From: David Given <dg@cowlark.com>
Date: Mon, 30 Jan 2017 18:37:22 +0000 (+0000)
Subject: Fix buffer overrun; str_ptyp data blocks are raw byte arrays and not strings,
X-Git-Url: https://git.ndcode.org/public/gitweb.cgi?a=commitdiff_plain;h=faba61ab9b5d3b34d16b14a56bad28e7521cbd18;p=ack.git

Fix buffer overrun; str_ptyp data blocks are raw byte arrays and not strings,
so strdup() isn't safe on them. See #50.
---

diff --git a/mach/proto/mcg/parse_em.c b/mach/proto/mcg/parse_em.c
index d4bdeeda6..441b14e8b 100644
--- a/mach/proto/mcg/parse_em.c
+++ b/mach/proto/mcg/parse_em.c
@@ -237,8 +237,12 @@ static void parse_pseu(void)
                 }
 
 				case str_ptyp:
-                    data_block((const uint8_t*) strdup(em.em_string), em.em_size, ro);
+                {
+                    uint8_t* copy = malloc(em.em_size);
+                    memcpy(copy, em.em_string, em.em_size);
+                    data_block(copy, em.em_size, ro);
 					break;
+                }
 
                 case cst_ptyp:
                     data_int(em.em_cst, EM_wordsize, ro);