From faba61ab9b5d3b34d16b14a56bad28e7521cbd18 Mon Sep 17 00:00:00 2001
From: David Given <dg@cowlark.com>
Date: Mon, 30 Jan 2017 18:37:22 +0000
Subject: [PATCH] Fix buffer overrun; str_ptyp data blocks are raw byte arrays
 and not strings, so strdup() isn't safe on them. See #50.

---
 mach/proto/mcg/parse_em.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mach/proto/mcg/parse_em.c b/mach/proto/mcg/parse_em.c
index d4bdeeda6..441b14e8b 100644
--- a/mach/proto/mcg/parse_em.c
+++ b/mach/proto/mcg/parse_em.c
@@ -237,8 +237,12 @@ static void parse_pseu(void)
                 }
 
 				case str_ptyp:
-                    data_block((const uint8_t*) strdup(em.em_string), em.em_size, ro);
+                {
+                    uint8_t* copy = malloc(em.em_size);
+                    memcpy(copy, em.em_string, em.em_size);
+                    data_block(copy, em.em_size, ro);
 					break;
+                }
 
                 case cst_ptyp:
                     data_int(em.em_cst, EM_wordsize, ro);
-- 
2.34.1