From d4075740044d14b42071007fcfbbd584f6168ba9 Mon Sep 17 00:00:00 2001
From: Marius Halden <marius.h@lden.org>
Date: Thu, 29 Oct 2015 01:38:28 +0100
Subject: Make sure argv doesn't overflow

---
 piper.c | 48 ++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 40 insertions(+), 8 deletions(-)

(limited to 'piper.c')

diff --git a/piper.c b/piper.c
index 7cfda3c..e93fad9 100644
--- a/piper.c
+++ b/piper.c
@@ -67,29 +67,47 @@ failx(int exit, const char *msg, ...)
 	va_end(args); // Not reached?
 }
 
+void
+grow_argv(char ***argv, size_t *len)
+{
+#define GROW_SIZE 32
+
+	char **ret = realloc(*argv, sizeof(char *) * (*len + GROW_SIZE));
+	if (ret == NULL)
+		err(1, "realloc");
+
+	*argv = ret;
+	*len += GROW_SIZE;
+
+#undef GROW_SIZE
+}
+
 void
 gen_argv(struct proc *proc)
 {
-	int i;
 	char *saveptr, *tmp, *cmd;
-	char **argv, **head;
+	char **argv = NULL, **head;
+
+	size_t len = 0, used = 0;
 
-	// XXX: Check for overflow in argv
-	argv = malloc(sizeof(char*) * 1024);
-	if (argv == NULL)
-		err(1, "malloc");
 
 	cmd = strdup(proc->cmd);
 	if (cmd == NULL)
 		err(1, "strdup");
 
+	grow_argv(&argv, &len);
 	head = argv;
-	for (i = 0; i < 1024; i++)
-		argv[i] = NULL;
 
 	tmp = strtok_r(cmd, " \t", &saveptr);
 	while (tmp != NULL) {
 		*(head++) = strdup(tmp);
+		used++;
+
+		if (used >= len) {
+			grow_argv(&argv, &len);
+			head = argv + used;
+		}
+
 		tmp = strtok_r(NULL, " \t", &saveptr);
 	}
 	*head = NULL;
@@ -219,6 +237,20 @@ start_missing_procs()
 	}
 }
 
+void
+print_argv()
+{
+	int i;
+	for (i = 0; i < NUM_PROCS; i++) {
+		char **tmp = procs[i].argv;
+
+		while (*tmp)
+			printf("%s ", *tmp++);
+
+		printf("\n");
+	}
+}
+
 int
 main(int argc, char **argv)
 {
-- 
cgit v1.2.3