| commit | 3950662e2d9088e7210ae3f6e4d6885f43394680 | |
| author | Thomas Adam <thomas@xteddy.org> | |
| Mon, 31 Jan 2011 10:18:48 +0000 (31 10:18 +0000) | ||
| committer | Hannes Schueller <hannes@yllr.net> | |
| Sun, 27 Feb 2011 19:49:34 +0000 (27 20:49 +0100) | ||
| tree | 85281be87f664513a808cdee6f61b6354ba953b1 | treesnapshot (tar.gz zip) |
| parent | 0c40d0772b7ccb4faefe0472837610aefaabbb00 | commitdiff |
Don't segfault overflowing MAX_LIST_SIZE in complete()
When completing the command list, at the command prompt, ensure we malloc
and then realloc by not assuming this list is initially the length of
MAX_LIST_SIZE.
Instead, calculate the size of the command list at runtime, and use that
value to malloc correctly. This doesn't then attempt to overwrite any
memory when realloc()ing.
In complete() when trying to realloc() the code path means that we might
reach that point before having had that memory used -- so only print the
warning realloc() failed if both the original pointer and the new one are
both NULL.
But we explicitly assign the newly realloc()d pointer to temporary pointers
so that we don't clobber the original pointer. In the case originally of
overflowing MAX_LIST_SIZE, trying to realloc() beyond that, still using the
original pointer, meant that we lost all of the data. That's bad.
This does need a bit of a rethink in the future to get rid of the static
state of some of the function variables, but this patch doesn't need to
address that.
When completing the command list, at the command prompt, ensure we malloc
and then realloc by not assuming this list is initially the length of
MAX_LIST_SIZE.
Instead, calculate the size of the command list at runtime, and use that
value to malloc correctly. This doesn't then attempt to overwrite any
memory when realloc()ing.
In complete() when trying to realloc() the code path means that we might
reach that point before having had that memory used -- so only print the
warning realloc() failed if both the original pointer and the new one are
both NULL.
But we explicitly assign the newly realloc()d pointer to temporary pointers
so that we don't clobber the original pointer. In the case originally of
overflowing MAX_LIST_SIZE, trying to realloc() beyond that, still using the
original pointer, meant that we lost all of the data. That's bad.
This does need a bit of a rethink in the future to get rid of the static
state of some of the function variables, but this patch doesn't need to
address that.
| main.c | diffblobblamehistory |