[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-sourceinstall] patch for memory access in srcinst.c:_init_state
|
From: |
Brian Gough |
|
Subject: |
[bug-sourceinstall] patch for memory access in srcinst.c:_init_state |
|
Date: |
Fri, 08 Jan 2010 20:26:46 +0000 |
|
User-agent: |
Wanderlust/2.14.0 (Africa) Emacs/22.1 Mule/5.0 (SAKAKI) |
Hello. I noticed a memory error in _init_state(), where h is obtained
from getenv() and on exit there is an attempt to free it. The patch
below fixes it with a srcinst_strdup() to make a copy that can be
freed.
Also for safety it initializes the arrays with sizeof() since they are
actually of size "N+1" rather than N (although this does not seem to
matter in practice).
Index: srcinst.c
===================================================================
RCS file: /sources/sourceinstall/sourceinstall2/libsrcinst/srcinst.c,v
retrieving revision 1.26
diff -u -r1.26 srcinst.c
--- srcinst.c 7 Dec 2009 00:42:01 -0000 1.26
+++ srcinst.c 8 Jan 2010 20:17:51 -0000
@@ -430,12 +434,12 @@
{
char buffer[SRCINST_BUFSIZE];
char *h;
- memset(_srcinst_state.files, 0, sizeof(char *) * SRCINST_FILE_N);
- memset(_srcinst_state.dirs, 0, sizeof(char *) * SRCINST_DIR_N);
+ memset(_srcinst_state.files, 0, sizeof(_srcinst_state.files));
+ memset(_srcinst_state.dirs, 0, sizeof(_srcinst_state.dirs));
if ((h = getenv("SOURCEINSTALLDIR")) && *h) {
/* use SOURCEINSTALLDIR env variable */
- _srcinst_state.dirs[SRCINST_DIR_CFG] = h;
+ _srcinst_state.dirs[SRCINST_DIR_CFG] = srcinst_strdup(h);
} else if ((h = getenv("HOME")) && *h) {
/* use HOME env variable, append .sourceinstall */
- [bug-sourceinstall] patch for memory access in srcinst.c:_init_state,
Brian Gough <=