aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2008-10-13 21:39:12 +0000
committerDaniel Stenberg <daniel@haxx.se>2008-10-13 21:39:12 +0000
commit6c2167b65fbbc315e57210c8bb982710fb9ddcf2 (patch)
treedb00bb57e9f06502e98bc55cf5a84bca981213c7
parent18be9882f7ed8eaac5052e096c3868906385c1f6 (diff)
Prevent an off-by-one in a allocated buffer in glob_match_url() - detected by
coverity.com
-rw-r--r--src/urlglob.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/urlglob.c b/src/urlglob.c
index 711a7e9f5..b133fb0e8 100644
--- a/src/urlglob.c
+++ b/src/urlglob.c
@@ -496,7 +496,8 @@ char *glob_match_url(char *filename, URLGlob *glob)
* be longer than the URL we use. We allocate a good start size, then
* we need to realloc in case of need.
*/
- allocsize=strlen(filename);
+ allocsize=strlen(filename)+1; /* make it at least one byte to store the
+ trailing zero */
target = malloc(allocsize);
if(NULL == target)
return NULL; /* major failure */
@@ -548,7 +549,9 @@ char *glob_match_url(char *filename, URLGlob *glob)
}
if(appendlen + stringlen >= allocsize) {
char *newstr;
- allocsize = (appendlen + stringlen)*2;
+ /* we append a single byte to allow for the trailing byte to be appended
+ at the end of this function outside the while() loop */
+ allocsize = (appendlen + stringlen)*2 + 1;
newstr=realloc(target, allocsize);
if(NULL ==newstr) {
free(target);