[PATCH] column: avoid memory overrun and/or use of uninitialized buffer

util-linux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] column: avoid memory overrun and/or use of uninitialized buffer
@ 2011-11-16 19:10 Jim Meyering
  2011-11-16 22:54 ` Karel Zak
  0 siblings, 1 reply; 2+ messages in thread
From: Jim Meyering @ 2011-11-16 19:10 UTC (permalink / raw)
  To: List util-linux-ng


* text-utils/column.c (maketbl): Use the right starting point
and the right length when zeroing new memory after xrealloc.
---
Hi,

I ran coverity on the latest from git and it caught part of this (the
erroneous offset-by-sizeof).  I noticed that the "int" should be size_t
or -- better -- *lens.  With the latter, there is no risk that
a type change will fail to propagate to this sizeof stmt.

 text-utils/column.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/text-utils/column.c b/text-utils/column.c
index f8fd350..79d2842 100644
--- a/text-utils/column.c
+++ b/text-utils/column.c
@@ -305,8 +305,8 @@ static void maketbl(wchar_t **list, int entries, wchar_t *separator)
 				cols = xrealloc(cols, maxcols * sizeof(wchar_t *));
 				lens = xrealloc(lens, maxcols * sizeof(ssize_t));
 				/* zero fill only new memory */
-				memset(lens + ((maxcols - DEFCOLS) * sizeof(ssize_t)), 0,
-				       DEFCOLS * sizeof(int));
+				memset(lens + (maxcols - DEFCOLS), 0,
+				       DEFCOLS * sizeof(*lens));
 			}
 			p = NULL;
 		}
--
1.7.8.rc2

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] column: avoid memory overrun and/or use of uninitialized buffer
  2011-11-16 19:10 [PATCH] column: avoid memory overrun and/or use of uninitialized buffer Jim Meyering
@ 2011-11-16 22:54 ` Karel Zak
  0 siblings, 0 replies; 2+ messages in thread
From: Karel Zak @ 2011-11-16 22:54 UTC (permalink / raw)
  To: Jim Meyering; +Cc: List util-linux-ng

On Wed, Nov 16, 2011 at 08:10:39PM +0100, Jim Meyering wrote:
>  text-utils/column.c |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/text-utils/column.c b/text-utils/column.c
> index f8fd350..79d2842 100644
> --- a/text-utils/column.c
> +++ b/text-utils/column.c
> @@ -305,8 +305,8 @@ static void maketbl(wchar_t **list, int entries, wchar_t *separator)
>  				cols = xrealloc(cols, maxcols * sizeof(wchar_t *));
>  				lens = xrealloc(lens, maxcols * sizeof(ssize_t));
>  				/* zero fill only new memory */
> -				memset(lens + ((maxcols - DEFCOLS) * sizeof(ssize_t)), 0,
> -				       DEFCOLS * sizeof(int));
> +				memset(lens + (maxcols - DEFCOLS), 0,
> +				       DEFCOLS * sizeof(*lens));

 Ah, this is my bug... (in the original code was cast to char *).

 Applied, thanks.

    Karel

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2011-11-16 22:54 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-16 19:10 [PATCH] column: avoid memory overrun and/or use of uninitialized buffer Jim Meyering
2011-11-16 22:54 ` Karel Zak

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).