sys-fs/xfsdump/files/xfsdump-3.0.6-path-overflow.patch - platform/external/gentoo/overlays/gentoo - Git at Google

 https://bugs.gentoo.org/370949

 From 435bad87388821684bb3cd2a33c42787cf970017 Mon Sep 17 00:00:00 2001
 From: Mike Frysinger <vapier@gentoo.org>
 Date: Sun, 6 Nov 2011 00:44:57 -0400
 Subject: [PATCH] path: fix 1 byte overflow with empty lists

 If pap->pa_cnt is 0, then the local buffer is allocated as 1 byte,
 but the code then writes two bytes to it '/' and '\0'.

 Signed-off-by: Mike Frysinger <vapier@gentoo.org>
 ---
  common/path.c |    2 ++
  1 files changed, 2 insertions(+), 0 deletions(-)

 diff --git a/common/path.c b/common/path.c
 index 66320de..ca24f6a 100644
 --- a/common/path.c
 +++ b/common/path.c
 @@ -285,6 +285,8 @@ pa_gen( pa_t *pap )
  	for ( i = 0 ; i < pap->pa_cnt ; i++ ) {
  		sz += strlen( pap->pa_array[ i ] ) + 1;
  	}
 +	if ( i == 0 )
 +		sz++;
  	sz++;

  	retp = ( char * )malloc( sz );
 --
 1.7.6.1
	https://bugs.gentoo.org/370949

	From 435bad87388821684bb3cd2a33c42787cf970017 Mon Sep 17 00:00:00 2001
	From: Mike Frysinger <vapier@gentoo.org>
	Date: Sun, 6 Nov 2011 00:44:57 -0400
	Subject: [PATCH] path: fix 1 byte overflow with empty lists

	If pap->pa_cnt is 0, then the local buffer is allocated as 1 byte,
	but the code then writes two bytes to it '/' and '\0'.

	Signed-off-by: Mike Frysinger <vapier@gentoo.org>
	---
	common/path.c \| 2 ++
	1 files changed, 2 insertions(+), 0 deletions(-)

	diff --git a/common/path.c b/common/path.c
	index 66320de..ca24f6a 100644
	--- a/common/path.c
	+++ b/common/path.c
	@@ -285,6 +285,8 @@ pa_gen( pa_t *pap )
	for ( i = 0 ; i < pap->pa_cnt ; i++ ) {
	sz += strlen( pap->pa_array[ i ] ) + 1;
	}
	+ if ( i == 0 )
	+ sz++;
	sz++;

	retp = ( char * )malloc( sz );
	--
	1.7.6.1