From patchwork Tue Dec 13 22:51:13 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [02/12] mount: avoid two-byte heap write overrun Date: Tue, 13 Dec 2011 12:51:13 -0000 From: Chuck Lever X-Patchwork-Id: 131202 Message-Id: <20111213225113.15402.70544.stgit@degas.1015granger.net> To: fedfs-utils-devel@oss.oracle.com From: Jim Meyering * src/mount/main.c (try_mount): Correct off-by-two under-allocation. Rather than allocating space for strlen(S)+1, it allocates space for strlen(S+1), which is shorter by two. Spotted by coverity. Introduced by commit bfe6aa7f: "mount.fedfs: Overhaul mount.fedfs CLI," (April 1, 2011). Signed-off-by: Jim Meyering --- src/mount/main.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/mount/main.c b/src/mount/main.c index f76f355..b49d152 100644 --- a/src/mount/main.c +++ b/src/mount/main.c @@ -384,7 +384,7 @@ try_mount(const char *source, const char *target, const char *text_options) } else { char *tmp; - tmp = malloc(strlen(remaining + 1)); + tmp = malloc(strlen(remaining) + 1); if (tmp == NULL) { fprintf(stderr, _("%s: No memory\n"), progname); remaining = NULL;