[PATCH] Fix a crash in column(1)

[LI Xin]

Hi,

Here is a patch that fixes a bug that causes column(1) to crash under
certain conditions.  This is a port of FreeBSD's revision 1.16, by iedowse:

iedowse     2006-09-19 22:11:43 UTC

  FreeBSD src repository

  Modified files:
    usr.bin/column       column.c
  Log:
  Add missing parentheses to fix a segmentation fault that is easily
  reproducable with `jot -s " " 400 1 | column -t'. The bug was present
  in the the original CSRG 'column -t' added in 1989.

  Revision  Changes    Path
  1.16      +3 -3      src/usr.bin/column/column.c

Cheers,
-- 
Xin LI <delphij at xxxxxxxxxxx>	http://www.delphij.net/
FreeBSD - The Power to Serve!

Index: column.c
===================================================================
RCS file: /archive/DragonFly-CVS/src/usr.bin/column/column.c,v
retrieving revision 1.5
diff -u -u -r1.5 column.c
--- column.c	16 Jan 2005 04:28:00 -0000	1.5
+++ column.c	8 Oct 2006 02:44:12 -0000
@@ -217,10 +217,10 @@
 		for (coloff = 0, p = *lp; (cols[coloff] = strtok(p, separator));
 		    p = NULL)
 			if (++coloff == maxcols) {
-				if (!(cols = realloc(cols, (u_int)maxcols +
-				    DEFCOLS * sizeof(char *))) ||
+				if (!(cols = realloc(cols, ((u_int)maxcols +
+				    DEFCOLS) * sizeof(char *))) ||
 				    !(lens = realloc(lens,
-				    (u_int)maxcols + DEFCOLS * sizeof(int))))
+				    ((u_int)maxcols + DEFCOLS) * sizeof(int))))
 					err(1, NULL);
 				memset((char *)lens + maxcols * sizeof(int),
 				    0, DEFCOLS * sizeof(int));

Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00000.pgp
Type: application/octet-stream
Size: 249 bytes
Desc: "Description: OpenPGP digital signature"
URL: <http://lists.dragonflybsd.org/pipermail/submit/attachments/20061007/5f108b96/attachment-0014.obj>