16 Nov 2014 20:21:13 -0000
@@ -112,7 +112,10 @@ open_patch_file(const char *filename)
pfp = fopen(filename, "r");
if (pfp == NULL)
pfatal("patch file %s not found", filename);
- fstat(fileno(pfp), &filestat);
+ if (fstat(fileno(pfp), &filestat))
+ pfatal("can't stat %s", filename);
+ if (filestat.st_size > LONG_MAX)
+ pfatal("patch file %s is too large", filename);
p_filesize = filestat.st_size;
next_intuit_at(0L, 1L); /* start at the beginning */
set_hunkmax();
