| To: | xfs@xxxxxxxxxxx |
|---|---|
| Subject: | [PATCH] path: fix 1 byte overflow with empty lists |
| From: | Mike Frysinger <vapier@xxxxxxxxxx> |
| Date: | Sun, 6 Nov 2011 00:46:57 -0400 |
| Cc: | wkendall@xxxxxxx, aelder@xxxxxxx |
If pap->pa_cnt is 0, then the local buffer is allocated as 1 byte,
but the code then writes two bytes to it '/' and '\0'.
Signed-off-by: Mike Frysinger <vapier@xxxxxxxxxx>
---
common/path.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/common/path.c b/common/path.c
index 66320de..ca24f6a 100644
--- a/common/path.c
+++ b/common/path.c
@@ -285,6 +285,8 @@ pa_gen( pa_t *pap )
for ( i = 0 ; i < pap->pa_cnt ; i++ ) {
sz += strlen( pap->pa_array[ i ] ) + 1;
}
+ if ( i == 0 )
+ sz++;
sz++;
retp = ( char * )malloc( sz );
--
1.7.6.1
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Your mailbox has exceeded its limit, Matthew Clint |
|---|---|
| Next by Date: | Re: xfs_repair fails with corrupt dinode 17491441757, extent total = 1, nblocks = 0. This is a bug., Arkadiusz MiÅkiewicz |
| Previous by Thread: | Your mailbox has exceeded its limit, Matthew Clint |
| Next by Thread: | Re: [PATCH] path: fix 1 byte overflow with empty lists, Bill Kendall |
| Indexes: | [Date] [Thread] [Top] [All Lists] |