diff options
author | Mike Frysinger <vapier@gentoo.org> | 2011-11-06 00:46:57 -0400 |
---|---|---|
committer | Christoph Hellwig <hch@lst.de> | 2011-11-10 10:55:32 +0000 |
commit | 0c7ce1cee4520eff8f27f5371089fa5102097ad1 (patch) | |
tree | ebe2a30a912f650161e5d48da9a1b85c78e5f66c | |
parent | 710c8e7e667ad9edad98272963e05fd9f7edf5f9 (diff) | |
download | xfsdump-dev-0c7ce1cee4520eff8f27f5371089fa5102097ad1.tar.gz |
path: fix 1 byte overflow with empty lists
If pap->pa_cnt is 0, then the local buffer is allocated as 1 byte,
but the code then writes two bytes to it '/' and '\0'.
Reviewed-by: Bill Kendall <wkendall@sgi.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
-rw-r--r-- | common/path.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/common/path.c b/common/path.c index 66320dee..ca24f6ad 100644 --- a/common/path.c +++ b/common/path.c @@ -285,6 +285,8 @@ pa_gen( pa_t *pap ) for ( i = 0 ; i < pap->pa_cnt ; i++ ) { sz += strlen( pap->pa_array[ i ] ) + 1; } + if ( i == 0 ) + sz++; sz++; retp = ( char * )malloc( sz ); |