bug-tar
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-tar] [Fwd: Bug#377557: tar: bufferover flow in tests/genfile.c]


From: Sergey Poznyakoff
Subject: Re: [Bug-tar] [Fwd: Bug#377557: tar: bufferover flow in tests/genfile.c]
Date: Mon, 31 Jul 2006 18:38:59 +0300

> Starting from exec_argv+2, you only have exec_argc-2
> pointers free left.  The first 2 elements aren't touched.

No, this is wrong, there are exec_argc-1 pointer left (incuding the
terminating NULL pointer). The bug is in the reallocation, and the
proper fix is:

-  exec_argv = xrealloc (exec_argv, exec_argc * sizeof (*exec_argv));
+  exec_argv = xrealloc (exec_argv, (exec_argc+1) * sizeof (*exec_argv));

Regards,
Sergey





reply via email to

[Prev in Thread] Current Thread [Next in Thread]