| Message ID | 1322686298-14634-2-git-send-email-jim@meyering.net |
|---|---|
| State | Superseded |
| Headers | show |
> * src/mount/main.c (try_mount): Correct off-by-two under-allocation. > Rather than allocating space for strlen(S)+1, it allocates space > for strlen(S+1), which is shorter by two. Spotted by coverity. The one-line summary (Subject:) is inaccurate, as you can see in the log message. Here's a better one: mount: avoid two-byte overrun
diff --git a/src/mount/main.c b/src/mount/main.c index f76f355..b49d152 100644 --- a/src/mount/main.c +++ b/src/mount/main.c @@ -384,7 +384,7 @@ try_mount(const char *source, const char *target, const char *text_options) } else { char *tmp; - tmp = malloc(strlen(remaining + 1)); + tmp = malloc(strlen(remaining) + 1); if (tmp == NULL) { fprintf(stderr, _("%s: No memory\n"), progname); remaining = NULL;
From: Jim Meyering <meyering@redhat.com> * src/mount/main.c (try_mount): Correct off-by-two under-allocation. Rather than allocating space for strlen(S)+1, it allocates space for strlen(S+1), which is shorter by two. Spotted by coverity. --- src/mount/main.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)