From 511de5b1430ea974b3dc6fcb2af28d2e10b2b25e Mon Sep 17 00:00:00 2001 From: Rick Macklem Date: Sat, 10 May 2025 07:44:38 -0700 Subject: [PATCH] runat.c: Add an explicit check for snprintf() failure The check for "outsiz" too large was probably sufficient to catch failures, since it was cast to an unsigned (size_t). However, it seems appropriate to add an explicit check for a failed case (returning -1). Discussed with: oshogbo Fixes: 0660de8172cd ("runat: Add a runat(1) utility similar to the Solaris one") --- usr.bin/runat/runat.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr.bin/runat/runat.c b/usr.bin/runat/runat.c index 66f4ebadd18..99437f3472f 100644 --- a/usr.bin/runat/runat.c +++ b/usr.bin/runat/runat.c @@ -52,6 +52,8 @@ main(int argc, char *argv[]) pos = 0; for (i = 1; i < argc; i++) { outsiz = snprintf(&buf[pos], siz, "%s ", argv[i]); + if (outsiz <= 0) + errx(1, "snprintf failed: returned %d", outsiz); if ((size_t)outsiz > siz) errx(1, "Arguments too large"); pos += outsiz;