From f4ebfa66c63f293895fb01561dfa7f389c28c35e Mon Sep 17 00:00:00 2001
From: bosk <bosk>
Date: Fri, 16 Jul 2010 13:01:15 +0000
Subject: [PATCH] Fix buffer overrun in concat().

---
 ChangeLog | 4 ++++
 misc.c    | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 12ef1c4..a4d0600 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-07-16  Boris Kolpackov  <boris@codesynthesis.com>
+
+	* misc.c (concat): Fix buffer overrun.
+
 2010-07-12  Paul Smith  <psmith@gnu.org>
 
 	Update copyrights to add 2010.
diff --git a/misc.c b/misc.c
index f4806ac..39c2835 100644
--- a/misc.c
+++ b/misc.c
@@ -202,6 +202,14 @@ concat (num, va_alist)
 
   VA_END (args);
 
+  /* Get some more memory if we don't have enough space for the
+     terminating '\0'.   */
+  if (ri == rlen)
+    {
+      rlen = (rlen ? rlen : 60) * 2;
+      result = xrealloc (result, rlen);
+    }
+
   result[ri] = '\0';
 
   return result;
-- 
2.11.4.GIT