From 340bcf5d886c954e27b050527a42ccf414c972c5 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 8 May 2026 20:03:04 -0600
Subject: [PATCH] split: allocate space for NUL terminator in CSV mode

Found by Frank Denis
---
 run.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/run.c b/run.c
index a1fb7f0..296a554 100644
--- a/run.c
+++ b/run.c
@@ -1746,7 +1746,9 @@ Cell *split(Node **a, int nnn)	/* split(a[0], a[1], a[2]); a[3] is type */
 		pfa = NULL;
 
 	} else if (a[2] == NULL && CSV) {	/* CSV only if no explicit separator */
-		char *newt = (char *) malloc(strlen(s)); /* for building new string; reuse for each field */
+		char *newt = (char *) malloc(strlen(s) + 1); /* for building new string; reuse for each field */
+		if (newt == NULL)
+			FATAL("out of space in split");
 		for (;;) {
 			char *fr = newt;
 			n++;