public
/
ack.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
5fea247
)
Fix buffer overrun; str_ptyp data blocks are raw byte arrays and not strings,
author
David Given
<dg@cowlark.com>
Mon, 30 Jan 2017 18:37:22 +0000
(18:37 +0000)
committer
David Given
<dg@cowlark.com>
Mon, 30 Jan 2017 18:37:22 +0000
(18:37 +0000)
so strdup() isn't safe on them. See #50.
mach/proto/mcg/parse_em.c
patch
|
blob
|
history
diff --git
a/mach/proto/mcg/parse_em.c
b/mach/proto/mcg/parse_em.c
index
d4bdeed
..
441b14e
100644
(file)
--- a/
mach/proto/mcg/parse_em.c
+++ b/
mach/proto/mcg/parse_em.c
@@
-237,8
+237,12
@@
static void parse_pseu(void)
}
case str_ptyp:
- data_block((const uint8_t*) strdup(em.em_string), em.em_size, ro);
+ {
+ uint8_t* copy = malloc(em.em_size);
+ memcpy(copy, em.em_string, em.em_size);
+ data_block(copy, em.em_size, ro);
break;
+ }
case cst_ptyp:
data_int(em.em_cst, EM_wordsize, ro);