pinky: fix string size calculation

* src/pinky.c (count_ampersands): Simplify and return idx_t.
(create_fullname): Compute proper destination string size,
basically, by adding (ulen - 1) * ampersands rather than ulen *
(ampersands - 1).  Problem found on CHERI-64.

1 files changed, 9 insertions, 12 deletions

diff --git a/src/pinky.c b/src/pinky.c
index 8c872b2fe..82b2d842e 100644
--- a/src/pinky.c
+++ b/src/pinky.c
@@ -82,15 +82,12 @@ static struct option const longopts[] =
 /* Count and return the number of ampersands in STR.  */
 
 ATTRIBUTE_PURE
-static size_t
+static idx_t
 count_ampersands (char const *str)
 {
-  size_t count = 0;
-  do
-    {
-      if (*str == '&')
-        count++;
-    } while (*str++);
+  idx_t count = 0;
+  for (; *str; str++)
+    count += *str == '&';
   return count;
 }
 
@@ -103,16 +100,16 @@ count_ampersands (char const *str)
 static char *
 create_fullname (char const *gecos_name, char const *user_name)
 {
-  size_t rsize = strlen (gecos_name) + 1;
+  idx_t rsize = strlen (gecos_name) + 1;
   char *result;
   char *r;
-  size_t ampersands = count_ampersands (gecos_name);
+  idx_t ampersands = count_ampersands (gecos_name);
 
   if (ampersands != 0)
     {
-      size_t ulen = strlen (user_name);
-      size_t product;
-      if (ckd_mul (&product, ulen, ampersands - 1)
+      idx_t ulen = strlen (user_name);
+      ptrdiff_t product;
+      if (ckd_mul (&product, ulen - 1, ampersands)
           || ckd_add (&rsize, rsize, product))
         xalloc_die ();
     }