Re: [Bug-ed] GNU Ed heap overflow

bug-ed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-ed] GNU Ed heap overflow

From:	Antonio Diaz Diaz
Subject:	Re: [Bug-ed] GNU Ed heap overflow
Date:	Tue, 01 Jul 2008 19:42:37 +0200
User-agent:	Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7.11) Gecko/20050905

Thank you for this bug report.

Please, test the included patch.

Regards,
Antonio.


--- signal.c~   2008-04-30 21:11:34.000000000 +0200
+++ signal.c    2008-07-01 19:19:43.000000000 +0200
@@ -200,15 +200,16 @@
   }


-/* return copy of escaped string of at most length PATH_MAX */
+/* return unescaped copy of escaped string */
 const char *strip_escapes( const char *s )
   {
   static char *file = 0;
   static int filesz = 0;
+  const int len = strlen( s );

   int i = 0;

- if( !resize_buffer( (void *)&file, &filesz, path_max( 0 ) + 1 ) )return 0;

+  if( !resize_buffer( (void *)&file, &filesz, len + 1 ) ) return 0;
   /* assert: no trailing escape */
   while( ( file[i++] = ( (*s == '\\' ) ? *++s : *s ) ) )
     s++;

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Bug-ed] GNU Ed heap overflow, Antonio Diaz Diaz <=

Next by Date: [Bug-ed] Version 1.0-rc1 of GNU ed released
Next by thread: [Bug-ed] Version 1.0-rc1 of GNU ed released
Index(es):
- Date
- Thread