[evolution-patches] eds buffer overflow
- From: Not Zed <notzed ximian com>
- To: evolution-patches lists ximian com
- Subject: [evolution-patches] eds buffer overflow
- Date: Mon, 02 Aug 2004 15:29:25 +0800
it could write beyond the end of the allocation before allocating more.
Index: calendar/libical/ChangeLog
===================================================================
RCS file: /cvs/gnome/libical/ChangeLog,v
retrieving revision 1.163
diff -u -3 -r1.163 ChangeLog
--- calendar/libical/ChangeLog 13 May 2004 03:54:39 -0000 1.163
+++ calendar/libical/ChangeLog 2 Aug 2004 07:29:48 -0000
@@ -1,3 +1,8 @@
+2004-08-02 Not Zed <NotZed Ximian com>
+
+ * src/libicalvcal/vcc.y: re-alloc when we reach the buffer length,
+ not one past it. Fixes an ABW.
+
2004-05-13 Phil Goembel <phil-goembel wi rr com>
* src/libical/icalparser.c (icalparser_get_line): accept tab and
Index: calendar/libical/src/libicalvcal/vcc.y
===================================================================
RCS file: /cvs/gnome/libical/src/libicalvcal/vcc.y,v
retrieving revision 1.8
diff -u -3 -r1.8 vcc.y
--- calendar/libical/src/libicalvcal/vcc.y 12 Feb 2004 20:14:12 -0000 1.8
+++ calendar/libical/src/libicalvcal/vcc.y 2 Aug 2004 07:29:49 -0000
@@ -619,7 +619,7 @@
/* append up to zero termination */
if (c == 0) return;
lexBuf.strsLen++;
- if (lexBuf.strsLen > lexBuf.maxToken) {
+ if (lexBuf.strsLen >= lexBuf.maxToken) {
/* double the token string size */
lexBuf.maxToken <<= 1;
lexBuf.strs = (char*) realloc(lexBuf.strs,(size_t)lexBuf.maxToken);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]