xfs
[Top] [All Lists]

[PATCH] path: fix 1 byte overflow with empty lists

To: xfs@xxxxxxxxxxx
Subject: [PATCH] path: fix 1 byte overflow with empty lists
From: Mike Frysinger <vapier@xxxxxxxxxx>
Date: Sun, 6 Nov 2011 00:46:57 -0400
Cc: wkendall@xxxxxxx, aelder@xxxxxxx
If pap->pa_cnt is 0, then the local buffer is allocated as 1 byte,
but the code then writes two bytes to it '/' and '\0'.

Signed-off-by: Mike Frysinger <vapier@xxxxxxxxxx>
---
 common/path.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/common/path.c b/common/path.c
index 66320de..ca24f6a 100644
--- a/common/path.c
+++ b/common/path.c
@@ -285,6 +285,8 @@ pa_gen( pa_t *pap )
        for ( i = 0 ; i < pap->pa_cnt ; i++ ) {
                sz += strlen( pap->pa_array[ i ] ) + 1;
        }
+       if ( i == 0 )
+               sz++;
        sz++;
 
        retp = ( char * )malloc( sz );
-- 
1.7.6.1

<Prev in Thread] Current Thread [Next in Thread>