* Check for truncation of output path.

diff --git a/riffx.c b/riffx.c
index a82c94873318c668c043474222aa12338ccc8af5..d71ae66bb4fa1729c52b1873aa5ee6b3f20c2de0 100644 (file)
--- a/riffx.c
+++ b/riffx.c
@@ -342,7 +342,7 @@ int main(int argc, char *argv[]) {
 
     /* Loop over remaining arguments as input files: */
     for (total = 0, i = argidx; i < argc; i++) {
-        int fd, cnt;
+        int fd, cnt, n;
         char fpfx[PATH_MAX], tfn[PATH_MAX], *x;
 
         fd = -1;
@@ -364,12 +364,17 @@ int main(int argc, char *argv[]) {
         if (cfg.use_basename) {
             x = strrchr(tfn, '/');
             x = x ? x : tfn;
-            snprintf(fpfx, sizeof fpfx, "%s/%03d_%s_", odir, i - argidx, x);
+            n = snprintf(fpfx, sizeof fpfx, "%s/%03d_%s_", odir, i - argidx, x);
         }
         else {
-            snprintf(fpfx, sizeof fpfx, "%s/%s/", odir, tfn);
-            mkdirp(fpfx, 0755);
+            n = snprintf(fpfx, sizeof fpfx, "%s/%s/", odir, tfn);
         }
+       if ( (size_t)n >= sizeof fpfx ) {
+           LOG("output directory path truncated: '%s'\n", fpfx);
+           exit(EXIT_FAILURE);
+       }
+        if (!cfg.use_basename)
+            mkdirp(fpfx, 0755);
         LOG("Dumping to %s...\n", fpfx);
         cnt = extract(fd, fpfx);
         close(fd);