From a6df7afc605079df7d85318846a522ef64aaa44d Mon Sep 17 00:00:00 2001
From: "Andrew J. Schorr" <aschorr@telemetry-investments.com>
Date: Tue, 3 May 2016 12:31:52 -0400
Subject: Fix sprintf memory leak by using realloc to shrink buffer to the
 proper size.

---
 builtin.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'builtin.c')

diff --git a/builtin.c b/builtin.c
index 108bcb89..d7101c26 100644
--- a/builtin.c
+++ b/builtin.c
@@ -660,7 +660,7 @@ format_tree(
 	int i, nc;
 	bool toofew = false;
 	char *obuf, *obufout;
-	size_t osiz, ofre;
+	size_t osiz, ofre, olen_final;
 	const char *chbuf;
 	const char *s0, *s1;
 	int cs1;
@@ -1572,7 +1572,10 @@ mpf1:
 			_("too many arguments supplied for format string"));
 	}
 	bchunk(s0, s1 - s0);
-	r = make_str_node(obuf, obufout - obuf, ALREADY_MALLOCED);
+	olen_final = obufout - obuf;
+	if (ofre > 0)
+		erealloc(obuf, char *, olen_final + 2, "format_tree");
+	r = make_str_node(obuf, olen_final, ALREADY_MALLOCED);
 	obuf = NULL;
 out:
 	{
-- 
cgit v1.2.3