From b6e9c2d966dc2b7a293b2e24484ec4209e427f96 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?=
 <grubba@grubba.org>
Date: Mon, 16 Apr 2018 17:38:55 +0200
Subject: [PATCH] Stdio [NT]: Fixed single byte buffer overrun in mv() on NT.

A NUL-terminator was written outside a malloced buffer. This caused
intermittent crashes after unusual use of mv().

Fixes the crash in [PIKE-90].
---
 .gitattributes            | 1 -
 src/modules/files/efuns.c | 5 +++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitattributes b/.gitattributes
index cf1989e08a..03f5a2deb4 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -690,7 +690,6 @@ testfont binary
 /src/modules/files/acconfig.h foreign_ident
 /src/modules/files/configure.in foreign_ident
 /src/modules/files/datagram.c foreign_ident
-/src/modules/files/efuns.c foreign_ident
 /src/modules/files/file.c foreign_ident
 /src/modules/files/file.h foreign_ident
 /src/modules/files/file_functions.h foreign_ident
diff --git a/src/modules/files/efuns.c b/src/modules/files/efuns.c
index a34c8a50e3..c69b5d5245 100644
--- a/src/modules/files/efuns.c
+++ b/src/modules/files/efuns.c
@@ -2,7 +2,7 @@
 || This file is part of Pike. For copyright information see COPYRIGHT.
 || Pike is distributed under GPL, LGPL and MPL. See the file COPYING
 || for more information.
-|| $Id: efuns.c,v 1.154 2004/11/20 16:19:30 nilsson Exp $
+|| $Id$
 */
 
 #include "global.h"
@@ -1312,7 +1312,8 @@ void f_mv(INT32 args)
   }
 
   else {
-    char *s = malloc (str2->len + 2), *p;
+    /* NB: 3 == 2 bytes temporary suffix and 1 byte NUL-terminator. */
+    char *s = malloc (str2->len + 3), *p;
     if (!s) {
       i = movefileex ? ERROR_NOT_ENOUGH_MEMORY : ENOMEM;
       goto no_nt_rename_kludge;
-- 
GitLab