chiark / gitweb /
Allow space for trailing NULL (closes: #897712)
authorMatthew Vernon <matthew@debian.org>
Sat, 12 May 2018 09:00:46 +0000 (10:00 +0100)
committerMatthew Vernon <matthew@debian.org>
Sat, 12 May 2018 09:00:46 +0000 (10:00 +0100)
cfname was previously STRSZ long, but the strncat use on l661 could
write up to STRSZ bytes to it, which would mean that the trailing NULL
would then overflow the array. Fix this by allocating STRSZ+1 bytes to
cfname.

tsl.c

diff --git a/tsl.c b/tsl.c
index f6d90b2..d5946a2 100644 (file)
--- a/tsl.c
+++ b/tsl.c
@@ -595,7 +595,7 @@ void tsl_init(char *dfname,char *path, const int memlimit)
     Univ_Int *up;
     int tablesize;
 #define STRSZ 255
-    char cfname[STRSZ];
+    char cfname[STRSZ+1]; /*allow space for trailing NULL*/
 
     if (memlimit > 0)
        tsl_maxbuffusage = memlimit<<10;        /* times 1024 */