Patched incorrect malloc() length calculation after strlen(), raising a

warning: '__builtin_sprintf' may write a terminating nul past the end of the destination [-Wformat-overflow=]
circulosmeos · Nov 6, 2023 · bb4a25d · bb4a25d
1 parent cf7a9f0
commit bb4a25d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/gztool.c b/gztool.c
@@ -4349,7 +4349,7 @@ local int action_create_index(
                     (char *)(file_name + strlen(file_name) - 3) )
                 ) {
                 // if gzip-file name is 'FILE.gz', output file name will be 'FILE'
-                char *output_filename = malloc( strlen(file_name) );
+                char *output_filename = malloc( strlen(file_name) + 1 );
                 sprintf(output_filename, "%s", file_name);
                 output_filename[strlen(file_name) - 3] = '\0';
                 printToStderr( VERBOSITY_NORMAL, "Decompressing to '%s'\n", output_filename );
@@ -6235,7 +6235,7 @@ int main(int argc, char **argv)
                              (char *)(file_name + strlen(file_name) - 3)
                             ) {
                             // if gzip-file name is 'FILE.gz', output file has been 'FILE'
-                            char *output_filename = malloc( strlen(file_name) );
+                            char *output_filename = malloc( strlen(file_name) + 1 );
                             sprintf(output_filename, "%s", file_name);
                             output_filename[strlen(file_name) - 3] = '\0';
                             if ( do_not_delete_original_file == 0 ) {