From df2fa7c5a5726b4e0a50e0eff209a3518ab19603 Mon Sep 17 00:00:00 2001 From: Boris Kolpackov Date: Fri, 16 Jul 2010 13:01:15 +0000 Subject: Fix buffer overrun in concat(). --- ChangeLog | 4 ++++ misc.c | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/ChangeLog b/ChangeLog index 12ef1c4..a4d0600 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2010-07-16 Boris Kolpackov + + * misc.c (concat): Fix buffer overrun. + 2010-07-12 Paul Smith Update copyrights to add 2010. diff --git a/misc.c b/misc.c index f4806ac..39c2835 100644 --- a/misc.c +++ b/misc.c @@ -202,6 +202,14 @@ concat (num, va_alist) VA_END (args); + /* Get some more memory if we don't have enough space for the + terminating '\0'. */ + if (ri == rlen) + { + rlen = (rlen ? rlen : 60) * 2; + result = xrealloc (result, rlen); + } + result[ri] = '\0'; return result; -- cgit v1.2.3