[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-tar] [Fwd: Bug#377557: tar: bufferover flow in tests/genfile.c]
|
From: |
Sergey Poznyakoff |
|
Subject: |
Re: [Bug-tar] [Fwd: Bug#377557: tar: bufferover flow in tests/genfile.c] |
|
Date: |
Mon, 31 Jul 2006 18:38:59 +0300 |
> Starting from exec_argv+2, you only have exec_argc-2
> pointers free left. The first 2 elements aren't touched.
No, this is wrong, there are exec_argc-1 pointer left (incuding the
terminating NULL pointer). The bug is in the reallocation, and the
proper fix is:
- exec_argv = xrealloc (exec_argv, exec_argc * sizeof (*exec_argv));
+ exec_argv = xrealloc (exec_argv, (exec_argc+1) * sizeof (*exec_argv));
Regards,
Sergey