[patch] pig buffer overflow and logic error

Hi,

I know pig is obscure, but no reason not to give it some love :)

The buffer overflow happens if there is an input word of length N that starts
with more than 1024-N consonants.

The logic error is that a word that ends at EOF is not pigified
(echo -n foo | pig).

Have fun,
Marcus

[demime 1.01d removed an attachment of type text/x-patch which had a name of openbsd-pig.patch]

On Wed, Nov 11, 2009 at 6:33 AM, Marcus Brinkmann <
marcus.brinkmann@...> wrote:

> <snip>
> [demime 1.01d removed an attachment of type text/x-patch which had a name
> of openbsd-pig.patch]
>
>
The attachment was stripped, drop it inline

xSAPPYx wrote:
--- pig-orig.c 2009-11-11 15:25:53.000000000 +0100
+++ pig.c 2009-11-11 15:26:33.000000000 +0100
@@ -47,7 +47,7 @@
 {
  int len;
  int ch;
- char buf[1024];
+ char buf[2048];

  while ((ch = getopt(argc, argv, "")) != -1)
  switch(ch) {
@@ -60,7 +60,7 @@

  for (len = 0; (ch = getchar()) != EOF;) {
  if (isalpha(ch)) {
- if (len >= sizeof(buf))
+ if (len >= sizeof(buf) / 2)
  errx(1, "ate too much!");
  buf[len++] = ch;
  continue;
@@ -71,6 +71,8 @@
  }
  (void)putchar(ch);
  }
+        if (len != 0)
+                pigout(buf, len);
  exit(0);
 }