X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=mg.c;h=cab0e5973ef292c9bbf92bf49f313b613f1e980d;hb=ba51d756f9ffaa3939ada6861397f27ce3967220;hp=7d8cd046f831030d24edd1bb1b5ab167d96a0624;hpb=46fc3d4c69a0adf236bfcba70daee7fd597cf30d;p=p5sagit%2Fp5-mst-13.2.git

diff --git a/mg.c b/mg.c
index 7d8cd04..cab0e59 100644
--- a/mg.c
+++ b/mg.c
@@ -531,18 +531,18 @@ MAGIC *mg;
 	break;
     case '(':
 	sv_setiv(sv, (IV)gid);
-	sv_setpvf(sv, "%vd", (IV)gid);
+	sv_setpvf(sv, "%Vd", (IV)gid);
 	goto add_groups;
     case ')':
 	sv_setiv(sv, (IV)egid);
-	sv_setpvf(sv, "%vd", (IV)egid);
+	sv_setpvf(sv, "%Vd", (IV)egid);
       add_groups:
 #ifdef HAS_GETGROUPS
 	{
 	    Groups_t gary[NGROUPS];
 	    i = getgroups(NGROUPS,gary);
 	    while (--i >= 0)
-		sv_catpvf(sv, " %vd", (IV)gary[i]);
+		sv_catpvf(sv, " %Vd", (IV)gary[i]);
 	}
 #endif
 	SvIOK_on(sv);	/* what a wonderful hack! */
@@ -627,9 +627,11 @@ MAGIC* mg;
 
 	    while (s < strend) {
 		struct stat st;
-		s = cpytill(tokenbuf, s, strend, ':', &i);
+		s = delimcpy(tokenbuf, tokenbuf + sizeof tokenbuf,
+			     s, strend, ':', &i);
 		s++;
-		if (*tokenbuf != '/'
+		if (i >= sizeof tokenbuf   /* too long -- assume the worst */
+		      || *tokenbuf != '/'
 		      || (Stat(tokenbuf, &st) == 0 && (st.st_mode & 2)) ) {
 		    MgTAINTEDDIR_on(mg);
 		    return 0;