blob: a6d9f6b822330c38dc4abc493a86e8381e5db368 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
https://bugs.gentoo.org/370949
From 435bad87388821684bb3cd2a33c42787cf970017 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sun, 6 Nov 2011 00:44:57 -0400
Subject: [PATCH] path: fix 1 byte overflow with empty lists
If pap->pa_cnt is 0, then the local buffer is allocated as 1 byte,
but the code then writes two bytes to it '/' and '\0'.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---
common/path.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/common/path.c b/common/path.c
index 66320de..ca24f6a 100644
--- a/common/path.c
+++ b/common/path.c
@@ -285,6 +285,8 @@ pa_gen( pa_t *pap )
for ( i = 0 ; i < pap->pa_cnt ; i++ ) {
sz += strlen( pap->pa_array[ i ] ) + 1;
}
+ if ( i == 0 )
+ sz++;
sz++;
retp = ( char * )malloc( sz );
--
1.7.6.1
|
GitWeb
