2 files changed, 9 insertions, 3 deletions

diff --git a/debian/changelog b/debian/changelog
index ec9b8b27d..222a2e1d6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -49,6 +49,7 @@ dpkg (1.18.5) UNRELEASED; urgency=medium
   * Rewrite the trigger deferred file parser from flex to manual. The format
     is very simple, and a simple hand-written parser is smaller and avoids a
     build dependency.
+  * Be more strict when parsing the COLUMNS environment variable in dpkg-query.
   * Portability:
     - Move DPKG_ADMINDIR environment variable name out from update-alternatives
       code, to make life easier for non-dpkg-based systems.
diff --git a/src/querycmd.c b/src/querycmd.c
index 22d635cdd..2494f72ef 100644
--- a/src/querycmd.c
+++ b/src/querycmd.c
@@ -32,6 +32,8 @@
 #if HAVE_LOCALE_H
 #include <locale.h>
 #endif
+#include <errno.h>
+#include <limits.h>
 #include <string.h>
 #include <fcntl.h>
 #include <dirent.h>
@@ -63,14 +65,17 @@ static int opt_loadavail = 0;
 
 static int getwidth(void) {
   int fd;
-  int res;
+  long res;
   struct winsize ws;
   const char *columns;
+  char *endptr;
 
   columns = getenv("COLUMNS");
   if (columns) {
-    res = atoi(columns);
-    if (res > 0)
+    errno = 0;
+    res = strtol(columns, &endptr, 10);
+    if (errno != 0 && columns != endptr && *endptr == '\0' &&
+        res > 0 && res < INT_MAX)
       return res;
   }