|
| From: | Claudio Fontana |
| Subject: | Re: [bug-sourceinstall] patch for memory access in srcinst.c:_init_state |
| Date: | Fri, 08 Jan 2010 22:19:42 +0100 |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0 |
On 01/08/10 21:26, Brian Gough wrote:
Hello. I noticed a memory error in _init_state(), where h is obtained
Maybe _init_pathnames?
from getenv() and on exit there is an attempt to free it. The patch below fixes it with a srcinst_strdup() to make a copy that can be freed.
Yup. I've broken it with my last change. Will apply that part.
Also for safety it initializes the arrays with sizeof() since they are actually of size "N+1" rather than N (although this does not seem to matter in practice).
Actually, I have no idea why I made the arrays [N + 1] instead of [N] in the first place. For clarity it is probably better to change the arrays to be [N] like they should be. It changes nothing in practice since the loops always cycle using "for (i = 0; i < N; i++)"
Index: srcinst.c
===================================================================
RCS file: /sources/sourceinstall/sourceinstall2/libsrcinst/srcinst.c,v
retrieving revision 1.26
diff -u -r1.26 srcinst.c
--- srcinst.c 7 Dec 2009 00:42:01 -0000 1.26
+++ srcinst.c 8 Jan 2010 20:17:51 -0000
@@ -430,12 +434,12 @@
{
char buffer[SRCINST_BUFSIZE];
char *h;
- memset(_srcinst_state.files, 0, sizeof(char *) * SRCINST_FILE_N);
- memset(_srcinst_state.dirs, 0, sizeof(char *) * SRCINST_DIR_N);
+ memset(_srcinst_state.files, 0, sizeof(_srcinst_state.files));
+ memset(_srcinst_state.dirs, 0, sizeof(_srcinst_state.dirs));
if ((h = getenv("SOURCEINSTALLDIR"))&& *h) {
/* use SOURCEINSTALLDIR env variable */
- _srcinst_state.dirs[SRCINST_DIR_CFG] = h;
+ _srcinst_state.dirs[SRCINST_DIR_CFG] = srcinst_strdup(h);
} else if ((h = getenv("HOME"))&& *h) {
/* use HOME env variable, append .sourceinstall */
| [Prev in Thread] | Current Thread | [Next in Thread] |