Fix a core dump when doing 'tosha -i'. (Maintainer timeout after about two

months.)

The problem is in resolve_extension().  strncpy() will only null-terminate
the destination string if it has enough room, according to the given
length.

In this implementation, there will never be enough room to null-terminate
the string, from what I can tell.  So if the memory in 'tmpstr' contains
non-nulls, you'll get a core-dump in the subsequent strcat().

1 files changed, 23 insertions, 0 deletions

diff --git a/audio/tosha/files/patch-aa b/audio/tosha/files/patch-aa
new file mode 100644
index 000000000000..6b13be7d9e5d
--- /dev/null
+++ b/audio/tosha/files/patch-aa
@@ -0,0 +1,23 @@
+*** tosha.c.orig	Fri Jan  1 16:57:49 1999
+--- tosha.c	Sun Dec 10 01:04:54 2000
+***************
+*** 240,247 ****
+  		return template;
+  	if (!(tmpstr = malloc(strlen(template) + strlen(formatspec->ext) - 1)))
+  		out_of_memory();
+! 	if ((prefix = cptr - template))
+  		strncpy (tmpstr, template, prefix);
+  	strcat (tmpstr + prefix, formatspec->ext);
+  	prefix += strlen(formatspec->ext);
+  	strcat (tmpstr + prefix, cptr + 2);
+--- 240,249 ----
+  		return template;
+  	if (!(tmpstr = malloc(strlen(template) + strlen(formatspec->ext) - 1)))
+  		out_of_memory();
+! 	if ((prefix = cptr - template)) {
+  		strncpy (tmpstr, template, prefix);
++ 		tmpstr[prefix] = '\0';
++ 	}
+  	strcat (tmpstr + prefix, formatspec->ext);
+  	prefix += strlen(formatspec->ext);
+  	strcat (tmpstr + prefix, cptr + 2);