[PATCH] path: fix 1 byte overflow with empty lists

[PATCH] path: fix 1 byte overflow with empty lists

[Mike Frysinger]

If pap->pa_cnt is 0, then the local buffer is allocated as 1 byte,
but the code then writes two bytes to it '/' and '\0'.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---
 common/path.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/common/path.c b/common/path.c
index 66320de..ca24f6a 100644
--- a/common/path.c
+++ b/common/path.c
@@ -285,6 +285,8 @@ pa_gen( pa_t *pap )
 	for ( i = 0 ; i < pap->pa_cnt ; i++ ) {
 		sz += strlen( pap->pa_array[ i ] ) + 1;
 	}
+	if ( i == 0 )
+		sz++;
 	sz++;
 
 	retp = ( char * )malloc( sz );
-- 
1.7.6.1

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs

Re: [PATCH] path: fix 1 byte overflow with empty lists

[Bill Kendall]

On 11/05/2011 11:46 PM, Mike Frysinger wrote:
> If pap->pa_cnt is 0, then the local buffer is allocated as 1 byte,
> but the code then writes two bytes to it '/' and '\0'.
>
> Signed-off-by: Mike Frysinger<vapier@gentoo.org>

Looks good,

Reviewed-by: Bill Kendall <wkendall@sgi.com>

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs