Patchwork [3/9] mount: avoid two-byte heap write overrun

login
register
mail settings
Submitter Chuck Lever
Date Dec. 5, 2011, 5:23 p.m.
Message ID <20111205172328.7753.34744.stgit@degas.1015granger.net>
Download mbox | patch
Permalink /patch/129376/
State Accepted
Headers show

Comments

Chuck Lever - Dec. 5, 2011, 5:23 p.m.
From: Jim Meyering <meyering@redhat.com>

* src/mount/main.c (try_mount): Correct off-by-two under-allocation.
Rather than allocating space for strlen(S)+1, it allocates space
for strlen(S+1), which is shorter by two.  Spotted by coverity.

Introduced by commit bfe6aa7f: "mount.fedfs: Overhaul mount.fedfs
CLI," (April 1, 2011).

Signed-off-by: Jim Meyering <meyering@redhat.com>
---

 src/mount/main.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Patch

diff --git a/src/mount/main.c b/src/mount/main.c
index f76f355..b49d152 100644
--- a/src/mount/main.c
+++ b/src/mount/main.c
@@ -384,7 +384,7 @@  try_mount(const char *source, const char *target, const char *text_options)
 	} else {
 		char *tmp;
 
-		tmp = malloc(strlen(remaining + 1));
+		tmp = malloc(strlen(remaining) + 1);
 		if (tmp == NULL) {
 			fprintf(stderr, _("%s: No memory\n"), progname);
 			remaining = NULL;