stndup will copy *up to* the size parameter, not allocate a buffer of that size, so the buffer is not necessarily large enough to fit the ".old" extension. Caught with glibc's MALLOC_CHECK_=3. Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
@@ -814,7 +814,8 @@ next:
fclose(out);
if (*tmpname) {
- dirname = strndup(basename, strlen(basename) + 4);
+ dirname = malloc(strlen(basename) + 4 + 1);
+ strcpy(dirname, basename);
strcat(dirname, ".old");
rename(newname, dirname);
free(dirname);
Ben Boeckel