From patchwork Thu Dec  1 15:58:18 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [1/9] mount: avoid two-byte heap write overrun
Date: Thu, 01 Dec 2011 05:58:18 -0000
From: Jim Meyering <jim@meyering.net>
X-Patchwork-Id: 128713
Message-Id: <1322755106-8171-2-git-send-email-jim@meyering.net>
To: fedfs-utils-devel@oss.oracle.com

From: Jim Meyering <meyering@redhat.com>

* src/mount/main.c (try_mount): Correct off-by-two under-allocation.
Rather than allocating space for strlen(S)+1, it allocates space
for strlen(S+1), which is shorter by two.  Spotted by coverity.

Signed-off-by: Jim Meyering <meyering@redhat.com>

---
src/mount/main.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/mount/main.c b/src/mount/main.c
index f76f355..b49d152 100644
--- a/src/mount/main.c
+++ b/src/mount/main.c
@@ -384,7 +384,7 @@ try_mount(const char *source, const char *target, const char *text_options)
 	} else {
 		char *tmp;

-		tmp = malloc(strlen(remaining + 1));
+		tmp = malloc(strlen(remaining) + 1);
 		if (tmp == NULL) {
 			fprintf(stderr, _("%s: No memory\n"), progname);
 			remaining = NULL;