From ad8e17a968aa7cbecf5f64fefe7ee2741d95fc99 Mon Sep 17 00:00:00 2001
From: Jonas 'Sortie' Termansen <sortie@maxsi.org>
Date: Fri, 15 Jan 2021 21:06:26 +0100
Subject: [PATCH] Fix sysupgrade(8) buffer overflowing on more than 16
 installations.

---
 sysinstall/sysupgrade.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/sysinstall/sysupgrade.c b/sysinstall/sysupgrade.c
index 0d036f24..799235f7 100644
--- a/sysinstall/sysupgrade.c
+++ b/sysinstall/sysupgrade.c
@@ -80,15 +80,15 @@ static bool add_installation(struct blockdevice* bdev,
 {
 	if ( installations_count == installations_length )
 	{
-			size_t new_length = installations_length;
-			if ( !new_length )
-				new_length = 16;
+			size_t length = installations_length;
+			if ( !length )
+				length = 8;
 			struct installation* new_installations = (struct installation*)
-				reallocarray(NULL, new_length, sizeof(struct installation));
+				reallocarray(NULL, length, 2 * sizeof(struct installation));
 			if ( !new_installations )
 				return false;
 			installations = new_installations;
-			installations_length = new_length;
+			installations_length = 2 * length;
 	}
 	struct installation* installation = &installations[installations_count++];
 	installation->bdev = bdev;